Other Blogs
There are no items in this list.
Knowledge & Insights > ISACA Now > Categories
Training:  The Missing Ingredient for IT Success

Over the years, it has come to my attention that few industries innovate faster than IT. And while I am surrounded by many of these changes in my everyday life, I try not to underestimate the value of ongoing training and how it improves my skill set and could potentially open up new career opportunities.

Regular IT training is by far one of the single most valuable things I do on a regular basis.

Benefits of Ongoing Training
I will admit that I do not like the word “training.” It takes me back to being a student in a structured classroom setting. But training really is a positive thing. It is what gives us the knowledge and skills necessary to complete the tasks and objectives we face in our jobs.

With that being said, here are some of the biggest benefits that I have found in committing to ongoing training.

  • Less supervision. When you know what you are doing and have the knowledge to handle any issue, you no longer need someone looking over your shoulder. As a result, you will find that one of the direct benefits of training is less supervision.
  • Growth and salary opportunities. The more you train, the more skilled you will become. This ultimately will open up the door for new opportunities and career advancement. As a by-product, ongoing training can lead to higher salaries.
  • Increased satisfaction. If you are good at your job, you are more likely to enjoy it. This leads to more happiness and satisfaction in your daily job—benefits that cannot be purchased.

Invest in training and you are sure to reap positive and tangible rewards that will benefit your career for years to come.

How to Make Training a Habit
The occasional training session and brief seminar will not do you much good—at least it does not for me. In order for training to provide benefits, it needs to be a priority.

Here are some of the ways I have made training a consistent habit in my life:

  • Carve out consistent time. The most important thing is that you make time for training. “Pick a consistent time and set a reminder,” suggests CBT Nuggets, a leader in online IT training. “Maybe it’s right after breakfast, during lunch, or right when you get home from work. Whatever time will work best for you, be consistent and set a reminder. By using multiple cues (time and sound), you will increase the motivators that will move you to train.”
  • Involve others. It is much easier to make training a priority when you have others involved. While you do not necessarily need to do the training with other people, consider launching your individual training at the same time as a friend or coworker’s training. This provides some accountability and keeps you on track.
  • Choose something interesting. Learning is always much more fun when you are actually interested in the topic at hand. When choosing different ongoing training programs and curriculum, go with topics that you like—or topics that you want to know more about. I know I am much more likely to stay on track if the subject intrigues me and holds my interest.

Anyone can make training a habit. The key is to set up a foundation in which success is more likely than failure.

Keep Moving Forward
As motivated people often say, “If you aren’t moving forward, you’re going backwards.” In other words, because technology advances so quickly, sitting still is the equivalent of backtracking.

Well, the good news is that it does not take much time or effort to move forward in the IT world. You already have most of the knowledge you need! All that is necessary is ongoing training on a consistent basis. It has taken time and effort, but I have made it a part of my weekly schedule. I am confident that you can do the same!

Editor’s note:  ISACA offers numerous training and education opportunities. For more information click here and click here for CSX training information.

CSX Europe Illuminates Key Cyber Security Insights and Advancements

ISACA’s inaugural CSX Europe conference convened last week in London, and I had the privilege of serving as emcee. During a panel discussion on the second day of the conference, Mark Sayers of the UK’s Cabinet Office discussed the announcement that morning of the UK Government’s £1.9bn investment in a national cybersecurity strategy—a strategy that makes clear the UK’s preparedness for cyber attacks and will include a cyber security skills strategy. Sayers made it clear that organizations like ISACA are extremely important to further the initiative.

The cyber security event left a strong impression on attendees, including several critical takeaways:

  •  Collaboration is critical. Intel’s Raj Samani emphasized collaboration and communication to best contend with today’s threat landscape. Professionals on the more technical side need to be able to communicate with business decision-makers and other stakeholders to effectively solve problems. As speaker Aviram Zrahia notes, “one company’s detection become another’s protection.”
  •  Internet of Things devices pose new security challenges. Security professionals are capable of preventing attacks, but consumers need to understand that connected devices have security vulnerabilities. Justine Bone, director and CEO, MedSec, presented the findings of ISACA’s new firmware security report, highlighting how easy it is for security to be overlooked when creating IoT devices.
  •  New solutions are needed. In closing the conference, technology futurist Simon Moores observed that organisations will no longer be able to handle the scale of cyber threats alone. In many cases, automated, cloud-based solutions involving artificial intelligence (AI) will be part of the solution, though there is no substitute for developing a highly skilled workforce.

