When ISACA – then known as the Electronic Data Processing Auditors Association – was incorporated by seven Los Angeles area professionals in 1969, “there was no authoritative source of information,” according to ISACA’s first president, the late Stuart Tyrnauer. There was “no cohesive force, no place to turn to for guidance.”
Back then, Tyrnauer and his colleagues figured their grassroots association, focused on the emerging profession of electronic data processing auditing, was just of local interest. As it turned out, the interest extended well beyond southern California, unexpectedly allowing ISACA to blossom into a national organization, then an international organization, to what it has become today – a thriving global professional association with more than 220 chapters and 140,000 members. Best of all, ISACA’s remarkable story is far from complete.
The calendar has now flipped to 2019, the much-anticipated year of ISACA’s 50th anniversary celebration. We have chosen Honoring Our Past, Innovating Our Future as our 50th anniversary theme because we are committed to doing both, especially considering ISACA always has been a future-minded organization, helping its professional community navigate change and the remarkable advancements on the technology landscape. When the EDPAA conducted its first conference in 1973 – under the theme “EDP Auditing: A Coming of Age” – the focus might have been narrower than the topics explored today, but the intention of sharing knowledge and best practices with respected colleagues, and the desire to help others achieve the positive potential of technology, has always been hard-wired into our organization’s culture. Today, as effectively and securely deploying technology has increasingly become a central driver of enterprise performance, the work performed by ISACA members – and ISACA’s enduring commitment to be a trusted resource for our professional community – is all the more critical, providing an inspiring context to the 50th anniversary celebration.
This anniversary celebration is for all members of the ISACA professional community – past, present and future – to enjoy together, and the more of you that are engaged, the more meaningful it will be. There are several great ways you can participate in ISACA’s anniversary celebration throughout the year, including:
Visit ISACA50.org (and keep coming back)! Our 50th anniversary website includes a wealth of content that will both entertain you and leave you feeling even more inspired by your relationship with ISACA. From an overarching story of ISACA’s proud 50-year history to a wide array of other anniversary resources – including videos, podcasts, an ISACA history timeline and perspective on the impact of ISACA’s global chapters network – the site offers a robust platform to enjoy and participate in ISACA’s anniversary celebration. Be sure to keep coming back; content will continually be updated each week throughout the anniversary year.
Join the celebration on social media. Social media provides a terrific platform for our global professional community to celebrate together. Show us where in the world you’re celebrating by printing our anniversary celebration sign from the Participate page at isaca50.org and posting your photo, using #ISACA50.
Consider attending an ISACA conference in 2019. ISACA’s anniversary will be prominently celebrated at our 2019 conferences, including at the North America CACS conference, which will take place in May in the backyard of where the organization was founded 50 years ago – the Los Angeles area. Regardless of whether you have attended several ISACA conferences before or have yet to attend, what better time to learn from and connect with your ISACA colleagues than during our 50th anniversary year?
I am deeply appreciative of all the staff, volunteers and sponsors who have come together to create such a dynamic, year-long anniversary program. With the anniversary celebration serving as the backdrop, there is so much to anticipate for ISACA in 2019, including, but certainly not limited to, a new ISACA-Infosecurity conference partnership slated for November in New York, a Future of IT Audit research report and a Transforming IT Audit website, an update to the CISA certification exam content, growing global adoption of the recently introduced COBIT 2019 framework, the anticipated arrival of a new ISACA CEO, and a further build-out of the CMMI Cybermaturity Platform.
As a longtime ISACA member and the current board chair, I have never been more energized to be part of the organization than I am right now, and I’m even more excited to see what comes next in 2019 and beyond. We celebrate our past to inspire, motivate and propel us into the future. Our 50th anniversary year is a wonderful milestone in ISACA history, but I truly believe that, together, we can ensure ISACA’s best moments are still to come.
Just as there are no limits to the technological advancements that our professions, and society, will embrace, the impact ISACA’s professional community can make in the coming years has boundless potential. With a 200-plus chapter network, a passionate volunteer base, the collective expertise of our 450,000-plus global professional community, the knowledge and credentialing portfolio — to name just a few of our assets — ISACA is ideally positioned for 2019, our 50th anniversary year, and beyond.
