Forwarded from: Wim Remes <wim (at) remes-it.be> ===== Change is hard work -- My bid for the (ISC)2 Board of Directors ballot ===== (ISC)2, the institution best-known through the CISSP certification, has been the subject of a lot of discussions in the past years. Here on Infosec Island, via twitter or on personal blogs, (ISC)2 certifcation holders and the uncertified have written about the value of the certification, the process of obtaining it, (ISC)2's code of ethics and how the tech industry views the certification. While some opinions are clearly biased, I don't necessarily disagree with them. I've always wondered how I, as a member of (ISC)2, can make the CISSP process better. How can I bring back the true value of the certification, proving that the holder grasps the knowledge required to be called a security professional? How I can I influence the organization to develop a contemporary view of the information security community and the information security industry? How can I make the organization efficiently engage with that community? I can't, unless I join them in a more effective capacity than a simple cert holder. Not by paying my Annual Maintenance Fees or gathering enough Education (CPE) points. Not by standing on my soapbox and calling them out on every move they make. Not by throwing my certification in the trashbin. Last year I entertained the thought of running for the ballot but I was too late to actually do it. This year I'm even more motivated and ready to make the ballot. Based on feedback from the information security community, I believe it's time to be the change I envisioned. I truly believe this is the way forward. The process is lengthy and cumbersome. I need to convince 500 (ISC)2 certification holders that I'm not running a major social engineering effort for my next Blackhat talk and have them send me their name, email address and certification number. If I have 500 people backing me, I will make it on the ballot and cert holders will be able to vote for me starting November 16th. If all that works out, I will be able to join the board and make a difference. The question you should ask me and *any* prospective board member is; "If you are elected to the board, what do you want to accomplish?" ... Here is my personal response to that : * From within the organization I want to make (ISC)2 step up their game and reach out to the information security community to actually collaborate with it instead of alienating it. For me personally, this community is a large part of what energizes me to keep doing what I love most. I think we need to leverage that energy to work on the problems that we are all facing. Together, whether or not we hold an (ISC)2 cert or not. * I want to work with (ISC)2, it's leadership and it's membership to review the current status of the CISSP certification, how it is perceived by different audiences (the holders, HR people and those opting not to become certified) and improve the exams, the exam process and the long-term value of it. With more than 79,000 certification holders out there, it could be concluded that the certification is doing well. However, if we don't focus solely on the numbers and look at the way the certification is perceived, the (ISC)2 needs serious improvement. By focusing on promoting the cert to businesses as a measuring stick for security professionals, I believe we have done a great disservice to our members. The certification should, in the first place, have value for the holder. I want to focus on delivering that value. * I want the ISC2 to drastically improve it's vision of international adoption. We need to step away from a US-focus and engage communities across continents. The challenges we face are the same. Currently, (ISC)2 is looking at continents as markets, which in a strict business context makes sense, but the organization remains a not-for-profit organization. I believe that we need to leverage the knowledge from our membership to help solve some of the critical security challenges we are facing on a global scale. (ISC)2 is perfectly positioned to play that role and I'm convinced we can do this. I can envision the organization playing a ground-breaking role in resolving the problems posed by international cybercrime. With our international membership, we can help breaking down barriers, remove red tape and work on jurisdiction issues when tracking hackers. Based on my research, I think it's very important to bring clarity to the members about what the organization does, beyond offering 4 certifications (+3 concentrations for the CISSP). What happens to the income the ISC2 receives? How is it used to share information with its members? How are the funds used to contribute back to the community, particularlly on a global scale? The board meeting archives of the past few years don't reveal a lot of details about this. I think, as a professional organization, certifying ethical and honest professionals, we are obliged to transparency and clarity on this subject as well. As the title mentions, this is going to be hard work and I'm ready to help. If you are a CISSP (or (ISC)2 certificate holder) in good standing, please visit http://blog.remes-it.be/petition.html and if you agree with my platform take the time to send me your name, email address and certificate number. With just 500 signatures, my name will be added to the ballot for the next Board of Directors vote. This will help me get into a position to help improve the organization. I believe it is needs to be done, I believe it can be done and I believe it can be done now, with your support! -- Wim Remes Security Afficionado _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Tue Aug 30 2011 - 00:23:52 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 00:21:10 PDT