The conference also provided another valuable networking opportunity through ISACA’s Connecting Women Leaders in Technology program, which is helping to advance female leadership within the global technology workforce.

Editor’s note: Additional insights from global security experts will be on display at CSX 2016 Asia Pacific, set to make its debut 14-16 November in Singapore. Next year’s CSX Europe conference will take place in London on 30 October-1 November 2017.

A Nightmare on Big Data Street

Do you like scary movies? - Scream (1996)

Well I do. One of my favorite scary movies is “The Sixth Sense.” There is a famous scene in this movie, where a horrified child admits to his friend that he sees dead people. Do you recall it? While hiding half of his face under a blanket like a toddler, he whispers:  “I see dead people, all the time. They are everywhere.”

That scene reminds me of some of the executives and managers that I often cross paths with when I ask them about their data analytics practice. The look on their faces brings me right back to that movie scene, but instead they say:  “We see big data, all the time. It is everywhere.”

And then part of me wants to be sympathetic, hold their hands and say: “Yes, I know dear. Big data can be scary. Fear no more as I know some people that can help you. They have cool colored promotional paper saying so!” But then the auditor and data geek in me makes me quickly snap out of it and probe them:  “Are you sure what you see is actually big data?”

I call this “Big Spooky Data Syndrome.” See, if your data doesn’t make you feel like you are standing on slippery stones in a rushing torrent, trying to catch a fish bare-handed, with no idea whether there is fish in it at all; then, my friend you, most likely DO NOT have big data, at least not yet.

As in a torrent, volume (or size) is just a part of it. Let’s recap the definition of ‘torrent’:

Now let us adapt it to big data:  A strong and fast-moving stream of multi-structured data.

“You are going to need a bigger boat.” Jaws (1975)

Not sure yet? Muzamil Riffat touched on the topic in his article “Big Data – Not a Panacea” for the ISACA Journal by covering the characteristics of big data, which are also known as the “Vs” of big data:  volume, velocity and variety. Since then, IBM coined veracity as the fourth V, referring to the uncertainty of the data.

And to assist you even further, here are few questions to help you understand if your company has indeed big data based on these “Vs”:

☑ Is it too large for a MySQL database?
☑ Is your data a Frankenstein, spread over multiple files, servers and/or geographical locations?
☑ Does your data have a much longer and uncertain life span?
☑ Can you easily recover your data in the case of corruption without having to re-perform any transformation?
☑ Does it contain audio, videos or images?
☑ Does it require immediate response, like high-frequency trading (HFT)?
☑ Is it being generated in real-time, like social media platforms, IoT or other internal sensors?
☑ Do you need a transformation tool to make it identifiable and legible?
☑ Do you need a reduction tool to make it more manageable?
☑ Is the range of potential correlations and relationships between disparate data sources too great for any analyst to test all hypotheses?

Furthermore, since big data is noisy, highly interrelated and unreliable, machine learning techniques are most often applied instead of data mining techniques. And this is why data scientists are often required.

So if you don’t have big data, what do you have? Small data? Hold your horses, cowboy, the term small data is now being used to describe a new breed of data. As Deborah Estrin stated at TEDMED 2013, "Small data are derived from our individual digital traces. We generate these data because most of us mediate or at least accompany our lives with mobile technologies. As a result, we all leave a 'trail of breadcrumbs' behind us with our digital service providers, which together create our digital traces." In summary, big data is about machine and processes while small data is about people.

Therefore, shall we here agree in calling non-big/small data just organization data? Or enterprise data, if you will?

With all the buzz around big data, it is understandable that many still get confused about the term and conclude that:  (1) their data classifies as big data, and (2) that a high-science big data solution must be the only legitimate way to approach data analytics.

And since deploying big data analytics can be daunting and expensive, analysis-paralysis is often the outcome causing companies to completely overlook and under-leverage existent enterprise data with much easier to deploy analytics.

“You cannot run from this, it will follow you. It may lay dormant for years. Something may trigger it to become more active and it may over time reach out to communicate with you.” - Paranormal Activity (2007)

Enterprise data analytics can still deliver a lot of value, since the data already exists it is in good shape and well understood. I believe companies that first mature their current data strategy, governance and enterprise data analytics have greater chance in succeeding with big data analytics later on.

And even when companies do have big data, I personally believe that many are being bullied by the hype and vendors onto moving too quickly to adopt big data analytics. They show up at your door offering the dream to enable better decision making and competitive advantage. And like the Borgs in a good old Star Trek episode, they assimilate you because, without proper knowledge, resistance is indeed futile.

