Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Maria Divina C. Gregorio, CISA, CRISC, PCI-ISA, PCIP, internal audit manager, VSP Global, a US resident from the state of California.
ISACA Now: What motivated you to pursue a career in audit?
I chose a career in audit because it allows me to have a comprehensive understanding of and exposure to all facets of the business. I am able to use my knowledge, analytical techniques and people skills to effectively contribute to the betterment of the organization. I was also influenced by a mentor early in my career who encouraged me to explore opportunities in this field and introduced me to ISACA’s CISA certification.
ISACA Now: How do you see technological advancements having the greatest impact on audit in the next 3-5 years?
I believe that technological advancements have and will pave the way for more efficient, more effective and more economical audits.
ISACA Now: What are a few professional achievements of which you’ve been most proud?
I am proud to have achieved my CISA, CRISC, PCI ISA and PCIP certifications. They allowed me to lead highly impactful audits that resulted in major cost savings to the organization. I am very proud to have authored our cyber crisis management plan, and I am now leading the global business continuity initiative in my organization.
ISACA Now: How long have you been an ISACA member, and what has that added to your professional development?
I have been a member of ISACA since October 2005 – 12 years! I believe that the benefits derived from my ISACA and other professional association membership, certifications, active participation in my local chapter, passion toward my profession and continued quest to educate myself have been a great formula for my professional development.
ISACA Now: You’ve been active in Habitat for Humanity – what have you taken from that experience?
I’ve always been guided by a personal commitment to leave this place a little better than I found it. I believe that serving with Habitat is my small contribution to that commitment.
ISACA Now: What is the most fun aspect of living in California?
Do I feel like having authentic dim sum breakfast in San Francisco this morning, then heading to a Napa vineyard for lunch and some wine? Or how about some honest to goodness mole in the Mission, then heading to the beach and gazing at migrating whales in Bodega Bay? Or maybe picking up my skis and hitting the slopes at South Lake Tahoe, or lounging in a houseboat in Shasta Lake? As you can see, there is something for everyone in California. I feel very blessed to have these choices – all within hours from each other!
ISACA Now: What are some of your favorite things to do outside work?
I read, go on hikes with my dog; tend my organic garden; feed the ducks, peacocks (yes, we have them “wild” around my neighborhood) and turkeys; swim; work out; and have lunch dates with my mom.
It’s National Volunteer Week in the US. ISACA, however, is global in its reach, as is our corps of dedicated volunteers, and I want us to honor them all. So, I am choosing to declare this period as “ISACA Volunteer Appreciation Week.” In this spirit, I ask you, members of our professional community worldwide, to join me in thanking our organization’s over 4,000 members who provide us with their generous gifts of time and expertise to support advancing ISACA’s purpose to help realize the positive potential of technology.
Here, in their own words, are a few examples of volunteers’ contributions, and their motivations to give back to ISACA and our profession:
- Hari Chede, president of the UAE chapter, speaks proudly of his impact on members’ career development and of skills he’s gained through his volunteer work conducting CISA and CISM review classes: “If you have a passion in assurance fields and you want to grow in that field, apart from having different assurance certifications and education, being a volunteer at ISACA can accelerate your career by learning various skills (event management, time management, project management, accounting and public speaking) and keeping you engaged with successful people in the assurance fields.”
- Joe Cai helps position ISACA to expand its global impact by volunteering as a translator as a member of the CISA Certification Working Group: “I find ISACA is paying more and more attention to the market in China. ISACA is providing many Chinese Simplified materials to break the language barriers and engaging with the local community, both of which require lots of local volunteers. With their help, we can build a good ISACA ecosystem, gathering more and more IT control, security, risk and governance professionals in China. Participating also affords volunteers many benefits like building relationships with industry peers, acquiring more IT control and cyber security trend information and knowledge within China as well as ISACA global, and meeting other ISACA members from all over the world.”
