We have often heard these pearls of wisdom during our formative years: “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”
Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:
- Putting other’s needs before your own
- Over apologizing
- Consistently asking for permission
- Denying your own power
- Not asking for what you want or need
- Tolerating too much negativity
- Being overly patient
In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.
How then can we break this nice cycle without being labeled a witch or worse? How can we vanquish our misplaced guilt when we no longer play nice? We do this through: 1) language; 2) prioritization; and 3) building our brand.
Never Underestimate the Power of Words
Words create our reality and give us and others a blueprint for interacting with us. Women often use touchy-feely language that lacks self-confidence. These phrases include: “Maybe we could…”; “I was thinking we might…”; “How about…” Instead use more assertive language: “I believe it would be best to…”; “I propose that we…”; “It is my understanding that …”
Stop Putting Work Ahead of Everything Else
Many women of my era are referred to as the “sandwich” generation. We juggle careers, families and caring for elderly family members. We put ourselves so far down the list that we do not recognize our own needs. By playing nice, women put their needs on hold or lower their expectations. They deny their own power. Let go of the beliefs that you are powerless and that standing up for yourself is selfish. Rethink what power means. You have more power than you allow yourself to use. To reclaim your power, start by saying “no” to unreasonable requests. Express yourself in more empowered ways by stating, “I choose to…” which ties back to creating your reality. Take small steps for yourself, such as:
- Taking lunch breaks
- Taking short walks outside
- Establishing set start/stop times, and sticking to them
- Taking time for exercise
- Taking meditation or yoga classes
- Getting regular massages or facials
Build Your Brand
We all know brands that are synonymous with a product, such as Coke or Kleenex. What is your name synonymous with? Once you determine that it will inform you of your brand. It is what sets you apart from others. What is your unique story? It is said that “If you don’t build your image (brand), someone else will.” What are you really good at? Build your unique story.
Appearance is also a big part of your brand. The saying goes, “Never dress for the job you have; dress for the job you want.” Look at successful women. What style of clothes, hair, make-up and jewelry do they favor? I am not advocating a complete makeover, but maybe wear a blazer to important meetings or dress up your blouse and slacks with a scarf.
Also, observe how successful women speak. Do they use a lot of touchy-feely language? What is the pitch of their voice? Your presentation skills communicate your brand. Are you confident in front of a group? Do you talk at an acceptable rate or speak rapidly? Do you use crutch words like “ah,” “um,” and “you know?” Do you over explain or apologize when presenting? Do you use words to minimize importance or ask for permission? Do you speak too softly or at too high of a pitch? Does your voice pitch up at the end of a statement? If you struggle in any one of these areas, I suggest Toastmasters International, which offers a cost-effective communication development course that moves at your own pace.
Do you, like me, suffer from Nice Syndrome? How have you broken through this syndrome? Share your success and struggles in the comments section below.
Today, 28 April, just happens to be International Girls in Information and Communication Technologies (ICTs) Day. The goal of the event is to create a global environment that empowers and encourages girls and young women to consider careers in the growing field of ICTs. For more information click here.
ISACA Now recently spoke with Mark Stevenson, the closing keynote address for EuroCACS in Dublin 30 May-June 1 2016. Stevenson is the founder of We Do Things Differently, and the author of An Optimist's Tour of the Future and the upcoming We Do Things Differently. He is also an advisor to the Virgin Earth Challenge, Atlas of the Future, Comic Relief and Institution of Mechanical Engineers.
ISACA Now: In Principle 7 of your 8 Principles for Thinking About the Future, you discuss how pragmatic optimists will experience significant rejection and ridicule when starting new endeavors. What practical advice do you have for getting through all that rejection without becoming defeated and cynical?
Stevenson: By understanding that you will lose more often than you will win until half way through the game—and that’s OK. Persistence (driven by the optimism that a better future is possible) is the secret sauce of success. Cynicism by contrast is just a recipe for laziness dressed up as wisdom. Every great leader you can think of is an optimist. As the saying goes, “The road to success is littered with corpses, but they’re all suicides.” Also remember that that rejection is often a sign you’re on the right track. As the computer scientist Howard Aitken sagely remarked: “Don’t worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people’s throats.”
ISACA Now: For many, cynicism is deeply embedded. How is it possible for those long-term cynics to kick out their cynicism?
