Other Blogs
There are no items in this list.
Knowledge & Insights > ISACA Now > Categories
Faces of ISACA: Meet Jason Duke, CISA, CISM, CSXP

ISACA Now: You’re Southeast Region Geographic Information Systems Coordinator with the U.S. Fish & Wildlife Service; Partner at White Mile Consulting, LLC; and an adjunct professor at Tennessee Technological University – where do you find time for all of that?

JD: I have always been a strong proponent of time management. I work four 10-hour-days with the U.S. Fish & Wildlife Service in a role where I lead our Geographic Information Systems (GIS) program in the southeastern U.S. and the Caribbean. I also serve in an IT role with a focus on IT security and help desk issues. My GIS classes at Tennessee Technological University are taught in the evenings a few days a week after I get off from my primary job. I took the fifth day of the week to start a consulting firm to provide IT auditing, policy creation and penetration testing for commercial banks and credit unions, after working to support them on the side for years. When I am not at work, I spend all of that time with my family traveling or in family activities. I’ve never been one to sit idle and spend any time watching TV. I like to always be doing something and challenging myself. I guess I took that story that I could “grow up and be what I wanted to be” to be true.

ISACA Now: It’s an interesting combination of roles. How does all of that fit together with your skill set and interests?

JD: Geography and computers have fascinated me my entire life. I have always been able to stare at maps and envision layouts of cities and countries and picture them in my mind. From the moment I first opened my Commodore Vic 20 in 1982, I knew that I wanted to have a job where computers were my focus. I guess I was just lucky and in the right place at the right time to make that happen. I get to use some of the most powerful computers available to model our ever-changing planet and assist those working on solutions for the complex environmental and geographic challenges our society faces today. I mix in a strong IT background and travel to remote offices to configure and install servers, firewalls, web cams, and be a general jack-of-all trades.

ISACA Now: You have a lot of experience supporting small and medium businesses’ IT needs. What are some unique challenges – and opportunities – for smaller organizations from a technology standpoint?

JD: I started an IT firm on the side with a partner in 1993. That business grew to the point where it took my wife to help run it and another business partner along the way. We always focused on small-to-medium businesses and served their every need related to IT. … To a small business, all IT issues are vital. That means they care as much about their website most days as their paper shredder or point-of-sale. They need things that work and don't want to hear a bunch of mumbo-jumbo terms from someone acting like they are small fries in a big world. We all have skill sets that we would like to focus on, such as scripting or ethical hacking, but you have to be as excited troubleshooting a faulty motherboard as you are with a social engineering project or a new server virtualization project. The business owner does not understand the IT universe, and that is why they have you there to help. Treating them like they are a part of your own team goes a long way in developing a long-term partnership that creates long-term clients who trust you and need your constant input and services.

ISACA Now: You have several certifications, including ISACA’s CISA, CISM and CSXP certifications. What have each of those certifications added to your professional development?

JD: The first ISACA certification I earned was the CISA certification as I entered the IT auditing field. After completing dozens of audits, I decided to pursue CISM to deepen my IT management credibility based on experience in the field. I work on penetration testing, vulnerability assessments, social engineering and both physical and network security for clients, so the CSXP certification was the next logical step for me. The certification exam for CSXP was challenging and really was a good test of ability for the standards it sets to examine. My next endeavor is CRISC, and I am taking that exam in June 2017. I develop IT risk assessments, business impact assessments, disaster recovery plans and business continuity plans for clients, and the CRISC certification will complete the ISACA certifications that I think will position me to be a leader in my field and challenge me to attain the knowledge I need to do my job better and more effectively.

ISACA Now: What are a few skills that you consider especially critical to keep pace in the fast-moving worlds of IT audit and information security?

JD: Cyber security assessments and security awareness training and simulations for staff are critical. People are still the weakest link in IT security. A great IT staff can secure your network, but hackers are becoming more sophisticated with phishing attempts, and social engineering tests show just how easy it is to get yourself someplace you do not need to be. The proliferation of mobile devices and the disappearance of the desktop, and even many laptops, are making physical security of devices a real priority. With the decreasing physical size of storage media and the powerful devices that fit in your hand, it is too easy to lose devices and not be able to account for data. It is easy to count desktops and servers. Imagine trying to count USB drives, track smartphones that are upgraded on an annual basis and find the 256 GB micro SD card that is somewhere near your desk. Throw in the rapid migration to cloud services as software vendors move to software as a service, and the game just got real.