- Jo Stewart-Rattray serves as volunteer chair of ISACA’s Women’s Leadership Council which has developed and launched the Connecting Women Leaders in Technology program to address urgent challenges of women in the technology workforce: “Together with my HQ colleagues, we have brought together a group of influential women from across the world to build the resilience and confidence of our women leaders to seek the career they want and to provide the knowledge assets and connections that can guide them along the way. ‘Connecting Women Leaders in Technology’ is in response to a great want and need for such initiatives from our constituency base. Without women in the workforce, we simply won’t have the resources to continue to fuel the job economy and innovation.”
In 1969, it was a small group of volunteers in Los Angeles who had the foresight to see the need for our work as a result of companies investing in technology capability to support financial and business operations. They established the EDPAA, and sowed the seeds of opportunity that led to our current day ISACA. As we approach our 50th anniversary, volunteering has always been at the foundation of ISACA’s evolution. Increasing this engagement will be a hallmark of how we write the next 50 years of ISACA’s history.
On behalf of the entire ISACA family, we thank our chapter leaders who work tirelessly to increase ISACA’s visibility, influence and impact locally. We thank those who contribute to keeping our certifications and continuing education relevant in a constantly changing workplace as a result of a rapidly changing technology landscape and an increasingly complex legal, regulatory and compliance environment. We extend our gratitude to those volunteers committed to advocating for and strengthening our professions, creating opportunities for career growth and, perhaps most importantly, helping all of us to share the value of what we do to enable the organizations for which we work.
In a world where time is our most precious commodity, your willingness to give back inspires us all, especially knowing that you do so above and beyond your many other professional and personal responsibilities.
Editor’s note: To learn more about volunteering with ISACA, visit www.isaca.org/volunteer. To share your volunteer story, email [email protected].
One of the most influential conversations in Cheryl Santor’s career required plenty of gumption.
Santor, working in IT at a mortgage banking firm in the 1990s, had major concerns about non-proprietary memory that had been installed, jeopardizing the main system for collecting loan information. She voiced her concerns to her CIO in no uncertain terms, believing the integrity of the loan origination system was at stake.
It turns out, Santor’s candor – and insights – were respected more than she could have anticipated. About a year later, that same CIO hired her to work at a national bank where she eventually became CISO.
“He appreciated my diligence, integrity and forthrightness,” Santor said. “This boosted my career and provided the backdrop for my future.”
Santor, a longtime ISACA member, recently retired as the Information Security Manager of Metropolitan Water District of SoCal, where she ensured the security of the business and SCADA network systems. Her responsibilities included review of all national and global intelligence that might affect water system reliability. She continues her ISACA involvement, and work with the FBI InfraGard and other professional organizations, to provide expertise in her areas of focus.
The fourth-generation Californian recently was nominated by a colleague as a finalist in the Los Angeles Business Journal’s CTO Awards.
“I have been in this work for 28-plus years and it has always been a passion, so to be recognized for that passion is reward in itself,” Santor said.
An information security professional “before there was such a title,” Santor said she emphasizes awareness of security best practices, including disaster recovery exercises and access controls.
Santor has been actively involved in ISACA’s Los Angeles chapter for 17 years. She was an IT auditor when she first joined.
“Seeing that audit and security went hand-in-hand, in providing the best for any organization, I joined ISACA,” Santor said. “I knew that ISACA would provide me the intelligence and expertise as I moved through my career.”
In recent years, Santor has become especially passionate about ISACA’s Cybersecurity Nexus (CSX) program as a resource for cyber security professionals to gain the needed skills and training to keep pace with fast-evolving cyber threats.
“Whether they are entering the field, changing careers or just becoming the person who is taking cyber security on for their company, they can look to ISACA’s knowledge to support their efforts,” Santor said.
