Other Blogs
There are no items in this list.
Knowledge & Insights > ISACA Now > Categories
Faces of ISACA: Paul Yoder, Head of Information Systems Security, El Camino College

Paul YoderEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Paul Yoder, head of information systems security at El Camino College (Torrance, California, USA).Yoder recently was honored in the education category of the Center for Digital Government Cybersecurity Leadership & Innovation Awards, underwritten by McAfee. Yoder visited with ISACA Now to discuss the award and more; an edited transcript is below. Interested in joining ISACA and networking with colleagues like Yoder? Learn more here.

ISACA Now: You were recently honored for your innovation efforts at El Camino College – how were you able to gain the administration’s support for taking cyber security seriously?
It was a tenuous process since the college had never heavily invested in cyber security before. I’m sure that some people thought that hiring a dedicated security person was the first and last measure to be taken, and didn’t realize that specialized tools would have to be purchased as well to facilitate the hardening of digital assets.

First, I took a hands-on approach by joining the Technology Committee that would drive any future change in info security policy and spending. They had paid a consulting firm to write a five-year plan for upgrading the IT assets across the entire campus, and info security was one of those sections. After about 15 minutes of reading that section, I decided to throw it out and start from scratch! Since it was my first week on the job, I knew this would be a make-it or break-it kind of moment. I decided to craft a new five-year info security plan based on the SANS five-step Security Awareness Roadmap (I actually have a poster of it on my office wall). Fortunately, this didn't result in a pink slip and was actually embraced by all on the committee!

They also ranked all of the sections as to which were the most important to focus on, and info security rose to the top of the list. I reinforced this with some one-on-one “evangelism” with several key stakeholders, such as the president, VPs and deans. I met with everyone that would put me on their calendar. Let’s face it, it’s hard for us “computer geek” types to be social and outgoing sometimes, but this is a much more effective way to communicate your message than emails or phone calls.

Paul Yoder's Office

ISACA Now: What attracted you to working in a higher education environment?
I think it was the opportunity to finally create my own info security program that led me to take the job. The money wasn’t spectacular, and the drive would turn out to be pretty horrendous, but how often do cyber security professionals get to put their own individual spin on things? I just couldn't pass up the opportunity!

ISACA Now: ISACA recently released research about how stronger board oversight of cyber security and risk management leads to improved business outcomes. What are some examples you have seen of that from your career?
I couldn't agree more with this concept. Ever heard of the two-story outhouse principal? It's not only true for nasty things flowing downhill, but also for good things. If you achieve buy-in at the top, then the warm bodies further down the food chain are more likely to follow in lock-step.

One important thing to remember though when dealing with C-level executives – they don't understand or speak security like you do. Keep it simple!

ISACA Now: How has your ISACA membership furthered your professional development?
First of all, being associated with one of the top security organizations provides credibility. The well-written articles provide deep insight into the threats we face every day. I find that they usually have more substance and meat to them than the typical security blogs, which are often filled with top-level or non-essential information. ISACA also provides monthly meet-ups, and that is something that I would like to be more involved with in the future. I proudly display the ISACA chapter logo on the front page of my resume.

ISACA Now: What are some of your major interests outside work?
I have been a professional musician for many years (started trumpet lessons when I was 4!). I currently have two CDs completed and hope to start on a third project soon. I also have been involved with Togakure Ryu Ninjutsu since I was a kid, and I hope to finish a book in 2018 that teaches ordinary people how to implement effective info security at home.

Design Your Career Destiny So It Doesn’t Happen by Default

Caroline Dowd-HigginsI was honored to present the keynote session at last week’s Women’s Forum for the ISACA Chicago Chapter. Here I share a few salient points from the daylong event that will resonate for women (and men) focusing on designing their professional lives so they don’t happen by default.

Manage up. Don’t assume your boss knows what a rock star you are at work. Your boss is busy doing his or her own job. Unless you are causing a problem, your boss may not notice all the great work you are doing the other 11 months of the year beyond your annual performance review. Send your boss a brief monthly email with a punch list of what you accomplished and your stretch goals. It’s a great way to keep your boss informed regularly about your ROI. If you supervise others, be sure to teach them how to manage up to you!