“The box…You opened it, we came.” Hellraiser (1987)

News flash:  Better and smarter business decisions aren’t guaranteed, no matter the size of your data. Having all the data and more of it doesn’t do much good if one isn’t asking the right business questions or simply doesn’t understand underlying assumptions–not all numbers are created equally; some are more reliable than others. But this is a subject to be explored in a separate future article.

A premature adoption of big data analytics can cause way more damage as it can introduce additional risks, such as privacy. Not all companies are equipped to make use of big data analytics. Some may be missing key skills in their existing personnel, or they may be missing critical portions of the technological ecosystem.

In summary, my point is that big data analytics might not be applicable to your organization, and if it is, don’t be bullied into adopting it right away as it isn’t mandatory. However, not doing any sort of data analytics in this data age would be the same as continuing to stock buggy whips once the car has been invented.

And If you need help starting it up, as I mentioned previously, I know some savvy people with cool colored promotional papers that can help you out.

“Whatever you do, don’t fall asleep”A Nightmare on Elm Street (1984)

References:
Davenport, Tom; “Big Data vs. Small Data Analytics,” MSI.org, 3 December 2012
Dell’Anno, Vince; “For Businesses, It’s Worth Jumping Into the Big Data Torrent,” Wired.com, 25 September 2014
IT Business Edge, “Five Ways to Know if Your Challenge Is Big Data or Lots of Data”
Pollock, Ryan; “Beyond Big Data vs. Small Data: how to get to Smart Data,” GroupSolver.com, 29 May 2015
Riffat, Muzamil; “Big Data—Not a Panacea,” ISACA Journal, Volume 3, 2014

Formation of ISACA Student Groups in Melbourne

The thought of starting an ISACA student group in Melbourne emerged when my son was at university. I felt he needed to interact at Melbourne Chapter events and learn beyond the classroom. I encouraged him to enroll as an ISACA student member to allow him to network, learn, attend chapter events and connect with a few professionals as mentors.

I then started networking with the academic community at various universities in Melbourne and was fortunate enough to set up 3 ISACA student chapters at the following Melbourne universities:

  1. Deakin University—Recognized in October 2013, this was the first student chapter in the Oceania region.
  2. Royal Melbourne Institute of Technology (RMIT) University—Recognized in October 2014, this was the second student chapter in the Oceania region.
  3. Swinburne University of Technology—Recognized in October 2015, this was the fourth student chapter in the Oceania region and the third student chapter in Melbourne.

The faculty members and students at all 3 universities were very supportive when I approached them about forming an ISACA student group. Currently, discussions are on with the other universities in Melbourne to set up local student chapters.

To establish the student groups and obtain official recognition from ISACA headquarters I took the following steps:

  1. An academic relations coordinator, the person responsible for academic relations, or volunteer(s) from the local chapter board should coordinate with the academic community and liaise with ISACA headquarters.
  2. Get in touch with university lecturers or faculty members to see if they are interested in becoming Advocate members of ISACA. Explain the benefits of membership, opportunities, etc.
  3. Encourage the faculty member to become a faculty advisor to support the student group. The Academic Advocate serves as the student group advisor. Once the Academic Advocate is identified, notify ISACA with an email to students@isaca.org.
  4. Work with faculty member/advisor and students in starting an ISACA student group. Conduct presentations at the university. Provide support to the academic community. Provide guest speakers on interesting topics based on recommendations provided by Academic Advocate.
  5. Ensure the student group aligns with university policy and is organized as an official activity within the university. The student group needs to follow all university regulations regarding appropriate conduct, harassment prevention, privacy, etc.
  6. Draft bylaws for the student group, ensuring they align with university policy. ISACA headquarters can provide a bylaws template. Once the bylaws are finalized, email a copy to students@isaca.org.
  7. Elect a student board, i.e., president, vice president, treasurer and secretary. The Academic Advocate serves as the student group advisor. There is no minimum number of students required to form a student group. To start with, ISACA just needs the name of the president. Other officers can be identified later. Email the name of the elected president to students@isaca.org.
  8. Set up a basic web site for the student group. This should be located in the student activities section of the university web site. This can start out as a shell with the intention to add content as the group gets up and running. The web site should be public so anyone is able to search it. Email the URL of the web page to students@isaca.org.

Once the above items are received and approved by ISACA, the student group will have official recognition, an official ISACA student group logo and logo use guidelines.

The group’s executive officers information needs to be maintained on the web site considering that students leave university after completion of their studies.

ISACA membership is not required for someone to participate or hold office in the student group. Participation is a great way to introduce part-time students to the association, even though they do not qualify for student membership.