ISACA Now: What are your major interests outside work?

JD: My personal interests reflect the complex work arrangement I have. I love to restore old cars and have nine Mustangs, a Camaro, an old Ford pickup and a Trans Am. I tinker with them and three motorcycles every chance I get. It is fun to hop in a car with my wife and kids in the others and take a caravan trip. Restoring old cars is not a material thing. It’s the challenge of bringing a classic vehicle back from the dead and the accomplishment you get from doing it. Folks who restore anything will understand that statement. I’ve had my pilot’s license since 1993 and have a plane at an airport near the house that we escape to destinations unknown at times. That allows me to make trips quickly and lets one explore different places without getting tired of the same vacation destination. I love to collect and tinker with old clocks, as well, and collect Coca-Cola machines and memorabilia. My current project is setting up indoor and outdoor wireless access around my church, which is spread across a large area and three large buildings.

IT Careers = Money, Advancement and Job Satisfaction. Why Aren’t More Women Pursuing Them?

The rewards of a career in information technology include above-average compensation, advancement opportunities, intelligent peers and job satisfaction. Employers, to attract and retain talent, have become increasingly flexible about alternate schedules, remote work and family leave—benefits that appeal to many women.

If we look at trends during the past decade, women have not gravitated toward information technology in the increasing numbers that one might expect from an industry that offers the stability of ever-increasing growth and is experiencing a seller’s market (more jobs than qualified candidates), which is likely to continue.

However, according to the National Center for Education Statistics and The Washington Post, “Barely 18 percent of computer science degrees go to women.” And according to the US Bureau of Labor Statistics, 68 percent of women enroll in college (compared to 63 percent of men), and women increasingly outnumber men in college graduation rates. Yet, women still make up only a quarter of the tech industry workforce.

Much of this may stem from lack of exposure to computer science before and during college. Code.org’s research showed that nine out of 10 schools don't even offer computer science classes, and in 28 out of 50 states, computer science doesn't count toward a math or science credit. Girls account for about 46 percent of advanced placement calculus test-takers but approximately 80 percent of them don’t end up taking a computer science class.

Clearly, we have to do a better job encouraging girls to understand the benefits of a career in IT and let them know that they can excel while avoiding the “geek” label. Ideally this encouragement should start early, in the identity-forming phase of roughly 5 to 7 years of age. As the Academy Award-nominated movie Hidden Figures attests, women can be “wicked good” in IT.

This is more than an issue for the individual. Many countries—in particular India and China— require rigorous math and science training and urge their female students to choose related careers.  The competitive posture of countries like the United States will continue to lose ground unless the issue is addressed. We have to engage the female workforce.

Once a woman has entered the IT workforce, she may face obstacles such as determining her career path, the availability of mentors, learning her market value, and developing a professional approach and style that balances confidence and assertiveness with collaboration and encouragement to others.

The upcoming webinar, “Self-Empowerment in Technology: Bootstrapping and Belief,” part of ISACA’s Connecting Women Leaders in Technology program, will address practical considerations: how women can be recognized for their intelligence and receive credit for their contributions, how they can learn and leverage their market value, and principles to apply in building a body of achievements that enable agility and continuing advancement. The webinar also will explore some self-limitations to avoid as well as positive adjustments that increase confidence and create a distinctive professional voice. 

I hope you’ll join me for this important conversation.

Member Profile: Johnson’s Interest in AI Has Come ‘Full Circle’

Claudia Johnson always has had a knack for mathematics and statistics.

But even Johnson has trouble calculating the exact impact artificial intelligence and robotics will make on society. Her background qualifies her well to at least estimate.

“The opportunities through artificial intelligence and machine learning, particularly for security, are enormous,” Johnson says.

Johnson, an ISACA member and security specialist at Infoblox, spent about six years researching AI early in her career. She has continued to follow the field with great interest, saying she has come “full circle” given AI’s role in the cybersecurity space.

“Today I see machine learning making huge strides in IT security,” Johnson says. “One major advance in the world of today is that this approach is being combined with big data. This is an approach that will take us away from recognized, predictable threats and onto the plane of warding off zero days. The Infoblox Data Exfiltration detection algorithm based on machine learning and big data, for example, detects malicious activities where even next generation firewalls fail.”

After earning master’s and doctoral degrees – but ultimately tiring of academia – Johnson’s first job in the IT field was as a knowledge engineer at the Siemens Central Research division for artificial intelligence. Johnson found the material intriguing – especially as it pertained to how brains work and learning language – but noted that those involved in research today can leverage big data and other modern tools to accelerate their progress.