Be a thought leader. The core of your brand is articulating what you do really well - and what you love in your job. The sweet spot is what you do incredibly well that your company really needs. You must then position yourself as a thought leader and act like a publicist to get the word out about your expertise. Use social media, present at conferences in your industry, take media interviews as an expert in your field and become known as an influencer in your career field. Be searchable online with content you want others to find and become known as the go-to guru for something unique in your skill set.

Know how to communicate with your boss. Figure out your boss’s work and communication style, and deliver your message accordingly. For example, does your boss respond better to verbal or written communication? Does he/she need specific details or a big picture overview? Is she/he a planner or more spontaneous in implementing tasks?

Most conflicts in the workplace come from differences in personality, communication and work styles. Understanding how your boss operates may alleviate some of your stress and give you and your boss better clarity of expectations. So, watch, listen and ask others who have institutional history to share their strategies for dealing with your boss.

Good enough to go. Savvy professionals have embraced the good enough to go maxim that was birthed in the Design Thinking paradigm of tech start-ups. Workaholics often get stuck in the perfectionism paradox and never let go of a project because they believe it can always be better.

High achievers believe that “80% can mean done” when it moves the needle closer to the end goal. Tweaking and improvements can happen in the iteration and test drive phases of a project. If the work product never sees the light of day because of workaholics who practice perfectionism – you might as well have not done the work at all.

Showcase your purple cow.  Global branding guru Seth Godin talks about the necessity of being remarkable in his book, “Purple Cow.” The concept argues that the only way to cut through the clutter of a crowded market is to innovate something new, unique and remarkable – like a purple cow.

Marketing is not just for products or companies. Individuals need to consider how they are seen and heard in the career space and control the message they are sending out into the world. What makes you stand out amongst a crowd of perfectly competent professionals? Knowing your super powers and showcasing them in the career world will make you indispensable and highly recruitable.

You have much more control of your life and career if you take ownership of the design process. This follows suit with ISACA’s SheLeadsTech philosophy of: Engage, Empower, Elevate. Design your career and life destiny so it doesn’t happen by default.

Author’s note: Caroline Dowd-Higgins authored the book "This Is Not the Career I Ordered," now in the second edition, and maintains the career reinvention blog of the same name. She is Executive Director of Career & Professional Development at the Indiana University Alumni Association and contributes to Huffington Post, Thrive Global, Ellevate Network, and The Chronicle newspaper in Indiana. She hosts and produces an online show: Thrive! about career & life empowerment for women on YouTube. Caroline also hosts the international podcast series Your Working Life on iTunes and SoundCloud. Follow her on Facebook, LinkedIn, Google+ and Twitter.

Technology at the Heart of Hurricane Preparation, Recovery

Harini BhamidipatiRecent hurricanes Harvey and Irma caused overwhelming damage in numerous countries—but amidst the devastation, the incidents also provide examples of the potential of technology as an enormous force for good when it comes to preparing for and recovering from natural disasters.

Below are many examples of the positive impact of technology in helping local residents deal with both hurricanes, in addition to the millions of dollars raised by the tech community in support of hurricane relief efforts.

Hurricane Harvey

Zello, an Austin-based walkie-talkie app, was used by the Cajun Navy (a collection of ad-hoc volunteer groups composed of boat owners in Louisiana (USA) that help with search and rescue after disasters and first responders). Glympse, a real-time location-sharing app, also was used by the Cajun Navy and other rescue groups used to keep track of rescue boats. Here is a video on how Zello and Glympse rescued victims.

Snapchat allowed users to post real-time, unfiltered pictures and videos that alerted friends and loved ones of their condition.

Google Maps provided this link for people to tag themselves if they were in need of rescue. Google Maps also marked road closures in real-time. Google updated its maps page to show the nearest shelters and emergency numbers.

Waze, a traffic crowdsourcing app, helped people evacuate as quickly as possible as the hurricanes approached.

Airbnb had an open page for open homes for homeowners to post their homes for hurricane evacuees. This page is currently open until Sept. 28 in Texas, Florida and the Caribbean. Airbnb's disaster response has been in place since Hurricane Sandy.

PawBoost is an app that worked with weather.com to crowdsource help for lost pets. This is the link to submit lost pets.

