Editor’s note: Luke Williams, author, professor of marketing at the NYU Stern School of Business and founder of the W.R. Berkley Innovation Labs, will give the closing keynote address at the GRC Conference 2018, to take place 13-15 August in Nashville, Tennessee, USA. Williams recently visited with ISACA Now to discuss how enterprises can spark more innovation, the concept of disruptive hypotheses and more. The following is a transcript of the interview, edited for length and clarity:
ISACA Now: How, if at all, is entrepreneurship different from it was 10 years ago?
In the past 10 years, the public perception of “entrepreneurship” has shifted toward “disruptive entrepreneurship,” which is about trying completely new products and business models that haven't been tried before. Instead of staying small, disruptive entrepreneurship is focused on high-growth businesses.
We often contrast small business entrepreneurs as sort of “incremental” entrepreneurs; they're incrementally improving business models that have already been established. So, someone who wants to open a shoe store might take their own incremental spin on it, but that's pretty much what it is. Disruptive entrepreneurship is a different form of entrepreneurship and it requires a completely different skill set. As a result, it requires a different approach to education.
Ten years ago, this approach was very much focused on the business plan: this long, elaborate document with all these sorts of financial projections. There was emphasis on getting the plan right. There was little emphasis on prototyping and experimenting. That has been a significant shift in the last 10 years. What we’re really educating entrepreneurs on today is far less about writing a business plan and far more about putting that focus, time, and energy into trying out your idea.
ISACA Now: What are some of the most common missteps made by people who are starting their first business?
I think the biggest misstep or mistake is that people are focused on finding problems to solve. We’re obsessed (in America in particular) with problem-solving. We almost use “problem-solving” as a label for thinking. The problem with problems is they’re seductively clear. They’re screaming for your attention, which typically means that problems are all that are getting anyone's attention.
The richest areas for innovation are found in the seemingly unbroken aspects of the situation you're focused on, precisely because nobody else is looking at these things. Because nothing appears to be wrong, or because it’s not broken enough to be really a problem, that doesn't mean that there’s not an opportunity there.
Often, an adequate idea blocks the emergence of a better idea. Because something is adequate, people don’t feel the need really to look at an alternative way of delivering their model. If it’s not broken, they don’t see the need to spend the time and attention to fix it.
ISACA Now: What type of management style most lends itself to fostering innovative thinking among employees?
What I’m going to talk about at the conference is the difference between sustaining leadership and disruptive leadership.
Sustaining leadership means incrementally improving what you’re currently doing. It’s all about maintaining the continuity of the current business.
Building options for the organization’s future is about managers introducing prolific discontinuity into the business – not waiting for disruption to happen, but rather being proactive. You've got to disrupt yourselves.
There are a lot of managers running around saying they value innovation. Where I find the disconnect most readily occurs is in the metrics; most managers find they’re rewarding the status quo, basically incentivizing people to keep the existing system of continuity. They have to fix that disconnect and figure out how to actually start rewarding effort rather than result.
ISACA Now: Which themes from Disrupt: Think the Unthinkable to Spark Transformation in Your Business tend to surprise people the most? What kind of feedback have you heard that are kind of new, a-ha moments for people?
There’s a tool called “disruptive hypothesis.” With a regular hypothesis, we make a reasonable prediction of what we can do, and then we test that prediction. An example: if your phone wasn't working, you would predict that the battery was flat, so you'd charge your phone. If your phone starts working, your hypothesis was correct; if it doesn't, you need to formulate another hypothesis.
That’s OK for sustaining leadership. If you want to start growing through innovation, you have to get out of the habit of making reasonable predictions and into the habit of making unreasonable provocations.
So, you might start thinking, “Well, why does a phone even need a battery?” The difference is profound. The point of a “disruptive hypothesis” is to give yourself deliberate permission to be wrong and try to create a new idea.