At this time of year, we can find ourselves reflecting on the past. Yet at this moment, I find myself more drawn to consider ISACA’s promising future, as our association has opened the search and application process for a new ISACA chief executive officer. This effort is being carefully managed by a Selection Committee of the Board, with committee chair Tracey Dedrick and members Chris Dimitriadis, Greg Touhill, Gabriela Reynaga, Leonard Ong and R.V. Raghu. ISACA has engaged Egon Zehnder Inc., a Zurich, Switzerland-based executive search firm, to aid in this important work.
While there are many characteristics that will be important for our new CEO to possess, at the core, we seek a strategic visionary with a deep understanding of technology and its role as a business enabler — a leader who not only understands the rapidly evolving technology landscape, but also brings a strong perspective of what our global professional community needs in this environment. This new leader will have a strong understanding of digital transformation, demonstrated ability to collaborate with a range of global stakeholders and the ability to serve as a respected external voice for the organization.
Further, the ISACA CEO also must drive operational excellence throughout the organization, and therefore have the proven ability to build, motivate and manage a high-performing professional team. One of ISACA’s great attributes is the shared sense of purpose and partnership among the Board of Directors, volunteers, ISACA staff and the entirety of our professional community. A CEO capable of strengthening those connections will ensure that ISACA and the CMMI Institute achieve, and even exceed, organizational goals, continue our growth curve, and capitalize on promising new opportunities that surface ever more often around the globe.
The ISACA Board is excited about the search; we are confident the opportunity will attract a bevy of excellent candidates. We take very seriously our responsibility, this unique occasion to select a new CEO who we will entrust as the essential, excellently qualified executive leader. This individual will be charged with bringing strategic vision to life, to inspire a world-class professional staff, and to serve ISACA’s current and future professional community in the most dynamic industry — information technology.
Where once we were known for electronic data processing audit and controls, today’s ISACA is the professional home and hub for risk, governance, privacy, information and cyber security — still audit and controls — and more. Our professionals are at the forefront of artificial intelligence, blockchain, Internet of Things, quantum computing, and many other current and future technologies that recalibrate our personal and work lives daily. The everyday work performed by ISACA’s professional community is critical to move organizations, institutions, businesses and society forward securely and responsibly.
As we begin the search for ISACA’s next CEO in earnest, we know our rigorous selection process will lead to the arrival of an engaging, vibrant leader who will embrace our challenges, seize high-impact new opportunities, and take ISACA to new heights. Our new CEO will come aboard at a truly special juncture for ISACA, a time when we are honoring our past, celebrating our 50th anniversary, and innovating for that future 50 years, and more, to come.
Interested parties may supply credentials for consideration via electronic mail to firstname.lastname@example.org.
Members of ISACA’s US Public Policy Working Group recently gathered on Capitol Hill in Washington, D.C., to listen to inspiring speakers and to advocate for issues important to ISACA constituents, drawing from their personal experiences and professional backgrounds.
Over the course of a productive day, these ISACA volunteers met with Congressional members and staff leaders from seven districts from California, Illinois, New York, Texas and Virginia—states from where ISACA’s participants hailed. Key topics discussed included the National Institute of Standards and Technology (NIST) Reauthorization Bill (H.R. 6229), the value of authoring and introducing legislation focused on the future of IT audit, and the importance of certifications in preparing the workforce for cybersecurity jobs and closing the skills gap.
The participants expressed the importance of supporting H.R. 6229, as it would not only reauthorize NIST, but also strengthen research and development programs related to cybersecurity, artificial intelligence (AI), internet of things (IoT), and quantum computing and increase opportunities within the cybersecurity profession.
ISACA’s US Public Policy Working Group recently came together from across the country to engage in advocacy efforts on Capitol Hill.
Additionally, as some of the Public Policy Working Group had worked or currently work within government, they could also personally speak to the challenges of managing several audits throughout any given year in addition to the rest of their workload. They emphasized that improving and streamlining standards for audits would not only help make the process more efficient and deliver more meaningful results, but also incorporate emerging technologies such as AI that are currently not factored into most audits.
“As a member of the ISACA US Public Policy Working Group, I appreciated the opportunity to visit Capitol Hill to discuss legislative initiatives that impact my profession,” said Howard Duck, CISSP, CISM, CISA, PCIP, past president of the ISACA Sacramento chapter. “Joining other ISACA members in these discussions was interesting and informative for me.”
Another ISACA volunteer, Kyle Foley, CISA, CGEIT, CRISC, PMP, agreed. “Meeting with Congressional staff in the House and Senate to discuss ISACA's mission and information security issues, such as the NIST reauthorization legislation and our ‘One-Audit’ initiative, was fun, interesting, and rewarding.”