A disaster rescue website created initially by Jessica Decker and Danny McGlashing used Twitter hashtags (#HarveySOS and @HarveyRescue) to create a live rescue map that aided in more than 450 successful rescues. They later teamed up with a group called “Harvey Rescue” to keep up with the rescue requests.

Facebook rolled out a Harvey-specific safety check-in.

Drivetexas.org showed flooded streets and road closures to assist with evacuation.

Harveyneeds.org housed all the information for immediate Harvey recovery.

Station Houston, a startup and innovation hub, organized volunteer groups among the startup/innovator/mentor/ investor community for the physical recovery effort (ripping out drywall, etc.) and for emergency hackathons for immediate tools that were needed.

The Houston startup community of over 700 people via Slack channel created 36 apps, 20 of which were in use during Harvey relief. These local apps were used to map out shelters around Houston, to digitize volunteer forms for the city and to validate volunteer hours (for FEMA reimbursement), etc.

Muck Map is an app that helped residents mark their house for cleanup.

Crisis Cleanup is an organization that allowed voluntary relief organizations to help more people by enabling collaborative disaster recovery. The local coders wrote an API to transfer their data to crisis cleanup.

Verizon provided free data to affected Houston customers for two weeks.

Hurricane Irma
Tesla remotely extended battery life for its customers in Florida so it could get an extra 30-40 miles in mileage.

The GasBuddy app that shows the nearest gas stations and prices rolled out an update that showed if there was still fuel left at local gas stations.

Google, in response to Hurricane Irma preparation and lessons from Hurricane Harvey, compiled a 'digital survival kit.’

Uber and Lyft offered free rides to and from shelters near Tampa.

Verizon provided free data to the affected Florida customers in the aftermath of the hurricane.

Lessons learned
Unfortunately, Harvey and Irma already have been followed by Hurricane Maria, which wreaked havoc in Puerto Rico and other areas. There will be many more opportunities in the future for technology to become even more of an asset in dealing with natural disasters.

One of the main needs going forward is for all cell phone companies to provide free data to their customers during and after a disaster. Verizon was the only company to step up immediately for Hurricane Harvey. By the time Hurricane Irma hit, other cell phone companies started to offer small assistance packages to compete with Verizon. Backup wireless power for cell phone service would be valuable; a huge portion of Houston was in a blackout (there was no cell signal to make a phone call.)

As part of disaster preparedness, shelters need to have portable power charging stations so people who can get to a shelter will be able to charge their phones. There also is a need to integrate traffic/geological mapping applications into one app that shows road closures, gas availability, flooding, traffic information, and other pertinent updates. A tool that tracks which houses still need debris cleaning also would be valuable.

These ongoing needs are slowly being assessed by the tech community; these hurricanes will serve as teaching tools on disaster preparedness for future generations. The areas affected by Harvey and Irma are setting that stage, by showcasing how a sharing-economy of technology-driven resources creates a wide network of flexible assets that can be upgraded over time. The future development of these assets will lead to a seamless disaster relief/recovery platform.

Creating CyberCulture

Matt LoebWhen growing up, many of us probably heard warnings from our parents to be careful in certain environments—the local woods, a busy side street, or at the beach.  Our parents cautioned us out of concern for our well-being, and it served a purpose. 

Their warnings were meant to raise our awareness of our surroundings, and ensure we would exercise care when appropriate. They reminded us that the safety of our environment depended upon the decisions we made. Today, we would be well-served to add one more domain to those dangers areas drilled into us: the world of cyber.

Like the woods and the beach where we played when we were young, cyber offers a great amount of reward, tempered with significant risk if we’re not prepared.

How do we evolve to a CyberCulture, though? How do we convince people that, for all the positive potential of technology, there is a dark side as well? How do we especially reach today’s digital natives, who have grown up largely responsible for their own security in cyberspace, and take security somewhat for granted?

It starts with an initial decision: at what level should cyber security be a part of our daily lives? For a CyberCulture, in which security is a top-of-mind concern, the answer is simple—cyber security should be as prevalent in our lives as possible. There is one security measure that comes to mind that’s prevalent anywhere we look, from shopping carts, to cars, to airplanes, regardless if we are in Kenya, Kolkata, or Kentucky.