Johnson grew up in the United States – in the Seattle area – but has spent most of her adulthood in Germany, where she attained her Ph.D in Meteorology at Max-Planck-Institut. She briefly relocated to Australia for family reasons, and it was while there that fellow security professionals recommended that she join ISACA. Johnson is glad she did, calling it “a great way for me to further my security knowledge and network with other security colleagues.”

Although enthused about the potential of AI, Johnson shares a common concern that AI and robotics will displace a segment of the workforce.

“Robotics will change a lot of daily tasks,” Johnson says. “Entry level work like working at a cash register will disappear. Cleaning house, washing windows, will go down the same path. There will only be a privileged few who will still have well-paid jobs. What about the rest? How will they make ends meet?”

That sort of empathy is central to Johnson’s worldview. Upon returning to Munich from Australia last year, the flood of refugees who have entered Germany while she was away have made a profound impact on Johnson’s thoughts and priorities.

“Now that we as a family are back in central Europe, I would like to help with the refugee situation by volunteering,” says Johnson, who also counts hiking, bicycling and swimming among her interests. “A number of our personal friends are helping out – in small ways - and it is the small things that can add up.”

Johnson also is passionate about encouraging more women to enter the IT security realm.

“My current personal goal is to give back to the community, both in terms of social responsibility as well as IT security,” Johnson says.

Editor’s note: ISACA’s family of more than 140,000 members and certification holders consists of truly outstanding individuals who are making significant contributions to the profession and the world. Watch for more stories like Claudia’s coming soon, and contact [email protected] if you have a member story you’d like to share. If you are not a member, consider joining our community. View the ISACA Member Advantage here.

"My life story is not complete without ISACA"

Much of Phillimon Zongo’s youth was spent walking or running great distances barefoot, sometimes en route to school, other times scouring the township for empty cola bottles he could sell for change. Whatever the distance, Zongo was determined to find a way to afford food to fill his belly and knowledge to fill his brain.

Zongo’s first pair of shoes came when he was 12, prompting months of adjusting his steps to acclimate to the new sensation. But with or without footwear, in warm or wintry conditions, traversing the roads of rural Zimbabwe often was preferable to being home, where he and his large family lived in poverty.

His living conditions deteriorated further as a teenager. Needing affordable housing closer to his new school, Zongo moved away from his family at the age of 14 and shared a bleak, squalid structure – lacking water, electricity and with a makeshift door that would not lock – with fellow tenants who often became embroiled in jarring verbal and physical clashes with visitors.

During his youth, Zongo hid his living conditions from friends for fear of being bullied. Now that he has ascended to remarkable heights – personally and professionally – the ISACA member revisits his upbringing with pride.

“It’s not painful at all,” Zongo says. “Like so many kids, we were born into these situations. It was never our choice. My parents were loving and supportive, and I greatly appreciate that. They were also born into poverty, but they did all they could so that we would lead better lives. Would I have loved to get my first pair of shoes much earlier in life? Of course, yes, but that was beyond my control. What matters is I managed to make do with what I had, and I am here now.”

These days, here is Sydney, Australia, where Zongo is a successful cyber security consultant in the financial services industry. In October, Zongo was honored by the ISACA Sydney Chapter as Best Governance Professional of 2016, reflecting recognition from industry peers about the thought leadership he has contributed to the profession. That includes a 2016 article on managing cloud risk in the ISACA Journal; another ISACA Journal article, this one on opportunities and risks of automation, published this January.

“I have accomplished so many other things, but this is close to my heart given the importance of education to my life and how ISACA opened so many doors to me,” Zongo says. “I feel so privileged to be able to give back.”

Zongo’s life story, he says, “is not complete without ISACA.” His successful pursuit of Certified Information Systems Auditor (CISA) certification bolstered Zongo’s qualifications for his first position as an enterprise risk services consultant with Deloitte.

“Pursuing my CISA qualification was one of the most game-changing decisions I ever made,” Zongo says. “It afforded me the opportunity to work for some of the most respected global brands and connected me with a global network of highly accomplished professionals. Mostly importantly, it instilled in me high ethical standards, essential to retain the high levels of trust and confidence the society places on our profession.”

The Deloitte opportunity helped Zongo grow into a polished professional, as he quickly adjusted to corporate dress codes and navigating the etiquette of taking clients out for lunch.