ISACA has a designated area on the web site that lists the schools/universities that have been officially recognized by ISACA.

Editor’s note:  Anthony Rodrigues was recently given the Tony Hayes Award, named after ISACA’s first International President from the Oceania Region. The award presented by the region recognizes outstanding leadership and contribution. Rodrigues has been providing outstanding service to the Melbourne Chapter as a director for almost 10 years.

ISACA Program Connects Women Leaders in Tech

One look at the faces and names of industry speakers, writers and influencers shows a relative dearth of female contributors. The same can be seen throughout the global technology workforce. The reality of too few women entering technology fields and moving up the ladder to leadership positions is not a new one, but it is something that the ISACA Women’s Leadership Council is actively addressing through a new program called Connecting Women Leaders in Technology.

The empowerment of women within the global technology workforce is critical to advancing female leadership and sustaining the profession. Through this program ISACA will provide a robust platform to:

  • Attract more women into the technology professions
  • Provide support tools to advance and sustain a woman’s trajectory through her career lifecycle
  • Offer educational opportunities to develop skills and increase knowledge to further enhance women’s leadership within the global technology workforce

Anecdotally, we know the need is there. At the 2015 CSX North America Conference in Washington, DC, last October, we held the first Women in Cyber program and had an overwhelming response. To build on that program, ISACA’s Women’s Leadership Council—comprised of high-level female tech executives from around the world—has conducted education programs at ISACA conferences in 2016 and will continue to explore new opportunities that will support a comprehensive program over the long term. For example, we realize that there may be opportunities to align with other enterprises or organizations that are addressing the shortage of women in tech careers. We will pursue these opportunities and keep you updated throughout the year.

What is Causing the Decline of Women in Tech?
What is driving the decline in women entering tech-focused programs at university—and thus fewer graduating and starting tech careers? This is a complex question that likely has different answers, depending on the region and specific field. It is something we want to delve into and address. There are many women thriving in tech careers but we believe there should be more. That is where awareness, curating and sharing women in tech success stories, and education and cultural initiatives can make a real difference.

We do know that the issue of women in tech careers affects everyone, including men. Men can and should be some of our greatest champions and allies. I was reminded of this fact at a recent webinar I participated in on woman in tech climbing the corporate ladder. Though the webinar was aimed at young women, it was the participation and reaction of men that was most interesting. Most said they were not aware of the issues women in tech face, but they welcomed potential solutions, in part, because they have daughters, sisters and wives who likely face similar challenges. This helped us realize that the education and awareness efforts must include men as well as women.

Wherever the program leads, it is great to know that we have strong support from ISACA’s board of directors, who approved the Connecting Women Leaders in Technology program. ISACA’s board and its Women’s Leadership Council believe in the program’s ability to engage, empower and elevate women in technology.

Editor’s note:  ISACA Now is seeking women in tech guest bloggers to write on the subject of their choice. If you are interested in learning more, please contact communications@isaca.org. For more information on Connecting Women Leaders in Technology click here.

New E-book Spells Out GEIT Implementation

Technology can be a double-edged sword for business. On the one hand it can provide extraordinary advantages, and on the other it can present potential risks. A new ISACA e-book, Getting Started With GEIT: A Primer for Implementing Governance of Enterprise IT, spells out how to get greater efficiency and effectiveness out of IT assets and make sure their use is aligned with larger, enterprise-wide strategic aims.

The 52-page book details how implementing a Governance of Enterprise IT (GEIT) system can provide numerous benefits to a business, including lower costs, increased control, improved resource efficiency and effectiveness, and better strategic alignment and risk management.

The book (free to ISACA members, $15 for non-members) is aimed at professionals who are new to GEIT and those who are implementing a GEIT system.

GEIT For Lower Capital Costs, Greater Innovation
A strong GEIT system can translate into lower costs for capital, along with other benefits such as greater organizational innovation and entrepreneurship. It can also mean paying lower interest in the capital markets.

While a well-implemented GEIT system can bring major benefits, poorly implemented GEIT will fail to deliver those benefits while wasting the resources required for implementation. To address that concern Getting Started With GEIT spells out the specific steps needed for a successful implementation that meets enterprise goals and delivers value.

7 Steps to Implement GEIT
What is particularly helpful about the step-by-step approach is that practitioners can implement some quick-hit improvements and realize much of the value from GEIT without having to become a framework expert.

The guide includes the 7 steps to implement GEIT and supports them with examples of benefits to help gain senior leadership buy-in. It also presents specific objectives for executing technology projects and managing technology investments.