Cyber security needs to become the modern-day equivalent of seatbelts that can keep us protected when we are navigating down new roads at high speeds.   Yes, cyber security is a ‘security’ issue—but it’s a safety issue as well, for all of us. Nations, enterprises and individuals need strong cyber security—and all these entities need it for both safety and security. Most significantly, cyber security needs to become pervasive at all of those levels, and no one level is more important than another. To create a safe, secure CyberCulture, people, enterprises and nations needs to function in as complementary and synergistic a manner as possible.

For nations and governments, cyber security must be a prime concern, across the breadth of government, at all levels, and in all functions of government. Last month’s DefCon 2017 gave us an object lesson in protecting the entirety of governmental operations, when conference attendees hacked various election equipment in a matter of hours. Assessing the capabilities—and vulnerabilities—of that equipment should be as regular an activity in government as ordering office supplies. It should be part of a CyberCulture.

For individuals, the journey towards a CyberCulture should begin as early as possible.  We need to make cyber security and good ‘online hygiene’ part of core curricula at the pre-university level, to imbed the concept of security online at the earliest possible levels, and ensure that tomorrow’s digital (and eventually cognitive) natives don’t make cyber security an afterthought. Much like many universities already include humanities or similar courses as graduation requirements, we need to give similar importance to cyber security courses at the university level.

And, just like we would subject potential candidates for a cyber security post to an evaluation of their abilities, maybe it’s time to start evaluating all potential hires—regardless of where they will work in the enterprise—on their abilities to assist in securing the enterprise through sound personal security habits. Likewise, the enterprise should be evaluated on a regular basis for how cybersecure its operations are, not merely from a technical standpoint, but from a cultural standpoint as well. In today’s digital economy, everything is connected; a hack of the cyber infrastructure of one enterprise imperils all with whom they work.

Creating a CyberCulture in which cyber security is as pervasive and commonplace as seatbelts isn’t a ‘nice goal’—it’s a necessity. We are all part of the digital economy now; our digital footprints span continents, borders and time zones. We’ve all helped to make cyberspace what it is today, contributing to its awe-inspiring power and frightening vulnerabilities.  It’s up to all of us to make cyber security what it can be, tomorrow, and to ensure that future digital natives continue to enjoy the positive potential of technology.

Buckle up… it promises to be a thrilling ride!

Editor’s note: This blog post by ISACA CEO Matt Loeb originally appeared in CSO.

Five Questions With Author and Africa CACS Keynoter Siphiwe Moyo

Siphiwe MoyoEditor’s note: Siphiwe Moyo, author and motivational speaker, will deliver the closing keynote address at Africa CACS 2017, which will take place 11-12 September in Accra, Ghana. Moyo, an expert on developing human capital and strategically managing change, recently visited with ISACA Now about what he terms an ‘entitlement culture’ and how the financial markets produce important life lessons. The following is an edited transcript:

ISACA Now: What is the biggest key to an organization developing a healthy culture that leads to strong morale among its workforce?
Having the correct job and organizational fit, including placing people in jobs that are in line with their strengths.

ISACA Now: How do you define an ‘entitlement culture?,’ and why is it problematic?
It’s a culture where people feel that someone else owes them something. It’s problematic because without taking responsibility for their own lives and progress, people cannot perform fully.

ISACA Now: One of your books is Bulls & Bears: Life Lessons from The Financial Markets. In what ways do the markets produce important life lessons?
If you study the markets long enough, you see how they really teach us about life. Markets go up and down but if you have your fundamentals correctly, over the long term you will succeed. Success is about doing those small things every day that lead to big results eventually.

ISACA Now: What are some unique opportunities for enterprises in Africa?
Infrastructure – railroads, and regional integration in terms of roads, energy and water.

ISACA Now: Today’s business technology professionals are dealing with a rapidly evolving technology landscape. What is some advice you will give Africa CACS attendees about how to ensure their organizations are embracing these changes constructively?
It’s about mindsets. Although we know in our heads that we need to embrace change, we know that if the external environment changes faster than our organizations, the end is near, as Jack Welch says. People often feel change fatigue, and I will be helping the delegates with how to overcome that.