“The problem is that society gives people labels, and these I have had to actively resist,” Zongo says. “If you are from the country they call you unpolished, in a way that suggests you can never attain polish. These, if left unchecked, can precipitate self-hate or undermine your confidence.”

Two years after starting with Deloitte, Zongo accepted a consultant position at PwC Australia in 2007. Zongo arrived in Australia with only $300 Australian in his pocket, but he was unfazed, having known much greater financial hardship throughout his life. The ability to anticipate a reliable paycheck outweighed the intense homesickness that marked his first several months in Australia.

Just as Zongo maintained laser focus on his education during his tumultuous youth, he did not allow his new environs to deter him from his career goals. He joined a prominent Australian financial services company as an IT risk manager in 2011 and now is a security consultant there. In recent years, Zongo has become particularly passionate about raising the profile of cyber risk among business leaders.

The resolve he summoned as a youth continues to serve him well. Zongo emphasizes that no matter how much he struggled during his youth, he never felt alone. While some acquaintances from his childhood were able to rise above their difficult circumstances, many, he says, remain “trapped in despair and hopelessness.” Securing a more fulfilling future required a tenacious desire to break the cycle of poverty that afflicted his family for generations.

“I believe we are all born with innate abilities to persevere and overcome life challenges,” Zongo says. “But passion by itself accomplishes nothing; to succeed you need a great deal of stubbornness. Especially where I grew up, you have to overcome these challenges over a long period of time. Perseverance and courage are virtues you nurture through practice.”

About a year after his move to Australia, Zongo married his fiancée from Zimbabwe. He and his wife, Fadzi, have two children – daughter Nyasha Valerie, 3, and a baby boy, Mukundi Christian. In addition to the joy he finds in his work and family commitments, Zongo likes to play golf – a largely unaffordable pastime in Zimbabwe – both for fun and for networking. He is skilled enough to have won several local club competitions, but is more proud of a golf fundraiser he organizes annually to raise money to repair dilapidated infrastructure at his old high school in Zimbabwe, pay fees for underprivileged kids and meet other special needs.

In addition to having earned the CISA, Zongo has passed the Certified Information Security Manager (CISM) exam, and remains grateful that ISACA “has helped me turn my story into one of determination, hard work and passion.”

“The odds were stacked against me, but if I made any excuses – or felt sorry for myself – I would never be speaking to you today,” Zongo says. “I had clear goals in mind, to eventually be able to live a dignified life and support my family, and nothing mattered more to me. I also was fortunate to have individuals who supported me and advocated for my success, and as I walked through the filthy township streets, I knew one thing for certain: I would never let them down.”

Editor’s note: ISACA’s family of more than 140,000 members and certification holders consists of truly outstanding individuals who are making significant contributions to the profession and the world. Watch for more stories like Phillimon’s coming soon, and contact [email protected] if you have a member story you’d like to share. If you are not a member, consider joining our community. View the ISACA Member Advantage here.

2016 Accomplishments Poised to Drive 2017 Growth

We hope 2017 finds you ready for another year of challenges, opportunities and achievements—much like the year we all have just enjoyed.

In 2016, ISACA moved forward as an organization with the support of its 215 chapters around the world working to increase our visibility, influence and impact, locally and globally.  Perhaps most encouraging is the progress we are making as a valued professional community, which has occurred amidst rapid changes and increasing complexity in and around our key fields of interest—audit/assurance, information and cyber security, governance and risk. Highlights from 2016 included:

  • The growth of our community to 159,000 constituents worldwide;
  • A very inspirational and successful Global Leadership Summit (GLS) that brought together over 400 ISACA chapter, member and staff leaders in April, and has resulted in ongoing input on both ISACA’s current efforts and how best to shape the future of our organization;
  • Regional expansion of ISACA events: Our first Africa CACS conference was held in Nairobi, Kenya, in August. Two new cyber security conferences took place in November: CSX Asia Pacific in Singapore and CSX Europe in London;
  • Completion of the development work required to support the 2017 transition from paper-based to computer-based testing for ISACA’s core certifications (CISA, CISM, CRISC, CGEIT);
  • ISACA’s acquisition of CMMI, with plans to accelerate ISACA’s reach in fast-growing economies, including China and India, and to better engage and deliver solutions to enterprises, while highlighting the value members of our professional community deliver;
  • ISACA’s significantly increased engagement with government, including the EU, US, India, Israel, Jordan, China, Kenya and Singapore, with many others expressing interest or initiating a dialogue;
  • The launch of ISACA’s Connecting Women Leaders in Technology program, which has been well-received across our professional community, and offers opportunities to extend its impact going forward into 2017 and beyond;
  • Established business development initiatives to grow relationships with organizations that employ professionals in our community worldwide;
  • The recent deployment of the ISACA Member and Customer Experience Center which, in its first two months of operation, has already significantly improved response time and overall service levels, including reducing certification application processing time from eight weeks to three weeks, and responding to email inquiries in less than 72 hours.