The 7 GEIT implementation steps include:

  1. Initiate the program
  2. Define problems and opportunities
  3. Define a roadmap
  4. Plan the program
  5. Execute the plan
  6. Realize benefits
  7. Review effectiveness

Every chapter includes a checklist of action items to help with the implementation of each step. An example of this comes at the end of the first chapter, which explains what GEIT is and the how-tos for creating a business case and obtaining buy-in: 

“Determine which benefit(s) of GEIT are most appealing to the organization. Document why this is most appealing and what additional benefits may be realized from implementing GEIT in the enterprise.”

As a convenience, all of these action items have been gathered into a single document that is available for download below. As part of the e-book release ISACA is also offering a quick reference infographic detailing key points from each of the five chapters, which is also available below.

Getting Started With GEIT Extras
The e-book concludes with two detailed case studies on applying GEIT to two scenarios, including a manufacturing enterprise using GEIT to evaluate stakeholder requirements and determine how to best satisfy them. The other scenario has a large multinational enterprise that wants to ensure its rapid expansion and adoption of advanced IT delivers the expected value and manages significant new risk.

Finally, the book includes a section of tips for conducting effective GEIT implementation interviews for a strong starting point in the GEIT implementation work.

To download or purchase Getting Started With GEIT: A Primer for Implementing Governance of Enterprise IT e-book click here. To download the accompanying action item checklist click here. For the quick reference infographic, click here.

Mark Kaigwa:  Mobility Has Massive Implications for Africa

ISACA Now recently talked with Mark Kaigwa, African IT entrepreneur, about the future of IT in Africa. Kaigwa is a keynote speaker at the first-ever Africa CACS at the InterContinental Nairobi, Kenya, which takes place Monday, 8 August to Tuesday, 9 August. For more information click here.

The following is a question-and-answer session with Kaigwa.

ISACA NOW:  It seems that the opportunities for IT in Africa are endless. Obviously, social media is huge. What other opportunities for IT in Africa do you see over the next 5–10 years?
KAIGWA:  I see mobility as one of the greatest epochs of Africa’s technological history. The last 7 years has witnessed nations shift from cyber cafés as the gateway to the Internet to the pockets of hundreds of millions on this continent. I believe that it is indeed something to marvel at.

The implications are massive. You can no longer have an election without factoring in the broader thinking that goes into the mobile phones we know and love. To the extent that in Kenya, where the inaugural Africa CACS will be held, serious conversations have revolved around whether mobile money and mobile phones should be used in the voting process. To illustrate, the total number of registered voters is estimated at 15 million while there are 25 million mobile money users.

I think the layer above mobile is what excites me as we’re only beginning to see the possibilities. Look at how connected devices are entering various sectors, such as the education system, where Kenya recently piloted a program that will see 100,000 students explore learning aided by laptops.

For national security, there’s been a push in the private and public sectors. When it comes to traffic and mobility, Nairobi loses a colossal amount in traffic per day. An IBM study found it the 4th most-stressful city for drivers (after Mexico City, Shenzhen and Beijing). The yearlong study was on how drivers react and vehicles behave as they negotiate obstacles on Nairobi streets. The public sector has seen the deployment of a national police surveillance system powered by 4G technology from Safaricom. This included connecting 195 police posts and HD and Ultra-HD CCTV cameras monitoring traffic and security connecting to a national command and control room.

Kenya’s investor community is pushing boundaries in the Internet of Things (IoT) with organizations like BRCK educating customers and the market. There is also Product Health, an organization looking into supporting solar enterprises. I have great interest in the data we are generating and what that data means for consumers and companies.

At the same time I recognize the risks. To illustrate, in Kenya today you have people that fall within the cracks when it comes to complying with the checks and balances of traditional access to capital and loans. However, one peek at their mobile devices tells a much better story than any bank account ever could. Companies from Silicon Valley and Silicon Savannah are battling for the future of finance, especially for lending based on mobile data.

Organizations like Branch, Saida and Tala take information on Android phones and score them on virtual creditworthiness. Small factors like how much airtime one uses, how many times you charge the phone each day, whether they gamble on sports betting web sites are included, in addition to their mobile money transactions. Tala claims to have over 10,000 data points to make a lending decision. No paperwork involved. M-KOPA pioneered this on a broader basis, pushing beyond access to mobile phones and consequently mobile money by exploring what happens when you build credit scoring based on purchasing power from micropayments.

Second to that, I’d say that chat apps and instant messaging applications also excite me. I’ve followed the growth of Ghanaian startup Beam and others using WhatsApp as an onboarding process. Remittances across the continent exceeded aid in 2012. Since the rise of cryptocurrencies there are myriad start-ups solving the payments space. Beam began this way but pivoted to a new and more interesting proposition.