Stevenson: By looking in the mirror and asking themselves if they want to continue being unhappy. Cynicism is obedience. As the author Richard Bach put it, “Shop for security over happiness and you buy it, at that price.” Cynics reinforce the status quo they complain about by refusing to imagine it can be different. But the antidote is doing something bigger than you for which the dividends emotionally (and often financially) are handsome. It’s a choice. Comfortable miserable cynicism, or uncomfortable happy optimism? It’s your life.
ISACA Now: Your pragmatic optimist’s view of the future should come in handy for cybersecurity professionals as they work to address the avalanche of cybercrimes and criminals. What is your advice for those who may be growing weary of the world’s seeming inability to overcome cybercrime? What historic parallels can you draw from this?
Stevenson: The question is what are we protecting? One has to ask what the roots of crime are, and they are based in scarcity and distrust. In a world of abundance and transparency, crime and war are far less likely (indeed history teaches us this time and time again). The cybersecurity profession has to ask itself whether it is on the side of people, or Mossack Fonseca (the Panamanian law firm that recently had 11.5 million confidential documents leaked) and its clients. Who are your paymasters and what are their morals? We overcome violence and addiction by being more connected, not less so. We will overcome cybercrime most effectively by working to reduce inequality. So, the question is, what are you doing about that and whose side are you on?
ISACA Now: You will be speaking at the EuroCACS conference 30 May-1 June 2016 in Dublin. Give us a brief preview of what you’ll discuss and what attendees will take away.
Stevenson: I’ll be explaining why all bets are off, how the next 30 years will be some of the most turbulent in history and how to navigate that in the service of making the world better for your children.
ISACA Now recently talked to Tim Sanders, a keynote speaker at the North America CACS 2016 2-4 May in New Orleans. Sanders is the New York Times best-selling author of Love Is The Killer App: How to Win Business & Influence Friends and an Internet pioneer. He advises Fortune 500 executives on leadership, marketing and new media strategies to grow business.
ISACA Now: Your new book Dealstorming: The Secret Weapon That Can Solve Your Toughest Sales Challenges suggests a team approach to sales. What are the keys to developing a best-in-class team, no matter its function?
Sanders: Effective problem solving teams are diverse in thinking and united in shared vision. So ask yourself: Who has a stake in the outcome? Who has expertise about our problem? These are your blockers, tacklers and skill position players for your team. Every team has an overarching goal or purpose, so make sure yours cuts across the lines. In sales, you can’t lead with just the revenue opportunity; you need to elevate the discussion to winning a rivalry, pursuing excellence or building your brand. Same goes for any other problem area at work. A bigger why creates a stronger team, especially when finding a solution takes a lot of meetings and time.
ISACA Now: You recently tweeted that nurturing team building and team players is more important than hiring rock stars. Why is that?
Sanders: From business to technology, complexity is rising fast. This puts pressure on organizations to quickly innovate, keeping up with the times. In my research, I’ve found that genius is a team sport…not the work of a lone creative type. There are bodies of research (such as The Myths of Creativity by David Burkus) that debunk the stories of lone-invention. It’s a romantic notion, really. We want to think that the rock star programmer, sales person or marketer will save the day. But really, the effective team builder and player will harness group genius to move things forward more quickly. Additionally, many “rock stars” on paper are the product of their previous working environment. That’s why so often as they move to new opportunities, they can’t replicate their success. And making matters worse, because they were a rock star at their previous job, they’ve likely developed the lone-wolf mentality.
ISACA Now: Many IT professionals are introverted or work remotely. How can they become lovecats?
Sanders: A lovecat is a person who is strong and intelligent but at the same time, generous and empathetic to their colleagues. One way we can be generous is knowledge sharing or mentoring. This can be done now online, in a series of very helpful emails. For networking, another way to be generous at work, email introductions or LinkedIn endorsements offer a way to connect others that “should meet.” Finally, introverts are naturally great listeners. Helping others be heard is a valuable offering in organizations where there is constant change.
ISACA Now: You will be speaking at the NACACS conference 2-4 May 2016 in New Orleans. Give us a brief preview of what you’ll discuss and what attendees will take away.
Sanders: I’ll be talking about the power of great relationships, team work, collaboration and leading from the heart. Main takeaways will include insights on how to be an effective mentor, a power networker and a great listener. Also, I’ll reveal the collaboration process I’ve developed over my career, and how when fueled by relationships, it can triple your chances at solving your toughest challenges.