The above is a small subset of all that has happened over the past year. These highlights, along with many other contributions and accomplishments, have helped lay the foundations for a very promising year ahead. In 2017, we will again expand our education and training programs; increase our research efforts and publications output; grow our collaboration with government, industry, and other strategic partners; launch a new digital presence; enhance member and customer service levels; and begin planning our 50th anniversary, with an aim of using this 2019 milestone as a means to further increase the visibility of our professions and to build our workforce of the future.

While our anticipated growth in 2017 will occur in a world that remains unsettled, we believe ISACA’s professional community is ready to meet the challenges that will ensue, and turn these challenges into opportunities in the spirit of ISACA’s purpose to help enterprises and people realize the positive potential of technology. We thank all of you for your support and efforts to date, and as we begin 2017, we wish you all a safe, healthy, productive and prosperous year ahead.

Training:  The Missing Ingredient for IT Success

Over the years, it has come to my attention that few industries innovate faster than IT. And while I am surrounded by many of these changes in my everyday life, I try not to underestimate the value of ongoing training and how it improves my skill set and could potentially open up new career opportunities.

Regular IT training is by far one of the single most valuable things I do on a regular basis.

Benefits of Ongoing Training
I will admit that I do not like the word “training.” It takes me back to being a student in a structured classroom setting. But training really is a positive thing. It is what gives us the knowledge and skills necessary to complete the tasks and objectives we face in our jobs.

With that being said, here are some of the biggest benefits that I have found in committing to ongoing training.

  • Less supervision. When you know what you are doing and have the knowledge to handle any issue, you no longer need someone looking over your shoulder. As a result, you will find that one of the direct benefits of training is less supervision.
  • Growth and salary opportunities. The more you train, the more skilled you will become. This ultimately will open up the door for new opportunities and career advancement. As a by-product, ongoing training can lead to higher salaries.
  • Increased satisfaction. If you are good at your job, you are more likely to enjoy it. This leads to more happiness and satisfaction in your daily job—benefits that cannot be purchased.

Invest in training and you are sure to reap positive and tangible rewards that will benefit your career for years to come.

How to Make Training a Habit
The occasional training session and brief seminar will not do you much good—at least it does not for me. In order for training to provide benefits, it needs to be a priority.

Here are some of the ways I have made training a consistent habit in my life:

  • Carve out consistent time. The most important thing is that you make time for training. “Pick a consistent time and set a reminder,” suggests CBT Nuggets, a leader in online IT training. “Maybe it’s right after breakfast, during lunch, or right when you get home from work. Whatever time will work best for you, be consistent and set a reminder. By using multiple cues (time and sound), you will increase the motivators that will move you to train.”
  • Involve others. It is much easier to make training a priority when you have others involved. While you do not necessarily need to do the training with other people, consider launching your individual training at the same time as a friend or coworker’s training. This provides some accountability and keeps you on track.
  • Choose something interesting. Learning is always much more fun when you are actually interested in the topic at hand. When choosing different ongoing training programs and curriculum, go with topics that you like—or topics that you want to know more about. I know I am much more likely to stay on track if the subject intrigues me and holds my interest.

Anyone can make training a habit. The key is to set up a foundation in which success is more likely than failure.

Keep Moving Forward
As motivated people often say, “If you aren’t moving forward, you’re going backwards.” In other words, because technology advances so quickly, sitting still is the equivalent of backtracking.

Well, the good news is that it does not take much time or effort to move forward in the IT world. You already have most of the knowledge you need! All that is necessary is ongoing training on a consistent basis. It has taken time and effort, but I have made it a part of my weekly schedule. I am confident that you can do the same!

Editor’s note:  ISACA offers numerous training and education opportunities. For more information click here and click here for CSX training information.