Santor and her husband, Louis, have four children and eight grandchildren. Rather than having a hard time keeping up with her grandchildren, it might be the other way around; Santor is a car enthusiast whose hobbies include racing Corvettes and Cadillacs. A less adrenaline-infused passion is quilting, which Santor said benefits from a similar mindset to her professional wiring.
“I like to take fabric, cut it up and create a new version or outcome,” she explained. “To me it is somewhat like computer forensics. You are presented with a puzzle and you need to make sense of it as the final outcome – an investigative process in both instances.”
Editor’s note: Daymond John, the FUBU clothing founder, Shark Tank reality TV judge and a self-made multimillionaire, will deliver the closing keynote address at ISACA’s North America CACS 2017 conference, which will take place 1-3 May in Las Vegas, Nevada, USA. John visited with ISACA Now about what innovation means to him, his approach to taking business risks and the Shark Tank experience. The following is an edited transcript:
ISACA Now: The word ‘innovative’ is thrown around a lot. What does that mean to you, and in what ways has that kind of mindset allowed you to achieve such a high level of success with FUBU and your other ventures?
Innovation is the process of creating something new, which oftentimes is just a newer version of something that already existed. For example, to me, Twitter was a note on a pigeon's leg hundreds of years ago. It’s just a new form of delivery.
There’s a huge misconception about innovation, which is that it starts with some grand idea. The truth is that it typically begins with people collaborating and working together on ordinary ideas that transform into something innovative.
When I started FUBU, I didn't put three sleeves on my T-shirts. I didn't start trying to be “innovative.” I just did what I could with what I had, and the brand became more than what even I imagined it could be.
ISACA Now: What advice would you give somebody who has a business idea that he or she is excited about but is nervous about taking that entrepreneurial plunge?
Take affordable steps. You don't need to take great leaps of faith. Again, start with whatever you can afford to lose.
The idea is not to get over your fear of taking a plunge – it’s not to take a plunge at all. Baby steps; that way, you don’t hurt yourself too much when you run into problems. That way, you can survive your mistakes and live to take another step.
ISACA Now: What has it been like to be involved with Shark Tank, and what aspects of the show do you think resonate most with viewers?
It has been a great learning experience for me. I learn as much from the entrepreneurs as they learn from me sometimes.
What resonates with people? I think the show illustrates that the American Dream is still achievable. It shows that ordinary people can do extraordinary things if they're willing to act on their ideas.
Jan Babiak draws upon her decades of high-level career experience to work toward expanded opportunities for women working in technology – all the way to the top.
Babiak, a longtime ISACA member and board member with Walgreens Boots Alliance., Inc., Bank of Montreal and GHD Group, has made advocating for women advancing to upper management one of her core priorities. She is involved in the International Women’s Forum and Women Corporate Directors, among other organizations, in her efforts to connect women with leadership opportunities.
“There aren’t a lot of women who have been successful in the C-suite themselves available to help women make that last step, and that last step is actually one of the most difficult, so that’s an area I have real passion around,” Babiak said.
Babiak has encountered many of the barriers noted by respondents in The Future Tech Workforce: Breaking Gender Barriers report throughout her career, which included 28 years with EY – 20 of those based in London working in leadership roles related to information security and regulatory issues. She has been in hundreds of meetings – counting those with clients – in which she was the only woman, given the male-dominated state of the field.
“Sometimes I was welcome, but sometimes there was clear resentment or, worse yet, patronization,” Babiak said. “As I earned the right to influence who else would be admitted to leadership, I worked to sponsor the best talent, and that included both men and women in equal measure. Interestingly, I found I always had a much higher percentage of women in my leadership teams than my male peers, and our results were usually much better. Now that really feels great, and is a testament to the tangible benefits of diverse experiences.”
Babiak believes a comprehensive approach must be taken to seriously address a wide range of systemic issues that have created the gender disparity in the technology field.