It isn’t what gets the money into the country that matters, but where it goes and the certainty one has that it is buying what it was intended to buy. This means that if a person has sent $10,000 to family members to purchase a parcel of land, what else do they have but the family members’ word to go on when checking to see that this is what it was spent on?

ISACA NOW:  What are the challenges to Africa’s IT revolution? What solutions do you envision?
KAIGWA:  If we take the two above scenarios, they invariably bring security challenges. The issue of cybersecurity is one that has people divided.

The greatest of these is that on the connectivity front. I’m interested in seeing how the debate on net neutrality plays out on the continent, particularly after India’s decision on net neutrality; we have yet to see any clear reverberations on the continent.

The continent isn’t homogenous. There are 54 different negotiating tables for Facebook to sit with regulators. It is also worth noting that the way true regional lines get erased is when telcos are able to use their borderless technologies and economies of scale to facilitate entry for technology giants. The case in point is Airtel as a partner for Facebook’s Internet.org on the continent.

Mobility itself remains a challenge. Yes, one can engage and build with mobile in mind, but that is not the be-all and end-all of technology. Challenges and pain points in the user experience of unstructured supplementary service data (USSD) are an area that needs further thought. The need to go through menu after menu can prove taxing, especially given the number of timeouts. User experience on mobile (outside of apps) remains a challenge. This considering that USSD does not grant uniformity. From an iPhone 6S plus to a Nokia 3310 (were one to be revived and put back on a network) the interaction is virtually the same.

Regarding mobile money, the Brookings Institute noted that when South American countries were compared to African ones (especially those advanced in the penetration and use of mobile money), there were generally higher rates of formal bank account ownership among marginalized groups (i.e., women and low-income individuals) and higher rates of debit card, credit card use and Internet use for bill payments and purchases than the African countries. Conversely for Africans it remains primarily mobile driven. I’m exploring what this means when it comes to delivering a consistent and cyber-secure experience on mobile channels to customer segments not aware of risks and vulnerable to fraud.

ISACA NOW:  Where are African enterprises at from a cybersecurity standpoint? Where are African citizens at, cybersecurity-wise? What are the challenges and solutions?
KAIGWA:  The biggest challenge here remains as seen above, to categorize the continent as homogenous. As is becoming an adage now—Africa is not a country. The contradictions, challenges and comparisons between countries yield different results each time. One can, however, find parallels when looking at the four corners of the continent. Kenya for East Africa, Nigeria and/or Ghana for West Africa, Egypt for Northern Africa and South Africa for Southern Africa.

To illustrate, one of the continent’s main pan-African organizations, the African Union (AU) in 2014 adopted its Convention on Cybersecurity and Personal Data Protection. The Convention sought to improve how African states address cybercrime, data protection, e-commerce and cybersecurity. Presently, only 8 of the AU’s 54 members have signed the Convention, with none ratifying it. The solutions will take a country-by-country examination of common ground and political will to take action as the consequences will be felt by nation states and the current and next generation of Africans coming online.

ISACA NOW:  What will be the key takeaways from your address?
KAIGWA:  The key takeaways will be 3 provocations for Africa CACS based off of looking at the continent and observing the rise in mobility, the opportunity and threats, and how stakeholders in the public and private sectors and the general public can compete or collaborate to Africa’s advantage and strengths.

My talk begins and spends time looking at what one of the more recent digital “arms race” developments looked like and what the consequences are for the ISACA fraternity and beyond.

 Editor’s note:  For more information on the first-ever Africa CACS, 8 August to 9 August, click here.

Pokémon Go Issues Underline Importance of Technology Pros

It is unlikely there are many people left who have not heard of Pokémon Go. Maybe you are an active player, maybe your stock portfolio includes Nintendo shares, or maybe you have heard the warnings about criminal activity related to the game. For the uninitiated, Pokémon Go is a mobile app that uses a phone’s GPS and camera to create an augmented reality experience in which players traverse the physical world and capture animated creatures.

Niantic, Inc.—which actually began as a Google project before splitting off from the company last year—partnered with Nintendo to create the mobile app. Whether you are playing the game or not, one thing is for sure – this is a truly disruptive technology; one that came on the scene and infiltrated people’s lives in record time.

Just how pervasive is Pokémon Go? The app has drawn just under 21 million active daily users in the United States since its 7 July debut. In Germany the game was released on 13 July and rose to the top of the charts in just three hours. In less than two weeks Pokémon Go has attracted more daily active users than Twitter – an app that has been in existence for ten years.