Joel Creswell, Ph.D., Legislative Assistant to Congressman Daniel Lipinski (IL-03), who kicked off the advocacy day by speaking to the group on Rep. Lipinski’s work in the research and development and science and engineering spaces, as well as on initiatives related to AI, quantum computing and cybersecurity education, noted that IT audits were a focal point of the roundtable discussion with ISACA the day before.
Another common issue that causes concern to both ISACA members and Congressional staff was the challenge in building a strong cybersecurity workforce and addressing existing skills gaps.
Nick Leiserson, Legislative Director for Congressman Jim Langevin (RI-02), spoke to the group mid-day and provided highlights from this year, such as the creation of the Cybersecurity and Infrastructure Security Agency, as well as a preview of what ISACA’s professional community might expect to see come out of the work of the 116th Congress.
During ISACA’s advocacy day, participants discussed key issues such as supporting the NIST Reauthorization Bill, envisioning legislation around the future of IT audit and closing the skills gap with certifications.
The experience was not only an opportunity to raise important issues, but also ended up being a milestone for the ISACA volunteers who participated. It was the first time each of them had been involved in such an advocacy day—and it was an experience they found to be very positive.
"ISACA continues to exceed my expectations, and today’s advocacy event was no exception,” said Angel Contreras, CISA, CDFM, senior manager, technology risk at EY. “Being able to meet with policymakers—having open discussions on the key cyber and audit challenges with the common goal of making progress to secure our enterprises—was a memorable experience that embodies what ISACA is all about."
Added ISACA volunteer Kevin McDonald, CISSP, CISA, CRISC, CBCP, PMP, senior program manager at Copper River Enterprise Services, “This is a prime example of ISACA’s support for the industry and proactive approach to supporting the next generation challenges in audit and technology.”
Editor’s note: Pat Ryan’s wide-ranging career included serving as an analyst in the British intelligence community, partnering with her husband on an oil exploration consultancy specializing in underwater seismic operations and satellite imaging, setting up and running a non-profit that installed IT equipment and educational software into UK hospitals where children were being treated, and founding Cyber Girls First, which encourages girls in the UK to take up coding and cybersecurity. Ryan, who spoke last month at ISACA’s UK Chapters conference, recently visited with ISACA Now to share about her past experiences and current efforts to inspire girls in cybersecurity. The following is a transcript of the interview, edited for length and clarity:
ISACA Now: You have a unique and varied professional background. Which aspects of your career are you most proud of, and at what point did you become focused on cybersecurity?
I am most proud of my children and what they have achieved. I stayed at home until they went off to their chosen careers before returning to the workplace. This was extremely difficult, even though I had partnered with my husband to set up and run an oil exploration consultancy. That’s when I realized how impossible it was for women to return to work after a time away raising children or caring for elderly parents. It’s even more difficult these days.
ISACA Now: Given your background, what is your perspective on cybersecurity as a national security issue – what needs to occur in the UK and around the world for governments to better protect their citizens from cyberthreats?
We have not woken up to the intense threats we face as a nation from cyberattacks on our hospitals, banks, government, schools, companies and infrastructure. During 2018, at least two attempts were made to hack into our power grid and transport systems.
Women represent 51 percent of the population of the UK, yet only 12 percent of coding and cyber positions are taken by women. We are losing a large portion of the potential workforce. In school, girls have a preconceived notion about taking computer science (mostly derived from boys whose comments are under the general terminology that “Computers aren’t for girls.”). I had seen this when mixed classes come into the National Museum of Computing at Bletchley Park. In the UK, our National Curriculum is an advantage, where all schools use the same software packages. I noticed that the boys push the girls off the machines or take the iPads away from them. That was when I decided to set up a program across the UK where girls were on their own for a whole day.
ISACA Now: How and why did Cyber Girls First come about?
As mentioned earlier, I saw first-hand how girls were taking second-place in classes, when in fact they were extremely adept at coding and in using various pieces of equipment. Starting Cyber Girls First would have been almost impossible without the support of universities and companies such as J.P. Morgan, Field Fisher, pi-top Computing, SEARCH (IT Recruitment) and ISACA.
J.P. Morgan and pi-top helped from the start, and a year after starting the program, I no longer had to go out to sell it – companies, schools and universities are asking to be included, and after four years, it has moved into a new dimension.