CSX Europe Illuminates Key Cyber Security Insights and Advancements

ISACA’s inaugural CSX Europe conference convened last week in London, and I had the privilege of serving as emcee. During a panel discussion on the second day of the conference, Mark Sayers of the UK’s Cabinet Office discussed the announcement that morning of the UK Government’s £1.9bn investment in a national cybersecurity strategy—a strategy that makes clear the UK’s preparedness for cyber attacks and will include a cyber security skills strategy. Sayers made it clear that organizations like ISACA are extremely important to further the initiative.

The cyber security event left a strong impression on attendees, including several critical takeaways:

  •  Collaboration is critical. Intel’s Raj Samani emphasized collaboration and communication to best contend with today’s threat landscape. Professionals on the more technical side need to be able to communicate with business decision-makers and other stakeholders to effectively solve problems. As speaker Aviram Zrahia notes, “one company’s detection become another’s protection.”
  •  Internet of Things devices pose new security challenges. Security professionals are capable of preventing attacks, but consumers need to understand that connected devices have security vulnerabilities. Justine Bone, director and CEO, MedSec, presented the findings of ISACA’s new firmware security report, highlighting how easy it is for security to be overlooked when creating IoT devices.
  •  New solutions are needed. In closing the conference, technology futurist Simon Moores observed that organisations will no longer be able to handle the scale of cyber threats alone. In many cases, automated, cloud-based solutions involving artificial intelligence (AI) will be part of the solution, though there is no substitute for developing a highly skilled workforce.

The conference also provided another valuable networking opportunity through ISACA’s Connecting Women Leaders in Technology program, which is helping to advance female leadership within the global technology workforce.

Editor’s note: Additional insights from global security experts will be on display at CSX 2016 Asia Pacific, set to make its debut 14-16 November in Singapore. Next year’s CSX Europe conference will take place in London on 30 October-1 November 2017.

A Nightmare on Big Data Street

Do you like scary movies? - Scream (1996)

Well I do. One of my favorite scary movies is “The Sixth Sense.” There is a famous scene in this movie, where a horrified child admits to his friend that he sees dead people. Do you recall it? While hiding half of his face under a blanket like a toddler, he whispers:  “I see dead people, all the time. They are everywhere.”

That scene reminds me of some of the executives and managers that I often cross paths with when I ask them about their data analytics practice. The look on their faces brings me right back to that movie scene, but instead they say:  “We see big data, all the time. It is everywhere.”

And then part of me wants to be sympathetic, hold their hands and say: “Yes, I know dear. Big data can be scary. Fear no more as I know some people that can help you. They have cool colored promotional paper saying so!” But then the auditor and data geek in me makes me quickly snap out of it and probe them:  “Are you sure what you see is actually big data?”

I call this “Big Spooky Data Syndrome.” See, if your data doesn’t make you feel like you are standing on slippery stones in a rushing torrent, trying to catch a fish bare-handed, with no idea whether there is fish in it at all; then, my friend you, most likely DO NOT have big data, at least not yet.

As in a torrent, volume (or size) is just a part of it. Let’s recap the definition of ‘torrent’:

Now let us adapt it to big data:  A strong and fast-moving stream of multi-structured data.

“You are going to need a bigger boat.” Jaws (1975)

Not sure yet? Muzamil Riffat touched on the topic in his article “Big Data – Not a Panacea” for the ISACA Journal by covering the characteristics of big data, which are also known as the “Vs” of big data:  volume, velocity and variety. Since then, IBM coined veracity as the fourth V, referring to the uncertainty of the data.

And to assist you even further, here are few questions to help you understand if your company has indeed big data based on these “Vs”:

☑ Is it too large for a MySQL database?
☑ Is your data a Frankenstein, spread over multiple files, servers and/or geographical locations?
☑ Does your data have a much longer and uncertain life span?
☑ Can you easily recover your data in the case of corruption without having to re-perform any transformation?
☑ Does it contain audio, videos or images?
☑ Does it require immediate response, like high-frequency trading (HFT)?
☑ Is it being generated in real-time, like social media platforms, IoT or other internal sensors?
☑ Do you need a transformation tool to make it identifiable and legible?
☑ Do you need a reduction tool to make it more manageable?
☑ Is the range of potential correlations and relationships between disparate data sources too great for any analyst to test all hypotheses?

Furthermore, since big data is noisy, highly interrelated and unreliable, machine learning techniques are most often applied instead of data mining techniques. And this is why data scientists are often required.

So if you don’t have big data, what do you have? Small data? Hold your horses, cowboy, the term small data is now being used to describe a new breed of data. As Deborah Estrin stated at TEDMED 2013, "Small data are derived from our individual digital traces. We generate these data because most of us mediate or at least accompany our lives with mobile technologies. As a result, we all leave a 'trail of breadcrumbs' behind us with our digital service providers, which together create our digital traces." In summary, big data is about machine and processes while small data is about people.

