Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Nov 9, 2007

Attention fellow CISSPs, SSCPs and CAPs - a call to action

Voting for the ISC2 Board elections will start in just a few days (Nov 16th). If you have the slightest interest in ISC2, your qualifications and your future career in information security, this is important.

The ISC2 bylaws allow the sitting Board to nominate a bunch of candidates for the election without reference to the membership. Naturally, they tend to put themselves forward for re-election and/or propose their colleagues who, generally speaking, are similar to themselves in background and outlook. In practice, this means the Board is very conservative and favours the status quo. I personally have no issue with stability and continuity unless it prevents ISC2 from responding appropriately to changes in the environment. There comes a point when stability becomes inertia that stifles all innovation and creativity.

If you are entirely happy with the way ISC2 is run right now, if you feel you are getting the best possible value from your membership dollars, and if you see no need to change the way ISC2 is operated and managed, then go back to sleep: you need do nothing at all. Like a giant supertanker, ISC2 will continue indefinitely in the same direction without you doing anything.

However, if you want ISC2 to change for the better, then you have to do something about it, now.

In addition to the Board-nominated candidates, members can stand for election provided they gain sufficient support from the membership (meaning at least 1% must sign their petitions to stand). For obvious reasons, the sitting Board doesn't exactly go out of its way to help independent candidates contact the membership or canvass for the necessary level of support and votes. Electioneering is explicitly banned on CISSPforum, for example, and there have even been accusations of bias in the way candidate profiles/manifestos are presented on the ISC2 website. Nevertheless, a few valiant membership-supported candidates (precisely three out of the 12 on offer) have made it onto the slate and they need our votes to make a difference to ISC2.

Turnout for the ISC2 elections is traditionally extremely poor (though it's hard even to squeeze this little piece of information from ISC2 management). What this means is that your vote counts more than ever.

I'm not going to recommend any particular candidates at this point (maybe later!) but encourage you to do the following:

1. Sign-in to the ISC2 website. Please note: without informing the membership, ISC2 management has recently implemented some significant changes to the website including a new login process - you should be able to login with your original password but using "the primary email address on file with ISC2" instead of your member/certificate number. Several members have had difficulties with this process (e.g. forgetting which email address they originally nominated), requiring support calls to ISC2 that can take days or weeks to resolve. DO THIS NOW to avoid delays that might prevent you from voting when the poll opens.

2. Once logged-in, visit the page listing the 12 candidates and read their submissions. Think very carefully about what they are proposing to do for ISC2 and the certifications in the future. Look for clues as to whether they merely support the status quo (same old same old) or want to do something new and worthwhile for the members. If you agree with the general thrust of what they are proposing, make a note of the candidates' names.

3. If you are interested enough to want to discuss the elections, interact with the candidates and clarify what they really stand for, join the discussion at cissp elections, a mailing list established specifically for that purpose (simply email a polite request to cissp-elections-subscribe@yahoogroups.com). Perhaps you might like to explore issues such as:
- Why the current management recently changed the rules for CPEs, requiring a minimum number of CPEs in every year instead of during a 3 year period.
- Whether the candidates are happy with the way ISC2 communicates important changes (such as the above) with members, if not actually involving them in the decision-making process;
- Relaxing the tight control over CISSP training courses and coinfidentiality of the CBK, limiting the opportunities for other/non-ISC2 training providers and exams in other locations;
- How come volunteers for ISC2 duties such as exam proctoring, and the speakers' bureau, never seem to get anywhere?;
- Membership meetings - ways for CISSPs and others to meet face-to-face in Real Life;
- Other things that concern you about ISC2, the profession and your career.

ISC2 belongs to its members. Its future is in our hands. Don't let this chance to make things better just slip by without raising a finger.