“A great starting point is having measurement, transparency and accountability for gender equality at every level – in the schools, in the workplace, in government, etc.,” Babiak said. “Another key area of emphasis would include educating the parents and teachers of young girls about the opportunities in technology for their daughters. They are the greatest influence and, sadly, they often have biases that actively discourage interests in STEM related areas.”
In addition to promoting career advancement for women, Babiak directs much of her focus toward helping boards and senior management better understand cyber security priorities, as well as advising those on technical career paths how they can grow into management roles.
While Babiak has lived in Nashville, Tennessee, since 2010, she considers herself “a global citizen.” She returns to the United Kingdom several times a year and travels extensively on a global scale.
“It’s interesting seeing how wonderful it is when you mix the different experiences of people from different cultures and people with different challenges from a regulatory standpoint,” Babiak said. “To see how global the world is has been a tremendous and wonderful enlightenment for me. I wish everyone had that experience.”
I recently met a young woman in Ireland who was working toward a technology-oriented degree, and she recalled being among three women in her course at the beginning of the semester. By the end of the semester, she was the last woman standing.
My new acquaintance suspected that her female classmates wavered on continuing their course of study because their classes were so male-dominated. And who can blame them? While some women are more comfortable than others being vastly outnumbered, the shortage of female mentors and role models in the technology sector poses a major concern, further illuminated by ISACA’s The Future Tech Workforce: Breaking Gender Barriers report.
The scarcity of mentors and female role models were the main barriers to career advancement cited by the survey’s respondents, with workplace gender bias and unequal growth opportunities also rating among the main factors.
I can empathize with the respondents, having experienced more than my share of conferences and board meetings lacking friendly female faces. I recall attending one conference where I was one of two women among about 200 delegates.
While there has been occasional progress during my 25-plus years working in IT and information security, the gender disparity in the technology field remains pronounced – a source of major concern from both societal and workforce perspectives. A Deloitte Global projection indicated less than 25 percent of IT jobs in developed countries would be held by women at the close of 2016, and nearly 9 in 10 respondents to ISACA’s study indicated they are concerned with the number of women in the technology sector.
Addressing this gender gulf is everyone’s responsibility – men, women, employers, educators and industry associations such as ISACA, which last year launched its Connecting Women Leaders in Technology program. Promoting networking and mentorship is a key piece of the program. Women should be encouraged to be confident and persistent in pursuit of their technology careers, and a mentor in the field – whether male or female – can be the most effective person to make that case.
There also is much that enterprises can do, such as ensuring they are offering equitable pay for men and women and providing flexible working arrangements. Having ‘Keep in touch’ days when women are on maternity leave, in addition to encouraging professional development opportunities such as webinars and online courses, are other worthwhile ways to ensure that women remain connected to the organization while on leave.
In addition to promoting a more just society, enterprises have bottom-line motivation to hire and promote women. Research from The Peterson Institute for International Economics and EY shows that an organization with at least 30 percent female leaders could add up to 6 percentage points to its profit margin.
This does not surprise me. The women I have worked with are highly motivated, focused and encouraging of their colleagues. They are as knowledgeable – if not moreso – than their male counterparts.
Yet even at a time when more women are urgently needed, given the global shortage of skilled technology professionals, women still deal with too few career opportunities and too many barriers to advancement. Even as technology transforms the global economy at a staggering pace, we are still dealing with gender bias that hampered our mothers and grandmothers.
A challenge this large and this persistent can feel overwhelming, but there are steps each of us can take to make meaningful progress. If we are resolute, the day will come when our classrooms, offices and board rooms are filled with empowered women ready to make their mark on the technology workforce.
ISACA Now: You’re Southeast Region Geographic Information Systems Coordinator with the U.S. Fish & Wildlife Service; Partner at White Mile Consulting, LLC; and an adjunct professor at Tennessee Technological University – where do you find time for all of that?