Cyberpsychologist Mary Aiken: New Threats Demand New Solutions

Mary AikenEditor’s note: Dr. Mary Aiken, a cyberpsychologist, expert in cyber behavioral analysis and author, will deliver the closing keynote address at CSX North America 2017, to take place 2-4 October in Washington, D.C., USA; and CSX Europe 2017, to take place 30 October-1 November in London. Aiken recently visited with ISACA Now about several of her core areas of interest, including digital ethics and how parents can combat some of the cyber threats that could harm their children. The following is an edited transcript:

ISACA Now: What intrigued you about pursuing cyber behavioral analysis?
As a cyberpsychologist, I maintain that human behaviour can fundamentally change in cyberspace. Powerful drivers such as (perceived) anonymity, online disinhibition and psychological immersion, along with minimization of authority online, dictate that people can act very differently in cyber contexts. Therefore, there is a need for new behavioral scientific approaches and analysis in terms of understanding human, and specifically criminal behavior mediated by technology.

ISACA Now: What should organizations be especially mindful about from a digital ethics standpoint?
In 2016, NATO declared that cyberspace was a ‘domain of operations.’ People like me have been talking about cyberspace for over a decade, but this was a paradigm shift in terms of an official acknowledgement that ‘cyber’ is actually a place, an environment. This recognition gives us a great opportunity to draw on the learnings of the environmental movement. What happens in cyberspace impacts the so-called real world, and vice versa. We should therefore be very protective of this new cyber environment.

The “precautionary principle” has been used to great effect in the environmental movement, placing the onus on companies to prove that their products are doing no harm. From an ethical perspective, if we apply the precautionary principle to cyberspace, then the onus will be on organizations to prove that their digital products do no harm. We are all familiar with the benefits of Corporate Social Responsibility (CSR). There is a now an exciting opportunity for organizations to practice Cyber CSR.

ISACA Now: Which aspects of your research on virtual behavioral profiling tend to surprise people the most?
In terms of behavioral profiling, I have been involved in a dozen different research silos – everything from cyberchondria to organized cybercrime – and the one thing that I have observed is that whenever technology interfaces with a base human disposition, the result tends to be amplified and accelerated. I called this ‘the Cyber Effect,’ and wrote a book about it. A lot of people were surprised and fascinated by this insight; I believe it could be the E = mc2   of this century. If we could figure out and factor this escalation, then we could also look at technological solutions to de-escalate.

ISACA Now: What do you see as the most positive potentials of technology across the cyber environment today?
I believe that AI offers incredible potential across the cyber environment. Many of the problems that we experience in cyber contexts are in fact ‘big data’ type problems – for example cyberbullying. If we could develop machine intelligence solutions to technology-facilitated problem behaviors, then I firmly believe we could help to create a better cyber society for all, and most importantly for those who are vulnerable, such as children.

ISACA Now: Cyberchondria is probably a new concept for a lot of people. How would you characterize that term, and how prevalent is it?
Searching about health and illness are among the most popular search topics. There is lots of constructive and helpful information available online, from quality medical websites, such as the Mayo Clinic. However, it is difficult from an untrained human perspective to be objective in terms of the interpretation of bodily symptoms, and subsequent translation into medical search. There is a word for what can go wrong. Cyberchondria is a form of hypochondria manifested online.

It is described as anxiety induced as a result of escalation to review morbid or serious content while engaging in health-related search. What does that mean? It means that you have a headache (that could be anything from a hangover to a migraine), and you start clicking to read about brain tumors, and experience anxiety as a result. In other words, you may be perfectly well in physical terms, but may end up with a nasty dose of health anxiety.

ISACA Now: How concerned should parents be about cyberbullying, and what should they be doing to help their kids navigate the digital world?
Cyberbullying is a serious issue for parents, and I am very concerned about what society should be doing to tackle it. Let’s think about it like this. Real-world bullying is a problem – why? With a harsh word or punch on the playground, there is little or no evidence. However, cyberbullying is nothing but evidence; in fact, you cannot cyber-bully without leaving a significant digital trail. So, how did we ever get to a point where cyberbullying was a bigger problem that real-world bullying? There are solutions.