If you’re in a brainstorm session and everyone’s nodding and going “Yeah! Great idea! We can implement that tomorrow!” it means it’s incremental; one of your competitors is already doing it or will be soon. A disruptive hypothesis is an intentionally unreasonable statement that gets everyone’s thinking flying in a different direction.
Another takeaway from the book, I talk about the “cult of personality” problem with innovation. It forms out of celebrity CEOs – Steve Jobs, Jeff Bezos, and Elon Musk – and reminds us that they’re role models of innovation. It’s all about their personalities, and it’s not productive. It’s not about actually creating new products and services. For all of us as innovators, our most important job is to educate and create more innovators. We need to treat innovation as a skill. This isn’t about asking them to change their personality.
I often use the metaphor of cooking; there’s cooking show on every channel. Weirdly, we have a problem teaching people to cook, because it’s nothing more than, “We show you how to take the ingredients and arrange them into a meal.” It’s the same with innovation. Those recipes are ideas, and those recipes (your ideas) make the ingredients (your resources) more valuable. The cooking metaphor is powerful for people because this isn’t about inventing anything new; it’s just rearranging things we already have.
Recognition of service and of outstanding achievements has long been an ISACA tradition, and it has been my pleasure to volunteer on the ISACA Awards Working Group, which was charged with enhancing the prestige and increasing global participation in the ISACA Awards Program. We have made great progress over the last couple of years in creating a peer recognition program, soliciting nominations from our membership and inviting distinguished colleagues to fairly peer-review the nominations, identifying the “best of the best” among a rather elite professional community.
Our 2018 class of recipients lived up to that reputation, and we celebrated their accomplishments during the awards presentation at EuroCACS in Edinburgh, Scotland in May. Terry Grafenstine, 2017-18 ISACA board chair, presented each recipient with his or her award after the audience viewed a short video on the importance of recognition activities and how we can inspire future generations.
Recipients celebrate on stage and with their families and colleagues.
Jack Freund, recipient of the ISACA John W. Lainhart IV Common Body of Knowledge Award, brought his wife and 10-year-old daughter (and possible future ISACA member if her lawyer/racecar driver/veterinarian career falls through) to celebrate with him. Jack has been instrumental in developing the CRISC certification and maintaining the quality of the exam content.
Upon learning of his award selection, Mark Thomas, a top-rated speaker at many ISACA meetings and recipient of the ISACA John Kuyers Award for Best Speaker, said, “I am honored to receive this award, and appreciate all that ISACA does for our professional community.” This is a common remark from our humble honorees, who dedicate so much of their time, energy, expertise and passion toward advancing ISACA’s purpose and promise.
2018 ISACA Global Achievement Recipients pose with 2017-18 ISACA Chair Terry Grafenstine.
CISM and CRISC Exam Top Scorers pose with 2017-18 ISACA Board Chair Terry Grafenstine.
We are inspired by Gail Coury, recipient of the ISACA Chair’s Award for her dedication to advancing women in technology and supporting ISACA’s philanthropic initiatives, and Nikesh Dubey, an active author and reviewer for the ISACA Journal. We appreciate the knowledge shared by Ahmet Efe in his outstanding articles about COBIT, and we value the leadership Christian Palomino has provided in the CGEIT and CISM working groups. Additionally, our Certification Exam Top Scorers outdid themselves with seven honorees this year for our five certifications: CISA (tie), CISM, CRISC, CGEIT and CSX Practitioner (tie).
To meet these outstanding ISACA contributors during the awards presentation was truly my honor, and now I’m eager to help select the 2019 award recipients. But the Awards Working Group and I can’t do it without your help!
The 2019 ISACA Awards call for nominations is now open, and I ask each ISACA member to think about the incredible articles and speakers you have learned from and the volunteer leaders you have met throughout your ISACA journey. ISACA needs you to nominate them so we can publicly recognize their contributions. Our Global Achievement Awards and our Chapter Awards nominations close 15 August and will be presented in 2019.