ISACA Now: What were the main points you were looking to convey during your remarks at the ISACA UK and Ireland chapters event?
I wanted to explain to the mostly male audience exactly what problems are faced by girls and women in the workplace. It starts at school, continues into employment, and becomes even worse if a woman chooses to care for her children until they go to school. That could mean maybe seven or eight years out of employment. The way that technology is moving, even a year can be difficult for a return-worker, so seven or eight years could be daunting.
I pointed out that each time a woman takes time out to care for children or elderly parents, she returns to work in a lower position with no attention paid to their levels of experience in previous careers. They need to be given the confidence to take up re-training, and companies should re-think their employment rules relating to job-sharing and part-time working. Women who are given this support tend to remain in those companies, so employers would benefit from a stable workforce.
ISACA Now: What impression has your interactions with school-aged girls left you with about the future of women in the cybersecurity workforce?
Very positive. We concentrate on direct communication with the girls, finishing the day with a session of round-table talks with six girls to each table. They have a 15-minute session and move to another table. Throughout those two hours, the girls will have heard from banks, IT companies, lawyers, the local police on-line security people and Government employees. We have someone from GCHQ/NCSC who tells them about the work they do to keep Britain safe.
After an event at Cardiff University, I heard from a teacher that all 10 girls who had attended our event had signed up to take computer science as one of their chosen subjects. At our Field Fisher event in London, attended by (past board director) Michael Hughes from ISACA, I had an email from a parent who said that her daughter had run into the house and said: “I know now what I want to do.” This program is not a “Wouldn’t it be nice if…” It is essential to our future security.
ISACA Now: How can enterprises do a better job of appealing to prospective female technology practitioners?
The government has set aside millions for schools and organizations to come to grips with the lack of trained people, particularly women. They have also put further millions into teacher training on computer science. Businesses should invest in apprenticeships and re-training programs to attract graduates and women “returners” into these roles.
One girl told me that her parents had said that everything would be done by robots. I suggested she should think about who would design the robots; who would design the software to run them; who would repair them (until that’s done by robots as well). She hadn’t thought of that and decided to do computer science.
Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Patricia Watson, director of cybersecurity, risk & compliance for Kitu Systems, Inc. Interested in joining ISACA and networking with colleagues like Watson? Learn more here.
Patricia Watson rattled off a list of growing concerns she has observed during her career in cybersecurity and risk management: advanced persistent threats that leverage artificial intelligence, ransomware, an increasing volume of nation-state-sponsored attacks.
The degree of difficulty for cybersecurity practitioners has made Watson’s inclination for a robust knowledge exchange with industry peers all the more valuable.
“I am a big proponent of collaboration and knowledge transfer in the areas of cybersecurity and risk management,” Watson said. “The adversaries seem to always be a few steps ahead of us when it comes to cyber-threats. Given that there is a dire shortage of cybersecurity professionals, we all need to do our part to share lessons learned, process improvement capabilities and insights into emerging threats.”
That mindset has made ISACA and Watson an excellent match. Watson, who has been an ISACA member for about 10 years, first became involved with ISACA’s Boise, Idaho, chapter, where she eventually became chapter president. Her penchant for successful collaboration extends to her professional career – Watson, who now resides in San Diego, recently took on a new role as director of cybersecurity, risk & compliance for Kitu Systems, Inc.
“Given that we are a small start-up, the biggest challenges in my role include limitation of resources and competing priorities,” Watson said. “That said, I'm fortunate to be part of a very inclusive and collaborative company culture that appreciates the important role that cybersecurity, risk and compliance functions play in the development of our products as well as the alignment of our long-term roadmap.”
Watson credits an internship with the Sandia National Labs Center for helping to jump-start her career, providing valuable skills-training and hands-on experience. She moved on to become digital forensics program manager at Boise Inc., before taking a risk management role at Sempra Energy, a position that provided the chance to visit renewable energy and natural gas sites to assess their critical infrastructure cybermaturity.
Watson said she was one of few women in digital forensics early in her career, “which meant I always had to prove my skills and abilities beyond the rest of my male colleagues.”
“I'm very proud that I chose a career in STEM, and that even during times when people doubted my abilities or dismissed my contributions, I continued to follow my passion, broaden my skills and focus my energy on the wonderful people that have mentored and supported me,” Watson said.