JD: I have always been a strong proponent of time management. I work four 10-hour-days with the U.S. Fish & Wildlife Service in a role where I lead our Geographic Information Systems (GIS) program in the southeastern U.S. and the Caribbean. I also serve in an IT role with a focus on IT security and help desk issues. My GIS classes at Tennessee Technological University are taught in the evenings a few days a week after I get off from my primary job. I took the fifth day of the week to start a consulting firm to provide IT auditing, policy creation and penetration testing for commercial banks and credit unions, after working to support them on the side for years. When I am not at work, I spend all of that time with my family traveling or in family activities. I’ve never been one to sit idle and spend any time watching TV. I like to always be doing something and challenging myself. I guess I took that story that I could “grow up and be what I wanted to be” to be true.
ISACA Now: It’s an interesting combination of roles. How does all of that fit together with your skill set and interests?
JD: Geography and computers have fascinated me my entire life. I have always been able to stare at maps and envision layouts of cities and countries and picture them in my mind. From the moment I first opened my Commodore Vic 20 in 1982, I knew that I wanted to have a job where computers were my focus. I guess I was just lucky and in the right place at the right time to make that happen. I get to use some of the most powerful computers available to model our ever-changing planet and assist those working on solutions for the complex environmental and geographic challenges our society faces today. I mix in a strong IT background and travel to remote offices to configure and install servers, firewalls, web cams, and be a general jack-of-all trades.
ISACA Now: You have a lot of experience supporting small and medium businesses’ IT needs. What are some unique challenges – and opportunities – for smaller organizations from a technology standpoint?
JD: I started an IT firm on the side with a partner in 1993. That business grew to the point where it took my wife to help run it and another business partner along the way. We always focused on small-to-medium businesses and served their every need related to IT. … To a small business, all IT issues are vital. That means they care as much about their website most days as their paper shredder or point-of-sale. They need things that work and don't want to hear a bunch of mumbo-jumbo terms from someone acting like they are small fries in a big world. We all have skill sets that we would like to focus on, such as scripting or ethical hacking, but you have to be as excited troubleshooting a faulty motherboard as you are with a social engineering project or a new server virtualization project. The business owner does not understand the IT universe, and that is why they have you there to help. Treating them like they are a part of your own team goes a long way in developing a long-term partnership that creates long-term clients who trust you and need your constant input and services.
ISACA Now: You have several certifications, including ISACA’s CISA, CISM and CSXP certifications. What have each of those certifications added to your professional development?
JD: The first ISACA certification I earned was the CISA certification as I entered the IT auditing field. After completing dozens of audits, I decided to pursue CISM to deepen my IT management credibility based on experience in the field. I work on penetration testing, vulnerability assessments, social engineering and both physical and network security for clients, so the CSXP certification was the next logical step for me. The certification exam for CSXP was challenging and really was a good test of ability for the standards it sets to examine. My next endeavor is CRISC, and I am taking that exam in June 2017. I develop IT risk assessments, business impact assessments, disaster recovery plans and business continuity plans for clients, and the CRISC certification will complete the ISACA certifications that I think will position me to be a leader in my field and challenge me to attain the knowledge I need to do my job better and more effectively.
ISACA Now: What are a few skills that you consider especially critical to keep pace in the fast-moving worlds of IT audit and information security?
JD: Cyber security assessments and security awareness training and simulations for staff are critical. People are still the weakest link in IT security. A great IT staff can secure your network, but hackers are becoming more sophisticated with phishing attempts, and social engineering tests show just how easy it is to get yourself someplace you do not need to be. The proliferation of mobile devices and the disappearance of the desktop, and even many laptops, are making physical security of devices a real priority. With the decreasing physical size of storage media and the powerful devices that fit in your hand, it is too easy to lose devices and not be able to account for data. It is easy to count desktops and servers. Imagine trying to count USB drives, track smartphones that are upgraded on an annual basis and find the 256 GB micro SD card that is somewhere near your desk. Throw in the rapid migration to cloud services as software vendors move to software as a service, and the game just got real.