To learn more about the ISACA Awards Program and to submit a nomination, visit our webpage.
To learn more about the 2018 ISACA Award recipients, download the 2018 Awards Booklet.
There is nothing quite like the birth of a child to redirect our thinking from our daily patterns and prompt us to consider the big-picture view of where our world is heading.
I recently was blessed to become a grandfather for the first time as we joyfully welcomed a beautiful little girl to our family. While the immediate aftermath of her arrival is exciting in its own right, I am especially intrigued by the long-view for my new granddaughter and all of the other children who are being born into what many are terming Generation Alpha.
What will my granddaughter’s life look like in an era when technological advancements will create new opportunities that are impossible for us to fathom? Will her favorite middle school teacher be a human being or an intelligent machine? If she decides to play soccer in high school, will her matches be officiated by referees like me, or by more advanced and precise video refereeing and goal-line technology? On her 21st birthday in 2039, will she be summoning a driver-less vehicle to take her home safely after sipping her first margarita? Will her wedding planner be a robot? As she embarks upon her professional path, which career fields will be available to her, and what modalities will she be using to acquire the necessary education, training and practical experience needed to position her for success?
It is fun to let our imaginations run wild in envisioning the future, and there are many tantalizing possibilities to ponder. The reality, however, is that our likelihood of correctly predicting which technologies will reshape society 10, 25, or 50 years into the future is slim, at best. That said, we do know that the pace of technology-driven change is only going to accelerate. Those with the innovation bug are “standing on the shoulders of giants,” building upon the advancements that we are adopting today. ISACA has always evangelized the importance of good technology and information governance, but the importance of this governance today is not only about effectiveness and efficiency, nor is it only about enhancing organizational business performance and enabling business outcomes. Governance will evolve to consider boundaries for innovation and assurance of social and ethical responsibility. And this means responsible governance for technology and information will become even more pronounced – and perhaps just a given – during the course of my granddaughter’s lifetime.
As future innovations stream to market – presenting new opportunities in both our personal and professional lives – we must apply and assure the appropriate safeguards and controls to guard against the risks of unintended consequences. The disciplined approach to governance will not take stronger root unless we prioritize digital ethics and social responsibility. Today, these concepts are generally not top of mind, as the race to embrace disruptive technologies, and to meet the challenges of digital transformation through business model innovation, take precedence, resulting in products rushed to market without appropriate consideration given to security and privacy. This is problematic enough today, as evidenced by the increasing number of data breaches and cyberattacks we have experienced. In the years to come, be aware of the dark clouds overhead when malicious uses of artificial intelligence and new developments such as quantum computing become forces with which society will have to reckon. Just as my granddaughter must learn to crawl before she can walk, and walk before she can run, enterprises must train themselves to take responsible, security-minded measures on the path from ideation to launching new products.
Appeasing shareholders with a few strong quarters of growth, or even a few strong years, is nice, but the path to sustainable enterprise success will depend upon treating consumers with genuine concern for their well-being – and for society’s as well. An enterprise failing to take good-faith measures to look out for its customers will ultimately be subject to a profound backlash from the public, as many of the biggest names on the enterprise landscape have already discovered. As the risk-reward continuum for deploying new technologies becomes more pronounced at both ends of the spectrum, enterprises will need expanded training and ingrained protocols that give digital ethics and social responsibility sharpened emphasis in a new era of technological potency.
At ISACA, we are building up to our 50th anniversary year in 2019, which gives us cause to reflect upon the momentous, technology-driven strides our professional community has helped set in motion since the organization was founded in 1969. It is even more stirring to consider what ISACA’s impact will be over the next 50 years, as the global technology workforce serves as an even more transformative engine to propel society forward.