From a practitioner perspective, concerns arise around such rapid and widespread adoption of an emerging technology. Organizations are often unable to accommodate such unprecedented interest—in this case, server issues plagued the game’s developers, particularly in the first few days of its release, when Niantic seemed unprepared for the rapid onslaught of users. High levels of usage may also increase exposure for security flaws, which may be exploited before an organization has an opportunity to correct them.

In the case of Pokémon Go, the software company has also come under fire for privacy concerns related to the game – while an update has since been released that corrects the error, an earlier version of the app granted full Google account access to Niantic when users chose that method of sign-in. When millions of users downloaded the app before the update was released, it is unlikely many of them were reading the fine print to understand the scope of access to their personal information they had handed over.

As technology professionals, we have an opportunity and an obligation to anticipate and prepare for what is next, even when we might not be quite sure what it is. While we may not all be developing the next viral app, we do all serve as advisors on technology in some capacity within our organizations. Technology is evolving at exponentially faster and faster rates, and it can seem daunting to keep pace. But even as advances are made, the old standards ring true – build privacy and security standards into technology from the beginning, optimize risk, and approach future technologies with a healthy sense of cautious optimism.

Africa CACS Keynote Herman Konings to Introduce “Cathedral Thinking”

Trend analyst and consumer psychologist Herman Konings will present the Africa CACS 2016 closing keynote address, titled Cathedral Challenges: What Happens After What Comes Next? Konings is a genuine storyteller who inspires the spectator on an engaging course about the amazing world of passions and interests, trends and future expectations, and about what is and what will be.

Africa CACS will take place at the InterContinental Nairobi, Kenya, from Monday, 8 August to Tuesday, 9 August. For more information click here.

The following is a question-and-answer session with Konings.

ISACA NOW:  What major societal trends do you see in the near and long terms?
KONINGS:  To understand trend watching, it is vitally important to know what a trend is. It is not, as many think, a term exclusively associated with the world of marketing, fashion or design. At its most essential, a trend can be defined as the direction in which something/anything tends to move and which has a consequential impact on the society, culture or business sector through which it moves.

Trends are, therefore—as London-based trend forecaster Martin Raymond describes—a fundamental part of our emotional, physical and psychological landscape; and by detecting, mapping and using them to anticipate what is new and next in the world or business, we are contributing to better understanding the underlying ideas and principles that drive and motivate us as consumers, citizens, users, creators, and decision makers.

From a global point of view, interesting (societal) trends are, among other things, the growth of life expectancy (and the related overpopulation), the digitization of jobs, the sustainability (including mobility) challenge and the collaborative mindset of Generation Y. I have the strong conviction that these global trends are “true” global trends, not only relevant for Northern America, Europe or the Far East, but in the “long-near” (= within 5 to 10 years) also self-evident for Africa.

ISACA NOW:   As a trend watcher, what have you learned about the portability of trends? Does a trend in Europe, for example, generally translate into a trend elsewhere? Can you predict portability? Also, can you predict which trends will move from fad to mainstay?
KONINGS:  A legitimate question is whether trends are portable from one region or even continent to another. Can a trend detected in Europe take root in, for example, Sub-Saharan Africa? The answer is quite complex. One has to take into consideration different demographic, economic, socio-cultural, technological, ecological, political and—maybe the most tricky of all—psychological circumstances. On the other hand—and this is promising—the profound globalization of the 21st century means that younger generations (the so-called “Millennials”—GEN Y—and “Digital Aboriginals” —GEN Z) are behaving more and more in the same way as their peers on other continents. The similarities within a global age group have never been more pronounced as within the group of teenagers and twenty-somethings of today. This will obviously enhance the portability of trends associated with young adults.

ISACA NOW:  What will attendees of Africa CACS take away from your presentation?
KONINGS:  On 9 August, I will introduce the idea of “Cathedral Thinking.” Short-term, instant-gratification thinking seems to fail. Both consumers and business leaders are reconsidering the idea of long-term thinking. Like builders of cathedrals in medieval times (in Europe), when fathers passed the task on to sons, who in turn passed the task on to their sons. Once initiated to the job, cathedral builders knew exactly that neither they, nor their children, grandchildren or even grand-grandchildren would be joining in the housewarming party of that cathedral.

The attendees of my presentation at Africa CACS will learn, among other things, about sensors leading to an Internet that is more adapted to the individual, turning the Internet of Things into an Internet of Me. I will also be discussing the humanization of the digital and “augmented intelligence,” the joint forces of hyper-cognitive intelligence (supercomputers) and both social and emotional intelligence of (bio only) humans.

