[Note that I am speaking for myself and not for the (ISC)2 Board of Directors or (ISC)2 as an organization. I believe that 3 years after being elected, it is my responsibility to tell you what we have done and what we have achieved. Feel free to ask questions in the comments or on twitter (@wimremes). While I am restricted in what I can say, I will definitely try to answer as many questions as possible. Again, this is my personal perception and opinion.]
It's a bit more than 3 years ago that I decided to run a petition to be added to the (ISC)2 Board of Directors election slate. It's a bit more than 3 years ago that more than 500 members supported that petition and allowed me to be elected that same year. After effectively joining the board in January 2012, I went to work. After all, more than 500 members supported me on a platform of change and I was eager to follow through on that.
Today it is time to look back and see what we have done. I can't stress enough how important the "we" is in this endeavor. It isn't just me, it is me as part of a team of 13 board members. It is "we", as (ISC)2 is an organization with more than 100 employees across the globe. It is "we", as (ISC)2 has more than 100,000 members today. But it is me that made a commitment to you when I launched my petition. And it is me that owes you some feedback and reflection.
It was no secret that I joined the (ISC)2 board on a platform of change. All joking aside, it isn't easy to walk into a boardroom with a "here I am, let's change things!" attitude. I didn't do that. My first task was to understand what the board did, what the organization did and how I could help to make that better, taking into account that platform and the continuous feedback from (ISC)2 members around the globe. Today I look back and I see that I moved from being that "rogue element" to getting elected as Chairperson of the board earlier this year. This, to me, confirms that I've managed to build the bridge between the opposing voices (including my own) that supported my petition and all other walks of life and opinions within the organization and the membership. It's an incredible honor to me to lead the board and I can't be more proud of the team we are currently working with.
Since I joined the board, we truly have come a long way. We have built on what was already in the works and worked diligently to do even more. To me it started with ratifying our new member-focused strategy in April 2012. Since then, (ISC)2 has further engaged with it's membership and the security community.
A first example is found in the (ISC)2 chapters. Varying in size between more than 4000 members (South Korea) and less than 15 members (Ethiopia) they have become a platform where members (and non-members) can exchange experience and knowledge. Maybe more importantly, they have become an important source of feedback for the organization and the board. They allow us to better understand the needs of our membership and their regional intricacies. Empowering our regional offices in The UK, Hong Kong and China has, in my opinion, resulted in a better regional integration and an ability to adapt to the needs and differences.
A second example is found in the CPE opportunities. (ISC)2 has worked with several non-profit events and conferences to enable them to submit CPEs for attending members. Where it was mostly up to the member to submit CPEs manually and only large and commercial events would auto-submit, there are now Security B-Sides events that auto-submit CPEs. I believe this brings more diversity into the CPE opportunities. Additionally, we have worked with different organizations to offer even more CPE opportunities to our members. One such example, which is near and dear to my heart, is BugCrowd. If an (ISC)2 member becomes a member of BugCrowd, they will get CPEs for every bug they submit through the BugCrowd Bug Bounties. While still in an early stage, I think this is a prime example of where we are going with CPE opportunities.
A third example comes in the form of community outreach. I fondly remember taking part of the (ISC)2 team to their first 44Cafe (hat tip to Steve Lord and his amazing crew) and DC4420 (DEFCON London chapter) meeting in April 2012. Since then the organization has supported B-Sides events and other community efforts around the globe. Being there and keeping a finger on the pulse of the community once again is an incredibly valuable source of information for the organization and for the board. This too allowed us to better understand the membership and the community.
Then come our credentials. (ISC)2 has diligently worked to review and keep their credentials up to date. This will be very clear in 2015 when the reviewed versions of the CISSP and SCCP are launched. At the same time, we have launched the HCISPP (healthcare) credential and the CCFP (Forensics). The latter being the first credential that is rolled out regionally as local laws are elementary to the practice. Are we done yet? No! Are we on the right track? I certainly believe so.
Lastly I must talk about the (ISC)2 Foundation, which is effectively a seperate 501c3 organization. The Foundation grants scholarships globally to students who are focusing on information security. With the scholarships alone, we have allowed people who would otherwise not be able to fund it themselves, pursue their dream and join the information security workforce. On the same token, The Foundation allows our members to give back to their communities and society through the Safe and Secure Online (SSO) program. This program provides learning materials to teach children, teachers and parents about online security and safe use of social networks. This is possible through the donations and effort of individuals and the support of bigger organizations. You can find out more about the Foundation here : https://www.isc2cares.org/Default.aspx.
Now obviously I will be up for re-election come December. I wouldn't be more grateful if I'm allowed to continue the work we have done in the past 3 years and I'd welcome your support to make that happen. I truly believe that (ISC)2 is well-positioned to keep going on its current momentum. While the subtle tweaks on the underlying machinery are difficult to quantify and their effect only visible further down the path, I am convinced that this organization is going nowhere but up.
I come to realize that I could easily write a book about the past 3 years of being involved with this organization. I can only hope it would be the first chapter of an even longer book.