Therefore, shall we here agree in calling non-big/small data just organization data? Or enterprise data, if you will?

With all the buzz around big data, it is understandable that many still get confused about the term and conclude that:  (1) their data classifies as big data, and (2) that a high-science big data solution must be the only legitimate way to approach data analytics.

And since deploying big data analytics can be daunting and expensive, analysis-paralysis is often the outcome causing companies to completely overlook and under-leverage existent enterprise data with much easier to deploy analytics.

“You cannot run from this, it will follow you. It may lay dormant for years. Something may trigger it to become more active and it may over time reach out to communicate with you.” - Paranormal Activity (2007)

Enterprise data analytics can still deliver a lot of value, since the data already exists it is in good shape and well understood. I believe companies that first mature their current data strategy, governance and enterprise data analytics have greater chance in succeeding with big data analytics later on.

And even when companies do have big data, I personally believe that many are being bullied by the hype and vendors onto moving too quickly to adopt big data analytics. They show up at your door offering the dream to enable better decision making and competitive advantage. And like the Borgs in a good old Star Trek episode, they assimilate you because, without proper knowledge, resistance is indeed futile.

“The box…You opened it, we came.” Hellraiser (1987)

News flash:  Better and smarter business decisions aren’t guaranteed, no matter the size of your data. Having all the data and more of it doesn’t do much good if one isn’t asking the right business questions or simply doesn’t understand underlying assumptions–not all numbers are created equally; some are more reliable than others. But this is a subject to be explored in a separate future article.

A premature adoption of big data analytics can cause way more damage as it can introduce additional risks, such as privacy. Not all companies are equipped to make use of big data analytics. Some may be missing key skills in their existing personnel, or they may be missing critical portions of the technological ecosystem.

In summary, my point is that big data analytics might not be applicable to your organization, and if it is, don’t be bullied into adopting it right away as it isn’t mandatory. However, not doing any sort of data analytics in this data age would be the same as continuing to stock buggy whips once the car has been invented.

And If you need help starting it up, as I mentioned previously, I know some savvy people with cool colored promotional papers that can help you out.

“Whatever you do, don’t fall asleep”A Nightmare on Elm Street (1984)

References:
Davenport, Tom; “Big Data vs. Small Data Analytics,” MSI.org, 3 December 2012
Dell’Anno, Vince; “For Businesses, It’s Worth Jumping Into the Big Data Torrent,” Wired.com, 25 September 2014
IT Business Edge, “Five Ways to Know if Your Challenge Is Big Data or Lots of Data”
Pollock, Ryan; “Beyond Big Data vs. Small Data: how to get to Smart Data,” GroupSolver.com, 29 May 2015
Riffat, Muzamil; “Big Data—Not a Panacea,” ISACA Journal, Volume 3, 2014

Formation of ISACA Student Groups in Melbourne

The thought of starting an ISACA student group in Melbourne emerged when my son was at university. I felt he needed to interact at Melbourne Chapter events and learn beyond the classroom. I encouraged him to enroll as an ISACA student member to allow him to network, learn, attend chapter events and connect with a few professionals as mentors.

I then started networking with the academic community at various universities in Melbourne and was fortunate enough to set up 3 ISACA student chapters at the following Melbourne universities:

  1. Deakin University—Recognized in October 2013, this was the first student chapter in the Oceania region.
  2. Royal Melbourne Institute of Technology (RMIT) University—Recognized in October 2014, this was the second student chapter in the Oceania region.
  3. Swinburne University of Technology—Recognized in October 2015, this was the fourth student chapter in the Oceania region and the third student chapter in Melbourne.

The faculty members and students at all 3 universities were very supportive when I approached them about forming an ISACA student group. Currently, discussions are on with the other universities in Melbourne to set up local student chapters.