For more information on Africa CACS, click here.

Life (and Your Career) Is Not a Spectator Sport

Jackie Robinson, the world-famous baseball star, once said, “Life is not a spectator sport. If you're going to spend your whole life in the grandstand just watching what goes on, in my opinion, you're wasting your life.”

Your career and mine may not have the cultural significance that Jackie’s did, but how many of us accidently, or metaphorically, spend our lives or careers in the comfort zone of the grandstands? Watching and waiting for something to happen. We turn and talk to our fellow grandstanders about what “woulda, shoulda, coulda” been. They silently concur and resume watching, waiting.

“And then one day you find ten years have got behind you. No one told you when to run, you missed the starting gun.” --“Time” from the 1973 album Dark Side of the Moon by Pink Floyd

Some of the best, most rewarding things in our lives and our careers come in unexpected ways. We are taught that success and winning are everything. However, which one of two equally talented individuals learns more and works harder to improve:  the person who makes the game-winning play or the person who fails? The winner is carried off on teammates’ shoulders. The non-winner walks alone. The winner may have been skilled, a good guesser or simply lucky, but the “learning moment” is lost in the jubilation. The driven non-winner will be reviewing video, talking to coaches and working on being better.

“Champions aren't made in gyms. Champions are made from something they have deep inside them-a desire, a dream, a vision. They have to have the skill, and the will. But the will must be stronger than the skill.” --Muhammad Ali

My point is this:  Who do you think comes back stronger? Which one steps out of the grandstand and pushes harder? Delivers more? My second and more important point:  which one are you? Do you join an organization or company and then metaphorically sit in the safety of the grandstands? Or do you actively jump in with both feet and participate by stepping out of your comfort zone?

And Now, a Short, But Related Story
I joined ISACA because a friend, the chapter president, asked me to help him do more with the local chapter. As a chief technology evangelist/CIO, it was not at the top of my list of organizations to join, much less be on its board. In my time running large IT shops, I worked closely with a lot of internal and external auditors—some good, some not so good. In my head, my confirmation biasthe tendency to search for, interpret, focus on and remember information in a way that confirms one’s preconceptions—kicked in, and I still saw ISACA as simply an “IT auditing” organization. It is a reasonable assumption that auditors have a similar opinion or bias toward IT professionals.

Over the first few months, while I familiarized myself with the global ISACA organization, its offerings and its direction, a funny thing happened. The people were very giving and sharing. They freely talked about the challenges of being “perceived as a burden,” a “tax collector,” and as “paper tigers.” They wanted to do their jobs as well as they could for their companies and clients. They were very open to understanding the perspective of a “recovering CIO.” Constructively, I gave them both barrels from the IT perspective. Instead of wincing or recoiling defensively, they leaned in and said, “How can we (IT, info sec, the business, and audit) work better together?”

Well folks, I have to admit, I am a sucker for anyone attempting to focus on the business or people side of the equation and work together for the betterment of the business organization. So, I jumped out of the grandstands, gulped down the Kool-Aid, and said, “Put me in, coach!” I became much more involved in several areas beyond those assigned to me. The personal growth was incalculable. Not only did I get some very fresh perspectives on stale thoughts, but I also gained a renewed sense of adventure. Yes, adventure with auditors! This new sense of adventure culminated in March when our chosen delegate to the 2016 ISACA Global Leadership Summit was injured and the chapter turned to me. My old reaction would have sounded a little like, “Um, let’s see…um...400 auditors you say?… three days?…oh, yeah, I just remembered…”

Instead, I went to the Lisbon event and found 400 chapter leaders from over 80 countries, all attempting to “make things better.” It was three days of work, but I met some really extraordinary individuals from around the globe. Their insights and approaches to challenges, challenges the normal American would never face, were simply inspiring. That combined with a global organization attempting to reinvent itself and address the needs of the new era by reaching out to professionals, members, etc., made the experience a truly rewarding one.

NONE of these great experiences would have happened had I sat and watched from the grandstands.

The meta-message:
Changing up US President John F. Kennedy’s famous quote a little, my advice is this:

“Ask not what an organization can do for you, but rather what you can do for the organization.”

Pick one organization inside or outside your comfort zone. Join. Contribute. Expand. Excel!

Editor’s note:  Blair Baker serves as 1903 Solutions’ chief technology evangelist, ghost-executive, catalystic optimizer, interdepartmental liaison, speaker and coach.

1 - 10 Next