We could develop AI technologies for telecommunications and social media platforms that (with parental consent) could monitor digital traffic to children. The point at which the behavior escalates in terms of bullying, the AI could trigger a digital outreach to the child to “go and get help,” and a digital outreach to the parent to “go talk to your child.” Parents should not be the last to know that their child is being cyber-bullied.

ISACA Now: If you had one key inspirational message for the ISACA business technology professional community today, what would that be?
I am absolutely pro-technology. I could not do my job as a cyberpsychologist without spending most of my time online.  I firmly believe that in time we will develop a whole range of technological solutions to technology-facilitated problem behaviors. It is important to remember that technology is not good or bad; it is either used well or poorly by humans.

Faces of ISACA: Cynthia Damian, CISM, CRISC, CCSK, Senior Manager of Enterprise Risk Management, T-Mobile

Cynthia DamianEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Cynthia Damian, T-Mobile senior manager of enterprise risk management. Interested in joining ISACA and networking with colleagues like Damian? Learn more here.

ISACA member Cynthia Damian has not had to leave her hometown to work for some of the world’s largest, best-known brands.

Damian, a lifelong resident of the Seattle (Washington, USA) area, has worked for corporate giants such as Starbucks and T-Mobile, including her current role as T-Mobile’s senior manager of enterprise risk management.

While being part of organizations with heavy global footprints has its share of advantages, navigating the sheer size of the organizations, and the corresponding market pressures, requires a skilled balancing act for a risk management professional. T-Mobile, a wireless network operator, has more than 72 million customers.

“One of the challenges is working in a fast-paced, speed-to-market environment,” said Damian “Although it’s important that customers are the focus, it makes things challenging not only to execute on projects and priorities of a given company, but also wrapping around risk management to inform decisions. In my specific area, it’s figuring out the right balance of creating risk management practices and processes that are lean and agile.”

Damian has found ways to strike that balance. At Starbucks, she helped put in place the coffee powerhouse’s first internal governance, risk and compliance function.

“Being part of that was a significant career move for me, knowing that Starbucks is a well-established and global company,” Damian said. “Being part of starting up a brand-new practice internally was critical, and allowed us to drive the way we approached GRC, especially in the security space.”

Damian’s impact at T-Mobile has included ensuring that sound risk management is taken into account as the organization evaluates how to utilize cloud platforms. Her role in managing risk calls for a comprehensive, enterprise view, and requires steady interaction with both executives and those at the operational level to ensure an aligned risk strategy.

Damian, who has ISACA’s CISM and CRISC certifications, has been an ISACA member for nearly 10 years, and serves as a board member and education director of the Puget Sound Chapter. Her ISACA affiliation has proven to be a valuable resource when it comes to connecting with quality consultants and speakers for professional events, as well as networking with industry professionals to share experiences.

Away from work, Damian has developed a passion for portrait photography, and her two sons – a 7-year-old and a 7-month old – provide a pair of charming subjects. The renowned beauty of the Pacific Northwest makes for ideal backdrops, providing all the more incentive to stay put in the Seattle area.

“I love the diversity here – both the diversity in the people, but also in career pathing,” Damian said. “I just feel like we’re a great market to be able to build your career in whatever aspect that you’re looking for, especially in the technology space. It’s a wonderful place for raising a family, as well.”

And while her physical location may not change, major shifts in the technology landscape ensure that Damian has new experiences on a daily basis.

“Technology is moving so quickly, and the risk landscape is also moving and changing very rapidly,” Damian said. “So, whether it’s risk from technology transformation within a company, or risk management of external threats, as technology has grown and evolved, so has the sophistication of threats on the landscape.”

Faces of ISACA: Mike Krajecki, Director, Emerging Technology Risk Services, KPMG

Mike KrajeckiEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Mike Krajecki, KPMG director in emerging technology risk services.

Mike Krajecki was studying information technology as a college undergraduate when his career goals crystallized.

“I loved what I was doing, but I wanted to find a way to tie it to business,” Krajecki said. “I didn’t want to be a programmer or a data base administrator or a network engineer. I wanted to do something on a bigger and more strategic level.”