Watson has experienced much of the western US first-hand. She originally hails from Houston, Texas, but attended the University of New Mexico, where she earned a pair of degrees before a career opportunity took her to Idaho. The position at Sempra Energy prompted her move to southern California four years ago, and her new role at Kitu Systems, Inc., affords her some stability in sunny San Diego.
“For now, San Diego is definitely home sweet home!” she said.
In her free time, Watson loves traveling abroad, which provides prime opportunities to nurture her passion for photography (as one can see from photos from Watson’s New Zealand trip).
That adventurous streak blends with caution when it comes to her approach to the cyber arena.
“Never lose sight of the fact that in cyberspace, transparency is involuntary – therefore, in cyberspace, ignorance is not bliss!” she said.
Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of members of ISACA’s global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kyla Guru, a leader in spreading cybersecurity awareness among young people and an active proponent of ISACA’s SheLeadsTech program.
Kyla Guru is in a hurry to make her presence felt in the cybersecurity field.
While many of her fellow teenagers still are figuring out what they want to pursue in college – or if they want to go to college at all – Guru already is spreading cybersecurity awareness as founder of Bits N’Bytes Cybersecurity, which lists as its goal to immerse the youngest members of society in cybersecurity concepts.
“These students need to be able to see the role models in cybersecurity, realize how much potential there is for growth and impact in the industry on a grander scale, and feel empowered about developing the necessary skills, both technical and interpersonal, starting now,” said Guru, a junior at Deerfield High School in suburban Chicago, Illinois, USA. “It’s all about showing them that these roles are not for one type of person, and that there are opportunities, mentors, classes, and resources, to help us catalyze change right now.”
With that type of mindset, it’s no wonder Guru is zooming down the fast track in exploring the cybersecurity field. Guru, whose father, Naganat, is a longtime ISACA member, founded Bits N’ Bytes during her freshman year of high school, and considers the “passion project” a major piece of her identity. She said her interest in cybersecurity grew from conversations with her family around the dinner table, and accelerated when she attended a cybersecurity workshop at Purdue University the summer before she began high school.
“My fascination for these topics quickly turned into a string of past-midnight conversations in the lobby of our dorm, discussing about just how much of the Internet is ‘unknown,’ ‘unseen,’ or ‘unheard,’ Guru said. “It is knowing the relevance of these studies, and an urging pull to study the unknown, that continues to fuel my passion for cybersecurity.”
In addition to becoming intrigued by the cybersecurity field generally, Guru also is a proud “steminist” who is interested in addressing the gender gap within the technology workforce. In June, Guru co-directed “GirlCon Chicago,” the city’s first all-female high school tech conference, which included a video message of support from Facebook executive Sheryl Sandberg. In pursuing sponsorship for the conference with ISACA’s Chicago Chapter, she became aware of ISACA’s SheLeadsTech program.
“With ISACA’s support, a network of female leaders from the Chicagoland area, and steady collaboration with their SheLeadsTech program, our all-high school team was able to unite over 180 female students and 50 professionals from around the Midwest in engaging in the future of technology,” Guru said. “ISACA helped ensure that our event was the most rewarding and fulfilling experience for all our attendees.
“One thing I know our team learned from our partnership with ISACA’s energetic team was that you never know what could come out of asking questions with good intention. This was justification for most of the bold moves that went into making GirlCon. Looking forward, I am certain that my collaboration with the SheLeadsTech program has opened many doors to further collaboration, and I look to the program as a support system as I continue my tech journey.”
Beyond high school, Guru intends to study computer science and cybersecurity, in addition to gaining a strong background in business and analytics. By the time Guru’s professional career begins in earnest, there is unlikely to be a client appointment or board meeting capable of fazing her. Her presentation experience includes delivering a TEDx talk titled “Hacking a Solution to Global Cybercrime,” a presentation that allowed her to reach new audiences with her message of how cybersecurity is much more tangible in our lives than many people realize.
“My grander vision for my future is to find myself constantly shape-shifting for new solutions, challenging myself intellectually, and making progressive changes to the dynamics of society that fundamentally impact lives,” Guru said.
Naganat Guru is thrilled to see his daughter share his passion for technology, and said organizations such as ISACA “need the new generation of leaders like Kyla.”
“This is one of the best things that has happened to me and our family,” he said of his daughter’s beyond-her-years contributions in the cybersecurity realm. “I became a CISA in 1998 when Kyla was not even born, but she has achieved so many laurels in the last few years that I cannot probably accomplish in my lifetime. … I may sound biased since I’m her father, but this is true: Kyla is a born leader.”