In the two decades that I have been an IT Audit recruiter, the field has come a long way, and there is now much more recognition for the IT Audit profession. Going back to 1995, whenever I speak at an ISACA gathering I’ve always asked how many knew in college that they wanted to be an IT auditor. Just 10 years ago, no one ever raised their hand. About five years ago, hands started to go up. That IT Audit is now considered a viable career choice has been helped considerably by the steady increase in college curriculum focused on IT risks and controls.
As an IT Audit recruiter I am often asked by individuals at various stages of their IT Audit journey—from college to mid-career—what they can do to jump-start their IT audit careers and stand out from the pack. Here are some suggestions.
IT Audit Internships for Newbies
Let us start with those still in college. I strongly recommend you get into a good internship program to gain experience and “try before you buy” to help you decide if IT audit is something you are truly interested in. A good place to look for these programs is with the Big 4 accounting firms, but also with Fortune 500 companies, more and more which are developing audit internship opportunities.
ISACA Membership/CISA Highly Recommended
For those starting out or at mid-career looking to get into the IT audit field, my first suggestion: You need to become a member of ISACA. To get a foothold in the IT Audit world, ISACA can be invaluable particularly for the networking opportunities an ISACA membership affords. Robust ISACA chapters can be found in most major cities.
You should approach every chapter meeting as a networking opportunity. Yes, those events are great for learning more about the profession through training and presentations, but networking is key for those looking to break into the IT audit field. Sit with people you do not know. Move around the room. Introduce yourself to the chapter president or vice president. Ask for 30 seconds to a minute to introduce yourself to the entire group and present your stump speech/elevator pitch to make everyone aware of who you are and that you are looking to get into the IT audit field. How many times will you need to introduce yourself and network your way to an opportunity? Maybe once, maybe one hundred times…but if you put in that level of effort to go beyond the comfort zone and market yourself, you will eventually win somebody over.
Next: It is critical that you sit for the CISA certification. It sends a clear message to prospective employers that have mastered the IT Audit body of knowledge, but even more important, it shows you have taken initiative in your professional development. It demonstrates that you have bought into IT audit, which is something potential employers need to know, especially if they are going to take the risk of hiring someone who needs additional time and training to get up to speed. The CISA has gone from a “nice to have,” to a “Why in the world do you not have your CISA?” CISA is a door opener if you have it and a door shutter if you do not….so dig into your wallet and pay for the exam. If you are serious about the IT Audit field, this is an investment that will definitely pay off.
As for other ISACA certifications, both the CISM and CRISC are continuing to gain recognition. Non-ISACA certifications I recommend include the CISSP from the International Information Systems Security Certification Consortium and the CIA from the Institute of Internal Auditors (IIA).
To sum up, with IT audit candidate scarcity as significant as it has been since the initial years of Sarbanes-Oxley compliance, demand for qualified IT audit professionals will likely continue to exceed supply for the foreseeable future. This creates opportunities for those looking to break into the field, and an ISACA membership and certification are the keys to doing just that.
Derek Duval is the owner of Duval Search Associations, which is devoted exclusively to enhancing careers of IT audit, risk management, compliance, and advisory professionals.
As the Internet of Things continues its promising evolution, the world is becoming more engaged in the discussion of privacy issues versus issues of national security. At the center of this exchange is the burning question of whether we, as nations and communities, should sacrifice privacy for security.
Some governments think so, and have gone to great lengths to gather information from sources both inside and outside their borders, quite often acquiring the information of millions of persons in a quest to identify the specific actions of only a few individuals.
On the other side of the argument are those who believe that an individual’s right to privacy is sacrosanct; nothing can, nor should, supersede it, including a government’s desire to act in what it deems the interests of national security.
The actions of Edward Snowden put a spotlight on these conflicting perspectives, pointing out the various ‘back door’ entry points that enabled a government to examine the information of private citizens at any moment it deemed such an examination necessary. Today, we find governments and citizens across the world having conversations about the appropriate balance of privacy and security. Those discussion, as yet, have yielded little agreement, and few signs of potential resolution.
And now, the voice of someone new has joined that conversation: David Chaum.
David Chaum was the creator of the mix networks of the late 1970s. He has spent much of his career in encryption, ensuring that information stays the property of the individual, and no one else’s. In January at the Real World Crypto conference at Stanford University, he proposed a new way to ensure an individual’s online privacy, a model he calls PrivaTegrity.