There is no doubt that technology advancements will enrich the lives of my granddaughter and her generation, providing incredible experiences and accomplishments that that will go well beyond what is available to her parents’ generation (we are already way past mine!). As promising as this may be, I want my granddaughter to live in a society that not only prioritizes the positive potential of new technologies, but also takes into account its impact on individuals and society. Imagine this: a generation that maximizes all the gifts technology has to offer by exercising due diligence and regard for the welfare of those around them. Some may think this is a lot to ask, and perhaps a grandfather dreaming; I choose to think otherwise, remaining optimistic that it is simply the way it will be.
Editor’s note: This post originally published on CSO.
Editor’s note: P.W. Singer, strategist and senior fellow at the New America Foundation, will deliver the closing keynote address at ISACA’s 2018 CSX North America conference, to take place 15-17 October in Las Vegas, Nevada, USA. Singer recently visited with ISACA Now to discuss pressing cybersecurity considerations that governments much grapple with, the multi-faceted impact of artificial intelligence and more. The following is a transcript of the interview, edited for length and clarity:
ISACA Now: What are the primary strategic considerations for governments today when it comes to protecting their people from cyberthreats?
The essential problem is that all the issues we've been dealing with the last 10 years – cybercrime, IP thefts, botnets, etc. – are still with us, but we also now have a series of new challenges to face. Governments, not just national, but state and local governments, have to understand the combination of how the internet is changing, and, in turn, the threat landscape. We are nearing the 50-year mark of internet history, an amazing moment when you consider the change, but it is also shifting. Once it was just an internet of people communicating, but it is also now one of “things” operating.
This, of course, brings enormous gains and efficiencies, but also massively grows the attack surface, as well as raises the consequences of attacks, shifting them to the physical realm. In turn, the internet has become one of web 2.0 via social media, where we all share information but also now spread and fight disinformation (what I call LikeWar). Add in the rise of issues like ransomware, hybrid threats from states and criminals, the blight of mega breaches, and it’s a daunting time. So, the key for governments is to ensure they are keeping pace with these shifts in internet use and threats.
ISACA Now: How do you envision malicious uses of AI reshaping the threat landscape in the coming years?
AI – and by that, I mean everything from machine learning to neural networks, will be used by bad actors in everything from developing malware to scoping out for vulnerabilities. But one area I think we really are not ready for is “deep fakes.” created by AI. These hyper realistic videos, that aren’t actually true, will be weaponized against people, companies and governments. We’ve already seen examples tested in labs, where you can create a video of a speech that someone never gave, to how actresses have been put in adult films they never appeared in. This is just the start, where AI will be used to attack our very perceptions and sense of reality, in a malicious manner.
ISACA Now: Which new or emerging technologies can be most useful to governments in bolstering their security capabilities?
AI! Every technology has both good and bad uses, by good and bad people. For instance, AI is the very means to detect emergent cyber threats, scope out new anomalies before they can cause harm, sift through vast amounts of noise. Indeed, the means to detect AI-created deep fakes is other AI that can hunt for their tells. As I explore in an upcoming book, this creates a strange new world where the AIs battle, with us humans in the middle as the target.
ISACA Now: What appealed to you about joining the New America Foundation?
It is an organization that tackles the questions of what happens when technology and policy come crashing together, so people there are always wrestling with fascinating and important questions. At a recent staff meeting, for instance, we had people who were working on topics as varied as how to help the U.S. Army with cybersecurity to aiding the Rhode Island state government on adoption policy reform.
The ISACA Journal has been at the heart of ISACA’s knowledge community for more than 40 years, a tradition we are proud to carry forward into the future.
The ISACA Journal has remained a valued asset to ISACA’s professional community because it has continually evolved to meet the needs and interests of practitioners amid the ever-changing technology landscape. This year, for example, the Journal has highlighted key industry topics such as the future of data protection, innovation governance and smart transformation, with more timely content in the pipeline for the coming months. As much as we focus on the type of content that will be most relevant to Journal readers, we are equally mindful of the way in which the Journal audience is consuming content in the digital era.