To establish the student groups and obtain official recognition from ISACA headquarters I took the following steps:

  1. An academic relations coordinator, the person responsible for academic relations, or volunteer(s) from the local chapter board should coordinate with the academic community and liaise with ISACA headquarters.
  2. Get in touch with university lecturers or faculty members to see if they are interested in becoming Advocate members of ISACA. Explain the benefits of membership, opportunities, etc.
  3. Encourage the faculty member to become a faculty advisor to support the student group. The Academic Advocate serves as the student group advisor. Once the Academic Advocate is identified, notify ISACA with an email to [email protected].
  4. Work with faculty member/advisor and students in starting an ISACA student group. Conduct presentations at the university. Provide support to the academic community. Provide guest speakers on interesting topics based on recommendations provided by Academic Advocate.
  5. Ensure the student group aligns with university policy and is organized as an official activity within the university. The student group needs to follow all university regulations regarding appropriate conduct, harassment prevention, privacy, etc.
  6. Draft bylaws for the student group, ensuring they align with university policy. ISACA headquarters can provide a bylaws template. Once the bylaws are finalized, email a copy to [email protected].
  7. Elect a student board, i.e., president, vice president, treasurer and secretary. The Academic Advocate serves as the student group advisor. There is no minimum number of students required to form a student group. To start with, ISACA just needs the name of the president. Other officers can be identified later. Email the name of the elected president to [email protected].
  8. Set up a basic web site for the student group. This should be located in the student activities section of the university web site. This can start out as a shell with the intention to add content as the group gets up and running. The web site should be public so anyone is able to search it. Email the URL of the web page to [email protected].

Once the above items are received and approved by ISACA, the student group will have official recognition, an official ISACA student group logo and logo use guidelines.

The group’s executive officers information needs to be maintained on the web site considering that students leave university after completion of their studies.

ISACA membership is not required for someone to participate or hold office in the student group. Participation is a great way to introduce part-time students to the association, even though they do not qualify for student membership.

ISACA has a designated area on the web site that lists the schools/universities that have been officially recognized by ISACA.

Editor’s note:  Anthony Rodrigues was recently given the Tony Hayes Award, named after ISACA’s first International President from the Oceania Region. The award presented by the region recognizes outstanding leadership and contribution. Rodrigues has been providing outstanding service to the Melbourne Chapter as a director for almost 10 years.

ISACA Program Connects Women Leaders in Tech

One look at the faces and names of industry speakers, writers and influencers shows a relative dearth of female contributors. The same can be seen throughout the global technology workforce. The reality of too few women entering technology fields and moving up the ladder to leadership positions is not a new one, but it is something that the ISACA Women’s Leadership Council is actively addressing through a new program called Connecting Women Leaders in Technology.

The empowerment of women within the global technology workforce is critical to advancing female leadership and sustaining the profession. Through this program ISACA will provide a robust platform to:

  • Attract more women into the technology professions
  • Provide support tools to advance and sustain a woman’s trajectory through her career lifecycle
  • Offer educational opportunities to develop skills and increase knowledge to further enhance women’s leadership within the global technology workforce

Anecdotally, we know the need is there. At the 2015 CSX North America Conference in Washington, DC, last October, we held the first Women in Cyber program and had an overwhelming response. To build on that program, ISACA’s Women’s Leadership Council—comprised of high-level female tech executives from around the world—has conducted education programs at ISACA conferences in 2016 and will continue to explore new opportunities that will support a comprehensive program over the long term. For example, we realize that there may be opportunities to align with other enterprises or organizations that are addressing the shortage of women in tech careers. We will pursue these opportunities and keep you updated throughout the year.

What is Causing the Decline of Women in Tech?
What is driving the decline in women entering tech-focused programs at university—and thus fewer graduating and starting tech careers? This is a complex question that likely has different answers, depending on the region and specific field. It is something we want to delve into and address. There are many women thriving in tech careers but we believe there should be more. That is where awareness, curating and sharing women in tech success stories, and education and cultural initiatives can make a real difference.

We do know that the issue of women in tech careers affects everyone, including men. Men can and should be some of our greatest champions and allies. I was reminded of this fact at a recent webinar I participated in on woman in tech climbing the corporate ladder. Though the webinar was aimed at young women, it was the participation and reaction of men that was most interesting. Most said they were not aware of the issues women in tech face, but they welcomed potential solutions, in part, because they have daughters, sisters and wives who likely face similar challenges. This helped us realize that the education and awareness efforts must include men as well as women.

Wherever the program leads, it is great to know that we have strong support from ISACA’s board of directors, who approved the Connecting Women Leaders in Technology program. ISACA’s board and its Women’s Leadership Council believe in the program’s ability to engage, empower and elevate women in technology.

Editor’s note:  ISACA Now is seeking women in tech guest bloggers to write on the subject of their choice. If you are interested in learning more, please contact [email protected]. For more information on Connecting Women Leaders in Technology click here.

1 - 10 Next