Tim Mason, ISACA Chief Experience Officer and SVP, Operations, and a six-year member of ISACA’s executive leadership, passed away unexpectedly on 31 October. As members of ISACA’s professional community, we extend our condolences to Tim’s family.
Tim’s leadership and his commitment to incredible member and customer experiences are the cornerstone of his very successful professional career. What I will recall as his most high-impact contribution to ISACA is Tim’s work with me in 2015 to define our organizational Values as well as our Purpose and Promise, centered on helping practitioners and their enterprises realize the positive potential of technology. Both were unanimously approved by the ISACA Board of Directors, and together with our Values they form the foundation for our ongoing transformation to an organizational culture of ONE. These are not just words on a wall. From this foundation, and driven by Tim’s leadership experience and energy, the ISACA community has benefitted from a wellspring of new capabilities and offerings. These include sophisticated digital marketing and analytics, an accredited training organization program, online learning and webinars, a heightened focus on product management, and a customer experience center, to name only a few. Our members and customers have seen, felt and experienced the incredible difference Tim brought to the workplace, and around the world, every day.
I walked the office floor last week following the announcement of Tim’s passing to comfort our employees during this difficult time. I was struck by many the comments I heard about Tim, including how he always said hi to everyone he passed in the hallways, his regular check-ins and counseling of staff on their career development, how his sense of humor, sarcastic at times, often helped to get through the most stressful of times, and that “he was the best boss I ever had.” Tim recognized that accomplishing great things not only requires hiring great people, but also supporting and nurturing them.
What I will remember beyond Tim’s professional accomplishments and contributions is the person Tim was outside of work. He had a real love for the outdoors, with a relentless passion for spending time on his Wisconsin farm (where he spent his final days) working the fields, hunting and fly fishing. Tim had an incredible knack for woodworking, and my wife and I will cherish forever a serving tray he made for us for no other reason than “just because.”
Most of all, he was a family man and father. Tim’s wife Brenda was, and will always be, his rock and the love of his life. His children, Nicholas and Caitlyn, were always top of mind, and his stories of what they have accomplished showed how proud he was of them. And then there’s Makenna—his granddaughter, and the apple of his eye. Yes, she had “Papaw” wrapped tightly around her little finger, and the vignettes Tim would share about her quips and antics, with this gleam in his eye, grin on his face, and warmth in his heart will remain with me forever. This was the real Tim.
Dr. Seuss said, “Don’t cry because it’s over, smile because it happened.” Tim, we’re doing a lot of smiling in your memory, and we’re going to miss you a whole lot. Godspeed, my friend.
Editor’s note: Memorial donations in Tim’s honor will benefit the Epilepsy Foundation.
The loss of Tim Mason, ISACA Chief Experience Officer and SVP, Operations, who unexpectedly passed away this week at age 59, has prompted an outpouring of love, respect and admiration for Tim from staff colleagues and throughout the professional community.
Here is a sampling of some of the comments we have received about Tim and his ISACA legacy:
From Robb Micek, ISACA Senior Vice President, Shared Services and CFO:
“One thing Tim and I used to tease each other about was the ‘traditional’ love/hate relationship between organizational leaders of Marketing and Finance. Tim would tell me stories of the many challenges he would have with CFOs prior to joining ISACA regarding funding for his marketing programs. Those stories would often start with him saying to me, “You know, bud ...,” and then he would retell the story. While there were several times where we did not have the financial resources for all the things the ISACA Marketing and Communications team wanted to do, Tim and I developed a strong partnership in part because he knew I understood the value of investment in those functions and would try to work together to figure out creative ways to “get to yes” when we could. … I feel incredibly lucky to have had Tim as one of my closest friends. I still cannot believe I am not going to have the opportunity to talk to him, share advice and ideas, and trade anecdotes about the most important things in our lives – our families.”
From Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, past board director of ISACA, chair of ISACA’s Women’s Leadership Council and director of information security and IT assurance at BRM Holdich:
“When my husband, James, was recovering from cancer and it was clear that he wasn’t well, Tim showed him such thoughtfulness, including staying with James one night when he wasn’t up for making it out to the restaurant. That sort of kindness is never forgotten. Tim also had a terrific sense of humor, and teased that he could sense I was about to make a big statement in the boardroom whenever I clicked my pen. Tim will be sorely missed.”