ISACA Now: What are your major interests outside work?
JD: My personal interests reflect the complex work arrangement I have. I love to restore old cars and have nine Mustangs, a Camaro, an old Ford pickup and a Trans Am. I tinker with them and three motorcycles every chance I get. It is fun to hop in a car with my wife and kids in the others and take a caravan trip. Restoring old cars is not a material thing. It’s the challenge of bringing a classic vehicle back from the dead and the accomplishment you get from doing it. Folks who restore anything will understand that statement. I’ve had my pilot’s license since 1993 and have a plane at an airport near the house that we escape to destinations unknown at times. That allows me to make trips quickly and lets one explore different places without getting tired of the same vacation destination. I love to collect and tinker with old clocks, as well, and collect Coca-Cola machines and memorabilia. My current project is setting up indoor and outdoor wireless access around my church, which is spread across a large area and three large buildings.
The rewards of a career in information technology include above-average compensation, advancement opportunities, intelligent peers and job satisfaction. Employers, to attract and retain talent, have become increasingly flexible about alternate schedules, remote work and family leave—benefits that appeal to many women.
If we look at trends during the past decade, women have not gravitated toward information technology in the increasing numbers that one might expect from an industry that offers the stability of ever-increasing growth and is experiencing a seller’s market (more jobs than qualified candidates), which is likely to continue.
However, according to the National Center for Education Statistics and The Washington Post, “Barely 18 percent of computer science degrees go to women.” And according to the US Bureau of Labor Statistics, 68 percent of women enroll in college (compared to 63 percent of men), and women increasingly outnumber men in college graduation rates. Yet, women still make up only a quarter of the tech industry workforce.
Much of this may stem from lack of exposure to computer science before and during college. Code.org’s research showed that nine out of 10 schools don't even offer computer science classes, and in 28 out of 50 states, computer science doesn't count toward a math or science credit. Girls account for about 46 percent of advanced placement calculus test-takers but approximately 80 percent of them don’t end up taking a computer science class.
Clearly, we have to do a better job encouraging girls to understand the benefits of a career in IT and let them know that they can excel while avoiding the “geek” label. Ideally this encouragement should start early, in the identity-forming phase of roughly 5 to 7 years of age. As the Academy Award-nominated movie Hidden Figures attests, women can be “wicked good” in IT.
This is more than an issue for the individual. Many countries—in particular India and China— require rigorous math and science training and urge their female students to choose related careers. The competitive posture of countries like the United States will continue to lose ground unless the issue is addressed. We have to engage the female workforce.
Once a woman has entered the IT workforce, she may face obstacles such as determining her career path, the availability of mentors, learning her market value, and developing a professional approach and style that balances confidence and assertiveness with collaboration and encouragement to others.
The upcoming webinar, “Self-Empowerment in Technology: Bootstrapping and Belief,” part of ISACA’s Connecting Women Leaders in Technology program, will address practical considerations: how women can be recognized for their intelligence and receive credit for their contributions, how they can learn and leverage their market value, and principles to apply in building a body of achievements that enable agility and continuing advancement. The webinar also will explore some self-limitations to avoid as well as positive adjustments that increase confidence and create a distinctive professional voice.
I hope you’ll join me for this important conversation.
Claudia Johnson always has had a knack for mathematics and statistics.
But even Johnson has trouble calculating the exact impact artificial intelligence and robotics will make on society. Her background qualifies her well to at least estimate.
“The opportunities through artificial intelligence and machine learning, particularly for security, are enormous,” Johnson says.
Johnson, an ISACA member and security specialist at Infoblox, spent about six years researching AI early in her career. She has continued to follow the field with great interest, saying she has come “full circle” given AI’s role in the cybersecurity space.