His solution is somewhat counterintuitive. He proposes more ‘back doors’—nine of them, in fact. Simply put, Chaum’s PrivaTegrity model places nine servers in nine different nations. No single server can provide access to the information being transmitted, nor can any combination of the nine servers access the information —save all of them acting in unison. His rationale is simple: if nine governments or other entities can agree that something is undesirable—terrorist plots, human or drug trafficking, or similar endeavors—then that information should be accessed and acted upon.
A critic of Chaum’s pointed out the central flaw in this, though. Why would criminals and terrorists use a construct that you have already publicly stated has the ability to be accessed through a back door, albeit a door with nine locks?
While Tor encrypts and bounces communications through a network of relay servers, preventing traffic analysis, Tor cannot—and does not—protect against traffic confirmation. Because of imperfections such as this, Tor and similar constructs are vulnerable to decryption efforts—but are they vulnerable enough, in the mind of a bad actor, to merit switching from that to Chaum’s PrivaTegrity model? PrivaTegrity may make privacy more difficult to pierce—but it can still be pierced.
To be blunt, the only reason for criminal or terrorist elements to use PrivaTegrity would be if they controlled all nine servers. It is difficult to imagine a scenario in which any one of nine criminal or terroristic enterprises would act against their own self-interests, so it would be extremely difficult to get all nine actors’ approvals, and lift the veil of privacy. This could prove appealing to such groups—and be a nightmare beyond imagination for law enforcement, cybersecurity and national security professionals.
So, I believe it is safe to say—no, David Chaum has not saved the Internet.
But perhaps he has pointed to a way forward. Plurilateral agreements require the approval of all entities involved before an action can be undertaken, and may be the nontechnological solution to the privacy versus security debate. This is not a new approach to issues that are borderless, global in scope, and with implications for nations and individuals the world over; a plurilateral agreement regarding the future development and usage of Antarctica was entered into force by a dozen nations in 1961. In the half-century since, the member nations have worked together to increase the number of nations in the Antarctica Treaty, as well as to set parameters for the scientific and research on that continent.
In this age of the Internet, privacy is disappearing---or perhaps we might soothe our souls by acknowledging that privacy is being redefined. Individuals are continuing to reveal more about themselves online. Governments are actively pursuing what they believe to be the best security interests of their respective nations. While many security-focused agencies around the world would be loath to have another similar agency in an outside nation sign off on their actions, the fact remains that it just might be the best way to ensure the privacy of the individual while still engaging in the pursuit and apprehension of criminals, terrorists and similar bad actors.
The Internet does not belong to an individual or a nation; it is among the few constructs in our world that can make that claim. Instead, it is a construct that deserves the responsible stewardship of both state actors and individuals. It is time that privacy be given the same status that other issues of global import have been given. It is time we work together to ensure that innocent, ordinary individuals the world over can communicate with one another—and only one another.
“The art of communication is the language of leadership.” James Humes
Good interpersonal skills are the hallmark of all great leaders. There is no leadership without effective communication. And those who possess the art of delivering thoughts and ideas in meaningful and befitting ways are those who are most successful.
No academic discourse or any business degree can teach you how to become a skillful communicator. It is self-taught and learned by exposing oneself to situations where interpersonal skills are tested the most. Regardless of which leadership style CEOs and managers adopt or have, delivering the right communication is a different matter altogether.
The best communicators are not only those who show the intent to listen to others, but also those who have incredible situational awareness and observation and problem-solving skills. Without being able to critically analyze, process the finer details and evaluate it holistically, leaders will not be able to communicate the “big picture” to their staff, and the business as a result will not grow as it should.
The following are a few ways leaders can uphold effective leadership communication:
Get personal—The positive value of any relationship intensifies the more emotions are involved. While it is important to have disciplined and professional relationships with your staff, it is also essential that leaders communicate with their staff using personalized tones and messages. Cultivating meaningful relationships is thus critical for leaders to communicate effectively.
Be specific—Leaders also need to practice ways of keeping their messages concise and to the point. There is nothing remarkable about making long speeches, if your staff cannot understand and remember half of the things you say. Business leaders are more pressed for time, and it can be very damaging if they do not deliver messages in a summarized and concise manner. The more summarized your messages are, the more clarity your staff will have.