From Ken Kujundjic, ISACA Senior Vice President, EBD and Managing Director, Mainland China:
“Like many of us, I am having a hard time processing this news. Tim was a respected figure not only at ISACA but in the association industry. During my time at ISACA, Tim and I worked closely on many initiatives and we traveled together on many business trips. I could share any one of his many accomplishments during his time at ISACA, but I would rather like to remember his dry sense of humor. Tim could find humor in just about anything and had the ability to see the bright side of things. I will miss Tim as a valued colleague but more importantly as a friend.”
From Kristen Kessinger, ISACA Senior Manager, Media Relations:
“I had the opportunity to report directly to Tim for several months, and got to know him much better as a person during that time. I once told him that he made me nervous at first, but once I saw him melt into a puddle at the mention of his granddaughter, he no longer had the ability to be intimidating! He was so encouraging of my career and professional advancement, and he was determined to make me a more confident person. I saved a bunch of emails he sent to me while serving as my mentor, and I am so glad to have those memories of his good advice and kind words. In my most recent interaction with Tim, he called me over to look at a new video of (his granddaughter) Makenna driving his tractor. He was so excited, and his whole face was lit up. She is going to have a very proud guardian angel for the rest of her life.”
From Marie Gilbert, ISACA Director, Consumer Insights and Market Planning:
“Tim loved brand research and he loved cool research techniques. He latched on to the term ‘Euclidean distances’ when we started the market monitor brand mapping. I can hear him saying it and see him smiling. I will miss him terribly.”
From Alexander Josephite, CIA, CISA, CFSA, ISACA New York Metropolitan Chapter Past President:
“I’m very sad to learn of Tim’s passing. I’m fortunate to have met and worked with Tim when he joined ISACA. His energy was magnetic and his attitude positive and realistic. My prayers go out to Tim’s family and the ISACA community.”
Editor’s note: To find out more about ISACA’s Purpose and Promise that Tim set in motion, view this video.
Dozens of women in the SheLeadsTech program attended ISACA’s first fly-in advocacy event in Washington, DC, just a week ago with a plan to bring their voices and views to US Congressional leaders on a host of relevant legislation. After hearing speakers discuss professional development and other issues facing women in technology, delegations visited 12 offices representing California, the District of Columbia, Illinois, Maryland, New York, Pennsylvania and Virginia.
ISACA’s SheLeadsTech program seeks to increase the representation of women in technology leadership roles and the tech workforce through raising awareness, preparing to lead, and building global alliances. For this inaugural advocacy day, SheLeadsTech focused efforts on the NIST Reauthorization Bill, the future of IT audit and the role emerging technologies will play in it, and the need for a qualified federal cybersecurity workforce.
The NIST Reauthorization Bill (H.R. 6229) not only reauthorizes the National Institute of Standards and Technology but also further supports and strengthens the research and development programs of NIST, such as cybersecurity, artificial intelligence (AI), Internet of Things, quantum computing. Focusing on emerging technologies could improve the United States’ cybersecurity workforce, as well as foster further development of AI and IoT. The bill also could expand opportunities for women in the cybersecurity workforce, leaders noted.
Other bills of interest to the ISACA community are H.R. 935 – Cyber Security Education and Federal Workforce Enhancement Act, which establishes an Office of Cybersecurity Education and Awareness Branch within the Department of Homeland Security to provide recommendations to enhance the cybersecurity and computer security workforce. The bill specifically requires reporting on the causes of high dropout rates of women and minority students enrolled in science, technology, engineering and math (STEM) programs. Additionally, H.R. 2709, S. 1246 – Women and Minorities in STEM Booster Act takes important steps toward SheLeadsTech’s goal to increase the representation of women in technology leadership roles and the tech workforce, and H.R. 3137– Promoting Women in STEM Act provides avenues for SheLeadsTech goals to increase the number of women in STEM career and technical education programs.
Anne Marie Zettlemoyer, cybersecurity strategist and visiting fellow at the National Security Institute, who previously served as a special adviser to the U.S. Secret Service, and Olivia Crowley, who serves in the Army National Reserves and works for a government contractor, both spoke about the importance of security clearances. They noted these processes can take long to obtain and keep clearance, which reduces the ability for cyber experts to accept short-term assignments in federal posts. The government needs to partner with private business to offer tours of digital service as a cyber reservist, they suggested.