“Today I see machine learning making huge strides in IT security,” Johnson says. “One major advance in the world of today is that this approach is being combined with big data. This is an approach that will take us away from recognized, predictable threats and onto the plane of warding off zero days. The Infoblox Data Exfiltration detection algorithm based on machine learning and big data, for example, detects malicious activities where even next generation firewalls fail.”
After earning master’s and doctoral degrees – but ultimately tiring of academia – Johnson’s first job in the IT field was as a knowledge engineer at the Siemens Central Research division for artificial intelligence. Johnson found the material intriguing – especially as it pertained to how brains work and learning language – but noted that those involved in research today can leverage big data and other modern tools to accelerate their progress.
Johnson grew up in the United States – in the Seattle area – but has spent most of her adulthood in Germany, where she attained her Ph.D in Meteorology at Max-Planck-Institut. She briefly relocated to Australia for family reasons, and it was while there that fellow security professionals recommended that she join ISACA. Johnson is glad she did, calling it “a great way for me to further my security knowledge and network with other security colleagues.”
Although enthused about the potential of AI, Johnson shares a common concern that AI and robotics will displace a segment of the workforce.
“Robotics will change a lot of daily tasks,” Johnson says. “Entry level work like working at a cash register will disappear. Cleaning house, washing windows, will go down the same path. There will only be a privileged few who will still have well-paid jobs. What about the rest? How will they make ends meet?”
That sort of empathy is central to Johnson’s worldview. Upon returning to Munich from Australia last year, the flood of refugees who have entered Germany while she was away have made a profound impact on Johnson’s thoughts and priorities.
“Now that we as a family are back in central Europe, I would like to help with the refugee situation by volunteering,” says Johnson, who also counts hiking, bicycling and swimming among her interests. “A number of our personal friends are helping out – in small ways - and it is the small things that can add up.”
Johnson also is passionate about encouraging more women to enter the IT security realm.
“My current personal goal is to give back to the community, both in terms of social responsibility as well as IT security,” Johnson says.
Editor’s note: ISACA’s family of more than 140,000 members and certification holders consists of truly outstanding individuals who are making significant contributions to the profession and the world. Watch for more stories like Claudia’s coming soon, and contact [email protected] if you have a member story you’d like to share. If you are not a member, consider joining our community. View the ISACA Member Advantage here.
Much of Phillimon Zongo’s youth was spent walking or running great distances barefoot, sometimes en route to school, other times scouring the township for empty cola bottles he could sell for change. Whatever the distance, Zongo was determined to find a way to afford food to fill his belly and knowledge to fill his brain.
Zongo’s first pair of shoes came when he was 12, prompting months of adjusting his steps to acclimate to the new sensation. But with or without footwear, in warm or wintry conditions, traversing the roads of rural Zimbabwe often was preferable to being home, where he and his large family lived in poverty.
His living conditions deteriorated further as a teenager. Needing affordable housing closer to his new school, Zongo moved away from his family at the age of 14 and shared a bleak, squalid structure – lacking water, electricity and with a makeshift door that would not lock – with fellow tenants who often became embroiled in jarring verbal and physical clashes with visitors.
During his youth, Zongo hid his living conditions from friends for fear of being bullied. Now that he has ascended to remarkable heights – personally and professionally – the ISACA member revisits his upbringing with pride.
“It’s not painful at all,” Zongo says. “Like so many kids, we were born into these situations. It was never our choice. My parents were loving and supportive, and I greatly appreciate that. They were also born into poverty, but they did all they could so that we would lead better lives. Would I have loved to get my first pair of shoes much earlier in life? Of course, yes, but that was beyond my control. What matters is I managed to make do with what I had, and I am here now.”
These days, here is Sydney, Australia, where Zongo is a successful cyber security consultant in the financial services industry. In October, Zongo was honored by the ISACA Sydney Chapter as Best Governance Professional of 2016, reflecting recognition from industry peers about the thought leadership he has contributed to the profession. That includes a 2016 article on managing cloud risk in the ISACA Journal; another ISACA Journal article, this one on opportunities and risks of automation, published this January.