Show empathy—“Leadership today is based on relationships built with trust, hope, love and encouragement,” Billy Cox. It is only natural that those vested with authority will exploit their position to show ego. That, however, is not the mark of a strong leader. A strong leader is one who can show empathy for his or her staff. Empathy contains the human element of compassion and care that can patch up emotional or psychological issues faced by employees in their work routines. Showing empathy means that you value human emotions and doing it enough can be precursor for influencing great motivation levels in your staff.
Demonstrate analytical reasoning—How well you analyze information and events is an important quality for a leader to have. What is more important is getting your employees to think like you and perceive things from your point of you. This does not necessarily mean that they have to agree with you; rather, it is about exercising one’s rational faculties to become better, data-driven staff that can achieve extraordinary results.
Leaders should ask employees to make their research and present their own analysis and solutions to a problem along with a case study, company/department objectives and conclusion. You can then ask a series of questions regarding how the business should quantify the solutions and how it can translate into long term business growth.
This is an important exercise to train your staff to think on their feet, appreciate their rational thinking and arrive at conclusions that can relate to worthwhile business strategies.
Listen and be silent—Listening with an open mind and out of genuine interest is one of the easiest ways to gain trust of your employees. By listening with a sincere heart, your employees feel valued and become encouraged to participate more closely with the activities of the organization. It sparks interest in your staff and allows them to be more at ease with their company culture.
Simon T. Bailey
Author, speaker and Brilliance Enabler
Bailey will be speaking at ISACA’s 2016 North America CACS conference 2-4 May 2016 in Las Vegas, Nevada, USA.
The dynamic world of cybersecurity continued its rapid pace of change in 2015, creating new challenges and opportunities for ISACA and our 140,000 global constituents. Of course, 2016 will be no different. ISACA professionals across the globe expect to see an evolving mix of cyberthreats, regulatory issues, and an ongoing shortage of qualified cybersecurity workers needed to address these issues, according to the January 2016 Cybersecurity Snapshot survey.
Nearly 3,000 IT professionals from 121 countries voiced their opinions in the Cybersecurity Snapshot, and the results say much about where cybersecurity is headed in 2016. Respondents said their top cyberthreat concerns for 2016 were social engineering, insider threats and advanced persistent threats (APTs). Fully 84 percent believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year. Nearly a third said there will be some increased risk of insider threats (privileged users) vs. last year.
ISACA’s well-trained, knowledgeable professionals do not lack for recommendations on how to best tackle these cyberthreats. Adding two-factor authentication was considered the best response for improving security in the virtualized data center, followed by adding dual-person approvals for certain actions. Other suggested solutions included using a password manager for checking in/out password access to systems, and adding air gaps for different types of workloads (e.g., sensitive or non-sensitive).
Another area where ISACA constituents had consistent opinions involved government regulations and privacy issues. We saw significant activity in these areas in 2015, and I believe we can expect to see more of the same in 2016. A majority (63 percent) of respondents believe governments should not have backdoor access to encrypted information systems. A similar majority think privacy is being compromised by stronger cybersecurity regulations.
From an organizational standpoint, 84 percent favor regulation requiring companies notify customers within 30 days of a data breach discovery. Interestingly, only a third of respondents believe their organization would voluntarily share cyberthreat information if it experienced a breach.
These issues make a strong case for organizations to have certified, well-trained cybersecurity personnel. Finding well-qualified cybersecurity professionals, however, is an ongoing, global issue. Nearly half of global organizations are planning to hire more cybersecurity personnel in 2016, and 94% say they will expect to have a difficult time finding skilled candidates.
Not surprisingly, 81 percent say they would be more likely to hire a cybersecurity job candidate who holds a performance-based certification. That’s where ISACA and Cybersecurity Nexus (CSX) come in.
ISACA launched CSX in 2014 and expanded its certification offerings in 2015 with the introduction of the CSX Practitioner (CSXP) certification. CSXP is a vendor-neutral, performance-based cyber certification—the first of its kind—that focuses on key cybersecurity skills and requires demonstration of skills in a virtual lab environment in the Identify and Protect domains.
CSX has big plans for 2016, kicking off today with the introduction of the Cybersecurity Career Roadmap, which will help cybersecurity professionals identify new opportunities for career advancement. It provides the resources to continuously hone your skills, expand your knowledge, and start (and keep) your career on a trajectory toward achieving your goals.
ISACA is committed to all four of its core focus areas— audit/assurance, governance, risk and cybersecurity—and we will be delivering new resources in all of these areas over the course of the year. There has never been a more challenging or rewarding time to be in our field than right now.