Zettlemoyer urged the ISACA community and lawmakers to consider the wide reach that a cyber workforce can have. “College isn’t for everyone, but a good living is,” she said. “There are several areas in cybersecurity that don’t require a university degree and can be treated as a trade; providing that opportunity would not only lift our national intelligence and security but also our economy.” She believes that retraining and investing in people whose jobs have diminished are perfect for careers in cybersecurity. “Talent and aptitude are not discriminate, but opportunity often is. We need people to answer the call, and that means looking at non-traditional backgrounds for talent. For example, coal miners are known for their exceptional analytical skills and the ability to problem-solve and react quickly when conditions change in the mine; these analytical skills can translate into triaging alerts with the proper training. Cyber as a trade can offer a high-tech path back into the workforce for them.”
SheLeadsTech advocacy attendee Sanja Kekic, president of the ISACA Belgrade chapter and member of the global SheLeadsTech Chapter Engagement Working Group, was among those inspired by the SheLeadsTech event. She plans to create an advocacy day for her chapter. “Being able to educate members of the Serbian parliament about cybersecurity and the technology workforce, especially under the SheLeadsTech banner, would be an amazing experience for our chapter,” she said.
“My career journey wasn’t through luck; it was hard work and putting myself in situations where I wasn’t always comfortable,” said SheLeadsTech Advocacy Day keynote speaker DeAndra Jean-Louis, Vice President, Global Services Operations at Workday. Providing insights from positions at IBM, Aon-Hewitt and Arthur Andersen, among others, Jean-Louis said her start as a model, after attaining a mathematics degree from Louisiana State University, spurred her to become a technology leader. “Modeling is a business – you’re an entrepreneur: working hard, working under contracts, building a book of business, building relationships, selling yourself as the product.”
Jean-Louis said she’d been told to “stay in her lane” throughout her education; a guidance counselor had advised her to have more realistic goals even as she wanted to be a doctor. Yet, she wrote down ambitious goals – to one day be a computer programmer, to work as a professional model, and to live in New York City and Europe. These all came true. She is now drafting a new list.
Being told to “stay in your lane” was a common thread with the SheLeadsTech inaugural Day of Advocacy speakers this week in Washington, D.C. Panel moderator and ISACA Women’s Leadership Advisory Council chair Jo Stewart-Rattray shared that her guidance counselor had advised that she join the police force, and she ended up studying psychology and education. Panelist Anna Murray, CEO of tmg-e*media, was an English major with a journalism career, and it wasn’t obvious to her that she would hit her stride in technology. “Younger women don’t understand that if they have communication and analytical skills, they can have successful careers in tech. We need English, economics, and other liberal arts majors.”
In her keynote, Jean-Louis shared a list of things to “always be,” which included: uncomfortable, meaning to always challenge yourself; building your brand and championing yourself; curious; building your ecosystem; making peace with failure and questioning the status quo. Whether in your personal life or while leading a team, acting with intention and clear goals is key to success. “I build strategy maps,” she shared, “that define the objectives for financial, customer, and internal business processes, including the learning and growth of employees. Every time I have an issue, I go back to my strategy map, and look at the resources and operations – you need the right people and the right mechanisms to drive success.”
Engaging young women and girls in technology goes well beyond science, technology, engineering and math (STEM) classes, SheLeadsTech speakers believe. Panelist Pam Nigro, president of the ISACA Chicago chapter, discussed the chapter’s partnership with and sponsorship of Girl Con, which is open to girls from eighth grade through high school. Girl Con’s sessions all demonstrate how tech is a part of every career path you enter; Nigro said that partnering with schools and organizations that teach kids how to be safe online can include education on privacy, cybersecurity, audit, governance and risk management as careers.
The panel’s conversation included a discussion on differing views of mentoring (it was posited that men don’t have mentors, they have champions, and women should try to do the same for other women: invite them to meetings that they wouldn’t attend otherwise, speak highly of their skills and recommend them for positions). Panelist Melody Balcet, director of global cybersecurity program for the AES Corporation, encouraged attendees to remain flexible and accept change. “Where we come from, our cultural norms, shape our career paths. Sometimes we’re forced to make changes – we lose a job, get divorced. Moving and uprooting makes many women uncomfortable, but people and kids are resilient. You can create what is important to you. Seek what makes you the best you.”
ISACA chapters may be planning a SheLeadsTech event soon; join the SheLeadsTech community in Engage to learn more about the program and how your chapter can engage, empower and elevate women in technology. Sign up for the SheLeadsTech newsletter at https://sheleadstech.isaca.org/