That notion led Krajecki to graduate school, where he studied accounting at DePaul University, and eventually to an internship with professional services firm KPMG. The internship was in 2007, and he has remained at KPMG since, leading to his current role as director in emerging technology risk services. Krajecki, an ISACA member, specializes in helping KPMG clients navigate disruptive technologies, such as Internet of Things devices.

The goal is to “help them manage that risk versus reward equation of adopting something that’s disruptive and new to the market, but doing it in a responsible manner,” Krajecki said. “We’re kind of trailblazing a little bit. It’s really exciting. It’s almost like we have a little bit of an entrepreneur’s mentality inside of a huge global firm.”

Krajecki, a lifelong resident of the Chicago area, made pursuing the CISA certification one of the first major elements of his career strategy – calling CISA “kind of the de facto seal of approval” for IT audit and assurance professionals – and he has continued prioritizing his professional development since.

That’s especially important given his focus on the fast-evolving IoT space. Gartner projects 8.4 billion connected things will be in use this year, and the range of opportunities that staggering growth presents enterprises – along with the related security and compliance considerations – can be overwhelming.

Krajecki said many organizations are beginning to at least recognize potential IoT-related hazards, but often need assistance with developing a more comprehensive risk approach. That tends to include the need to coax stronger collaboration between the products team and other functional groups within the organization.

“Today, companies are getting it, but they’re very tactical,” Krajecki said. “It’s still device by device, and still very focused on the minutiae, and it needs to be more focused on a strategic risk strategy, and how do we build a responsible program that is principles-based, that helps us keep focused on the return this product is going to give the company, why we invested in it, and making sure those profits aren’t diminished by risk exposures. That strategic governance layer is what’s lacking the most right now.”

Krajecki points to the automotive industry as being ahead of the curve, noting successful connectivity for many automobiles and a general realization that there is too much at stake to take security shortcuts.

Still, Krajecki said too many large, global organizations “are still kind of stuck in the past.” Going forward, Krajecki expects he and his colleagues will spend more of their time helping organizations think through their digital strategies on a holistic, enterprise level, as opposed to focusing on the risk elements related to specific technologies or products.

To ensure he’s positioned to help his clients transform, Krajecki is an avid consumer of industry guidance and resources.

“You have to be a lifelong student and keep learning,” Krajecki said. “I learn from my clients every day. I’m very active in the industry in attending ISACA events and other large industry events to keep learning what people are saying, and I just read a lot. There’s a tremendous amount of information available if you seek it out.”

On occasion, though, Krajecki feels compelled to take a step back, prioritizing quality time with his wife, Megan, and their 2-year-old son, Grayson. At 6-foot-6, Krajecki is a former basketball player and remains a fan of the sport, while also pursuing cooking as a more recent passion. He calls his cast iron pan, used for grilling, “my best friend.”

“It’s a way to escape technology and data and risk, and just put together a fun meal for friends and family,” Krajecki said.

Five Questions with ‘Passionpreneuer’ Moustafa Hamwi

Moustafa HamwiEditor’s note: Self-described ‘passionpreneuer’ and award-winning author Moustafa Hamwi will deliver the closing keynote address at Asia Pacific CACS 2017, to take place 29-30 November in Dubai. Hamwi will address an often overlooked ingredient in business success – passionate leadership, also the subject of his recent visit with ISACA Now. The following is an edited transcript:

ISACA Now: Why is passionate leadership so important?
Passion is the key differentiating factor for true leaders. It is easy to lead when times are good. Truly passionate leaders show when times are tough. I always say, “The longest distance leaders have to walk is between their mouth and their feet.” Passionate leaders care about the purpose they are serving and find the energy and drive to keep them going against all the odds.

ISACA Now: Is passion innate, or are there techniques to become a more passionate leader?
The quality of one’s passion comes from the quality of their purpose. In my opinion, we are all born to serve a bigger purpose, and when leaders are aligned with their purpose, their ability to lead and to achieve increases. This takes a high dose of brutal honesty for the leader to ask, “Do I really care about what I’m leading?” If not, then any technique will be symptomatic rather than bringing any deep change.

ISACA Now: Can someone be too passionate? Is there a risk of burnout?
Great question. The best way to answer this is to quote, “If passion drives you, let reason hold the reins,” from Benjamin Franklin.