In recognition of how more and more professionals prefer to read publications—the Journal included—we are refocusing the way we deliver the Journal with added emphasis on our digital presence, allowing this valuable knowledge resource to better serve our professional community and help us move more quickly toward the goal of realizing the positive potential of technology.
Effective with volume 4, 2018, of the ISACA Journal (July/August edition), you will receive Journal content exclusively in a digital format unless you choose to opt in to receive the print edition. If you wish to continue receiving the print edition, you must opt in by 26 June 2018 to ensure uninterrupted delivery. To do so, follow these simple steps:
- Log into www.isaca.org and navigate to myISACA>MyProfile
- Click on Account-Address-Demographic Info tab
- Click the Edit button at the bottom of the page
- Toward the top of the page, select the My Demographic and Other Information tab
- Scroll down to ISACA Journal Delivery Options—Print and/or Digital and check the box to opt in
- Click Save at the bottom of the page
Accessing the Journal online allows members of ISACA’s professional community to explore the Journal alongside ISACA’s extensive collection of online content, including white papers, audit and assurance programs, blog posts, podcasts, and insights from our network of affiliates, such as the Massachusetts Institute of Technology Center for Information Systems Research and Wapack Labs. As technology transforms the way people consume information, we will continue to identify opportunities that will enhance the robust digital experience for the Journal audience and make the Journal an even more esteemed resource for ISACA’s professional community.
This is an exciting time as ISACA approaches its 50th anniversary celebration in 2019. As we look toward the organization’s future, whether accessing content digitally, in print, or whatever comes next, members of ISACA’s professional community can count on the Journal providing the knowledge resources needed to navigate digital disruption and advance their careers. Opt in today to continue uninterrupted print delivery!
Serving as board chair at any time in ISACA’s history would be incredible. To be able to serve in that capacity right now – as ISACA nears its 50th anniversary and with so much riding on the work of ISACA’s professional community – makes the opportunity ahead even more of an honor.
In an era when technology is driving digital transformation in just about every imaginable way – impacting all geographic regions, both the public and private sectors and industries of all types – ISACA’s professional community is facing challenges like never before. Heightened focus on data security and privacy, a shifting regulatory environment and an expanding threat landscape mean more is expected of practitioners in audit/assurance, governance, risk, information and cyber security, and related technology disciplines.
ISACA is here to be a trusted partner in your professional journey. Together, we will navigate the changes that artificial intelligence, the Internet of Things (IoT), blockchain, quantum computing and whatever comes next will bring to the enterprise landscape – and to society at large. We are laser-focused on providing the industry-leading practices, knowledge resources, training, credentials and networking opportunities needed to advance your career and help your enterprise deliver on the positive potential of technology.
For nearly 50 years, we have helped practitioners make sense of the latest forces impacting the technology workforce. As we approach the half-century mark as an organization, it is important to recognize what brought us to this point – the combination of an exceptional community of volunteers, members and staff professionals who have worked in concert across decades to ensure that ISACA continually progresses to meet the needs of our ever-changing technological landscape.
If ISACA wishes to remain relevant for the next 50 years, we must commit – as a global community – to continuing to adapt and evolve, to showing the world, today, the technology that will be arriving and impacting their lives tomorrow.
Ultimately, though, ISACA isn’t only about technology – it’s about people.
Even more important than preparing for the advancement of technology, we need to ensure ISACA retains the right culture as a community of volunteers, members, and professional staff, all working together toward common goals. ISACA’s community culture needs to be rooted in adaptability and agility, while retaining its half-century of demonstrated commitment to excellence in everything it undertakes.
We are well-positioned to do exactly that, with recent initiatives such as the CMMI Cybermaturity Platform, a rich compilation of resources that helped our professional community prepare for and implement GDPR, the advancement of ISACA’s SheLeadsTech program and the opening of a new office in Beijing serving as promising examples of the organization’s growing reach and impact. There are exciting opportunities to build additional momentum in the year ahead, including developing and executing on a plan for an ISACA charitable foundation and continuing to innovate with our training, certifications and CSX platform.