I wish you a happy and successful 2016. It’s going to be an exciting year.
Christos Dimitriadis, Ph.D., CISA, CISM
2015-2016 ISACA International President
Managers are obsolete. Mentors are a thing – or should be!
Fortune magazine suggests that companies retire the term ”manager.” It is there in black and white on page 52 of a recent issue, in the Growth Guru article titled, “5 Key Trends to Master in 2016.”
According to Fortune, Zappos CEO Tony Hsieh eliminated all of his company’s managers. The author of the article notes that most people are better supervised by their phones than by bosses (something to ponder) and goes on to say that by morphing managers into coaches and having them spend an hour of individual quality time each week with up to 40 employees, companies will get better overall performance than they will from teams with a manager and eight to 10 employees.
Cool idea. The sticking point: Converting managers into mentors and coaches. That is potentially a tough sell to professionals who have fought hard to become a “manager” and for younger professionals who are striving for that first manager title.
Management gurus and innovative companies suggest that growth and innovation come from developing leadership at all levels and flattening hierarchies. You reward achievement, in contrast to the traditional career trajectory that rewards advancement. With the advancement model, companies overtly or indirectly push people to aim for roles that may not suit their passion or skills because that is the only way to earn more and be recognized. When you flatten organizations and reward achievement, achievers thrive, as does innovation.
Mentors and coaches are critical in achievement-driven companies because they assist employees in developing the skill sets that allow them to achieve, inspire and lead others. The essential knowledge being transmitted by the mentor is the understanding of the enterprise, culture, protocol, perspective of senior management, strategy vs. tactics, and the synthesis of all those elements, which can take years of work and experience with a company to digest, assimilate and fully understand. Not that mentors are spoon-feeding mentees, but the best of them offer the boiled-down essence of what one needs to know to progress. The information empowers mentees to be more creative, think outside the box and take more (and appropriate) risks. These actions benefit the enterprise and accelerate careers in a positive direction.
Everyone Benefits from Mentoring Process
The exciting thing about mentoring is that it works well in both directions: experienced people mentoring more junior staff and more junior staff offering their expertise (particularly with IT) to senior professionals. The concept of ”reverse mentoring,” pioneered at GE, has been driving knowledge transfer and improved collaboration across companies large and small.
As we start thinking about career and life goals for 2016, put mentoring on your personal development agenda. Have two goals:
- Find a mentor who will help you further develop your institutional and business savvy.
- Look for someone junior who you can mentor.
Research has shown that those who receive mentoring build their careers faster and are more satisfied with the direction their career is going. Research also shows that those who mentor others are recognized as leaders and are more positively perceived within their organizations. This is a win-win no matter what kind of company you work for, and you will find yourself ahead of the curve as the mentor/coach leader paradigm (gradually) becomes a dominant business model—which it will.
Resolve to Get Involved in 2016
Finally, you have to know the power of mentoring. Social scientists at Harvard, UC Berkeley, Stanford and other major research universities are finding important links between happiness and gratitude. Mentoring is a dynamic process that engages us in receiving a gift of wisdom from another, for which we feel grateful and happy. When we mentor, we pay it forward and help someone who will benefit from our knowledge. This is a powerful cycle that generates happiness, effectiveness and job satisfaction. If you make only one career resolution in 2016, make it this one: get involved in mentoring.
For more about mentoring—the process, how to find a mentor, how to be a good mentee, how to mentor effectively, and more—join us for ISACA’s webinar on mentoring, 12PM (EST) / 17:00 (UTC), Wednesday, 20 January 2016. Click here for more details.
As 2015 draws to a close, I want to share with you some reflections on what has been a busy and engaging first full year for me as your CEO. I am inspired by what I have observed, the conversations I have had and, most importantly, the warm welcome from the many of you whom I have been fortunate enough to meet.
I have traveled extensively this year to meet with ISACA members, certification holders, volunteers, chapter leaders, and business and government leaders from around the globe. No matter where I was—from the European Parliament and the White House Summit on Cybersecurity, to meetings with government leaders in Africa, India, Israel and elsewhere—one theme was constant: ISACA has growing visibility, influence and impact, and is increasingly being recognized for the role we play as a professional community in supporting and enabling global economic prosperity.