“I have accomplished so many other things, but this is close to my heart given the importance of education to my life and how ISACA opened so many doors to me,” Zongo says. “I feel so privileged to be able to give back.”
Zongo’s life story, he says, “is not complete without ISACA.” His successful pursuit of Certified Information Systems Auditor (CISA) certification bolstered Zongo’s qualifications for his first position as an enterprise risk services consultant with Deloitte.
“Pursuing my CISA qualification was one of the most game-changing decisions I ever made,” Zongo says. “It afforded me the opportunity to work for some of the most respected global brands and connected me with a global network of highly accomplished professionals. Mostly importantly, it instilled in me high ethical standards, essential to retain the high levels of trust and confidence the society places on our profession.”
The Deloitte opportunity helped Zongo grow into a polished professional, as he quickly adjusted to corporate dress codes and navigating the etiquette of taking clients out for lunch.
“The problem is that society gives people labels, and these I have had to actively resist,” Zongo says. “If you are from the country they call you unpolished, in a way that suggests you can never attain polish. These, if left unchecked, can precipitate self-hate or undermine your confidence.”
Two years after starting with Deloitte, Zongo accepted a consultant position at PwC Australia in 2007. Zongo arrived in Australia with only $300 Australian in his pocket, but he was unfazed, having known much greater financial hardship throughout his life. The ability to anticipate a reliable paycheck outweighed the intense homesickness that marked his first several months in Australia.
Just as Zongo maintained laser focus on his education during his tumultuous youth, he did not allow his new environs to deter him from his career goals. He joined a prominent Australian financial services company as an IT risk manager in 2011 and now is a security consultant there. In recent years, Zongo has become particularly passionate about raising the profile of cyber risk among business leaders.
The resolve he summoned as a youth continues to serve him well. Zongo emphasizes that no matter how much he struggled during his youth, he never felt alone. While some acquaintances from his childhood were able to rise above their difficult circumstances, many, he says, remain “trapped in despair and hopelessness.” Securing a more fulfilling future required a tenacious desire to break the cycle of poverty that afflicted his family for generations.
“I believe we are all born with innate abilities to persevere and overcome life challenges,” Zongo says. “But passion by itself accomplishes nothing; to succeed you need a great deal of stubbornness. Especially where I grew up, you have to overcome these challenges over a long period of time. Perseverance and courage are virtues you nurture through practice.”
About a year after his move to Australia, Zongo married his fiancée from Zimbabwe. He and his wife, Fadzi, have two children – daughter Nyasha Valerie, 3, and a baby boy, Mukundi Christian. In addition to the joy he finds in his work and family commitments, Zongo likes to play golf – a largely unaffordable pastime in Zimbabwe – both for fun and for networking. He is skilled enough to have won several local club competitions, but is more proud of a golf fundraiser he organizes annually to raise money to repair dilapidated infrastructure at his old high school in Zimbabwe, pay fees for underprivileged kids and meet other special needs.
In addition to having earned the CISA, Zongo has passed the Certified Information Security Manager (CISM) exam, and remains grateful that ISACA “has helped me turn my story into one of determination, hard work and passion.”
“The odds were stacked against me, but if I made any excuses – or felt sorry for myself – I would never be speaking to you today,” Zongo says. “I had clear goals in mind, to eventually be able to live a dignified life and support my family, and nothing mattered more to me. I also was fortunate to have individuals who supported me and advocated for my success, and as I walked through the filthy township streets, I knew one thing for certain: I would never let them down.”
Editor’s note: ISACA’s family of more than 140,000 members and certification holders consists of truly outstanding individuals who are making significant contributions to the profession and the world. Watch for more stories like Phillimon’s coming soon, and contact [email protected] if you have a member story you’d like to share. If you are not a member, consider joining our community. View the ISACA Member Advantage here.