There is a huge difference between being guided by passion and being blinded by it! Planning and constant learning to adjust the plan is a crucial element in any successful venture and in avoiding burnout. Passion is using your heart as your guide and your mind as the planning and execution tool. With this mix, there is low risk of burnout and faster recuperation because the journey becomes more fulfilling.

ISACA Now: You once met a swami who was influential in your trajectory. Tell us how that came about.
When the student is ready, the teacher appears! It was a pure coincidence. I bought a one-way ticket to India in 2012 seeking some answers about my life and the bigger meaning, and through a friend of a friend of a friend, I ended up meeting him. The interactions with him were eye-opening; however, it was one of the questions he asked me that changed a lot of things for me.

One day I was asking him about life and he turns to me and asks me, “Do you know what you are thirsty for? Because if you do not know what you are thirsty for, you cannot quench your thirst.” This was the beginning of my search for how to quench my thirst, to have a great impact on the world, and to help people find and fulfill theirs.

ISACA Now: You are from Syria, then moved to Dubai and have visited plenty of other places. Is passion a universally important ingredient you have observed in successful leaders?
I have lived in, traveled to and spoken in around 30 countries, and have worked with thousands of leaders and executives, and one thing is for sure. Passion is the key to success anywhere in the world. The world is becoming so much more competitive, and without passion, you will run out of energy long before you achieve desired results. Also, passion gives you a joyful competitive advantage (when you are passionate about what you do, you perform better than the person that is doing it just for the money), so your quality of work is better, and people enjoy receiving services from you, which means you have higher demand.

Five Questions with Social Business Guru Ryan Hogarth

Ryan HogarthEditor’s note: Social business strategist, author and radio show host Ryan Hogarth will deliver the opening keynote address at Africa CACS 2017, to take place 11-12 September in Accra, Ghana. Hogarth’s keynote is titled “We Are Not Robots.” Hogarth recently spoke with ISACA Now about some of the themes he will address, such as navigating digital disruption and how to strengthen relationships with customers. The following is an edited transcript:

ISACA Now: You use the term a “frictionless economy.” What do you mean by that?
Everything about being a customer has been transformed through our use of customizable technology because friction is constantly eliminated. We can get what we want or what we need with a click, a tap, a swipe or a gesture. The businesses that will succeed are those that understand their customers’ journey enough to use the right technology to remove friction and make interaction, servicing and purchasing seamless and effortless, or frictionless.

ISACA Now: What are some common mistakes that organizations make in navigating digital disruption?
The two most common mistakes are:

  1. Ignoring it and pretending that disruption does not affect your industry or business. Here we see an insistence that the way business has always been done is sufficient to ensure success in the future. These are the companies that will not allow access to social media at the office or who discourage the use of smartphones for work.
  2. Over-investing in technology without a change in thinking and culture. Here we have the affliction of doing old things with new technology. Converting training manuals to PDF and making them available on a tablet does not mean digital transformation. Before investing in technology, a business should first be clear about what technology their customers and teams use, and then shape your technology to fit them.

ISACA Now: What are the best ways for an organization to strengthen its relationship with customers?
First, map your customers’ journey. What is their actual, real-world experience with your brand or business? Knowing this is far harder than we at first think because we make assumptions about what our customers actually do and experience. Once you plot this out, the shortcomings become far clearer and solutions a lot more obvious.

ISACA Now: Do you think most enterprises are utilizing social media effectively?
No. Most enterprises that are on social media still view it as just another tool of sales or marketing rather than a means of communication and relationship. Again, this requires a shift in thinking. Are you thinking about how you can build a relationship with a customer or just how you can push your latest offering?

ISACA Now: What technological innovations do you anticipate having the most impact on the global economy within the next few years?
There are several: Self-driving cars, clean energy, augmented reality, artificial intelligence, blockchain, high-quality online education, food science and medical technology. All of these are important because their impact will affect so many industries beyond the obvious. We see the immediate effect in how global businesses are playing in fields far outside their traditional spaces. Social media wants to get into banking, tech firms are playing in areas of transportation or health, and banks are pushing hard into the tech space.

1 - 10 Next