With insights obtained from these meetings, as well as our investment in environmental scanning and market research, the ISACA Board of Directors, under the leadership of International President Christos Dimitriadis, is placing its finishing touches on a refined strategy that will be shared with our chapter leaders at the Global Leadership Summit in April 2016. This strategy will focus on increasing ISACA’s reach, relevance and advocacy to make us a stronger voice for our professions. We will develop new robust products and services for all of our core technical areas—assurance, cybersecurity, risk, governance and more. There will be further investment in extending our global reach by engaging with you locally in more areas of the world than ever before (for example, the first Africa CACS will take place in 2016).
As business enablers, your roles are being shaped by changes in technology. With technology now the lynchpin of innovation and economic value, ISACA professionals have both the opportunity and the responsibility to use your technology-based knowledge and expertise to help transform your organizations. This includes playing a leadership role in keeping your organizations and its people safe from the increasing pressures of cyberattacks. Cybersecurity continues to grow as a matter of global economic security and a public safety issue. To support your efforts, we continue the build-out of ISACA’s Cybersecurity Nexus (CSX), having launched our inaugural CSX conference and our first performance-based CSX Practitioner certification during the second half of 2015.
You are an important part of ISACA’s global community of over 140,000 professionals. As we transition into the new year, I encourage you to leverage both ISACA’s products/services and the power of our community on a local, national and global level to reinforce the value that you deliver to your organization. May 2016 be your most successful year yet!
On behalf of the ISACA Board of Directors and its employees, it has been a privilege to serve you this past year. We all wish you a very happy, healthy, prosperous and safe new year.
Matt Loeb, CGEIT, CAE
It’s a great year for those with IT skills with the demand booming, but hiring managers are finding themselves up against a wall when it comes to the supply side of the equation – there just isn’t enough talent to go around. Or so it seems. So while those who fit the normal IT profile are likely to be snatched up immediately, there remain plenty of job openings just waiting to be filled. And they can be, but recruiters need to start thinking differently about what an IT professional looks like.
One of the fastest ways to increase the pool of IT talent is to start shifting the emphasis away from requiring four-year college degrees. Instead, IT recruiters should start accepting qualified candidates with IT certificates. So many IT jobs are so specific that the broad knowledge base associated with a bachelor’s degree is unnecessary.
A quality certificate program will give candidates the specific skills they need without the huge time and money investments that come with a four-year degree. From there, companies can identify employees who show potential for further training, including possibly earning a degree, but first recruiters need to open the door to new talent.
Not only are IT recruiters losing out on talented candidates by focusing on degree qualifications over concrete knowledge—many companies also have walled off their efforts by functioning from a preconceived notion of the IT professional. This image is too often white and male, leaving women and people of color out of the picture.
In many cases, IT companies have built bias into their hiring procedures, largely through networking and old boys’ clubs that readily exclude women and recent immigrants, anyone who isn’t tied to the current startup culture. If a female candidate walks in to interview with a panel of white men, for example, she may immediately feel excluded from the company environment. This can impact the interview quality, as the candidate loses confidence or preemptively accepts that she won’t be hired.
Because white men have already colonized so much of the tech industry, sometimes it is not only helpful, but necessary, to dedicate specific space to those historically excluded from the industry. Twitter tried this recently by focusing on bringing women to its Flight conference. This year 29% of attendees were women, compared to only 18% last year.
This success is likely linked to the taskforce of women and minorities in the IT field that Twitter created, a group that networked with Girls Who Code and TechWomen to start shifting the participation and employment demographics in IT. More companies should consider creating teams focused on diversifying the field – Twitter has shown that even a small effort can reap great success.
Train the Next Generation
Ultimately, it may not be possible to remediate the talent shortage in IT immediately – if there aren’t enough trained professionals, even among those with certificate training, then there aren’t enough candidates for the many jobs in IT. The only solution, then, is to start training the next generation, getting them interested in IT careers from a young age. While youth today may be very skilled with navigating the tech world, they often know little about the behind-the-scenes world. That needs to change.
Microsoft is making an effort in that direction, dedicating $75 million over the next three years to build up its YouthSpark program. This program focuses on exposing students to computer science at the primary and secondary school levels with the goal of increasing the number of computer science students at the university level.
With dedicated efforts from major companies like Twitter and Microsoft, the shortage of IT professionals may finally decline in the next few years, but their success won’t just be measured by job slots filled. Until the IT field begins to reflect the diversity of our communities, the field will have a talent shortage. It’s time for recruiters to open the doors and welcome qualified candidates.