I want to thank my predecessor, Theresa Grafenstine, for the excellent work she did as board chair during the 2017-18 term. Fortunately, Terry will remain part of the 2018-19 board, which features a tremendous range of talent and expertise from around the globe:
- Robert Clyde, CISM, NACD Board Leadership Fellow, chair
- Brennan Baybeck, CISA, CRISC, CISM, CISSP, vice-chair
- Tracey Dedrick, director
- Leonard Ong, CISA, CRISC, CISM, CGEIT, CFE, CIS, CISSP, CPP, CSSCP, ISSAP, ISSMP, PMP, director
- R. V. Raghu, CISA, CRISC, director
- Gabriela Reynaga, CISA, CRISC, director
- Gregory Touhill, CISM, CISSP, Brigadier General USAF (ret), director
- Theodore Wolff, CISA, director
- Tichaona Zororo, CISA, CRISC, CISM, CGEIT, CIA, CRMA, director
- Theresa Grafenstine, CISA, CRISC, CGEIT, CGAP, CGMA, CIA, CPA, director, board chair (2017-18)
- Chris Dimitriadis, CISA, CRISC, CISM, ISO 20000 LA, director, board chair (2015-2017)
- Robert E Stroud, CRISC, CGEIT, director, board chair (2014-2015)
- Matt Loeb, CGEIT, CAE, FASAE, CEO and director
I am proud that we are all part of an organization that devotes itself to aiding the world in recognizing the positive potential of technology. Together, with our members, certification-holders and incredible network of volunteers, we will celebrate ISACA’s proud, 50-year history, while simultaneously helping to position our professional community for its most important contributions yet. I can’t think of a better, or more exciting, time to propel ISACA forward.
Sometimes, in a professional conference, especially one that begins early afternoon, mid-work-week, it can take a while for things to get going. For introductions to begin, animated conversation to spark. For the standard taupe convention meeting room to warm up and for the buzz, well, to buzz. Sometimes, some of this, or all it, never happens; that even though you are there, you’re not "there, there."
That was not the case Wednesday, 30 May, in Edinburgh, Scotland. That day, ISACA’s 2018 EuroCACS wrapped up noonish and the SheLeadsTech™ seminar followed for the balance of the day. The women and men in the room activated SheLeadsTech program elements—raising awareness, preparing to lead and building global alliances, engaging over three hours. I have no doubt many in the room have been actively in touch in the hours and days since and will continue those connections. In doing so, they take up the challenges and embrace the wisdom that three women, long-tenured leaders, in technology, delivered that day.
First up to the podium, but in no way planted there, was Melinda Matthews Clarkson, CEO of CodeClan and the driving force behind Scotland’s first Digital Skills Academy. Her “Get Gritty” theme came through, woven through a quick review of what propelled her into tech (improving efficiencies of networked printers while an admin in the hospitality industry) to her current focus, leading a business “where you have a match of culture where you work, and work with your heart.”
Crediting leaders who’ve inspired her, including Angela Duckworth’s research and book entitled Grit, Clarkson listed grit characteristics: courage, conscientiousness, endurance, resilience and excellence. She underlined their meaning and application in her own life, both professional and personal, and emphasized the importance of mentors, coaches and cheerleaders in her career, and shared how she feels she is valued in those roles serving others.
She remarked on how difficult it is to get women into tech jobs, yet the greater challenge is keeping them there. Yet, “if we get just 10% more women working, our GDP in the UK will go up,” noted Clarkson.
Stats were definitely the storyline of Anne Moises, Scottish government CIO and leader of “Safe, Secure & Prosperous,” Scotland’s cyber resilience strategy launched in 2015 and designed to achieve world leadership and recognition in cyber resilience by 2020.
Moises shared government job data from 2017, noting that while the overall workforce shows a makeup of 52% women, in the government’s digital directorate, only 38% of employees are women. She echoed Clarkson’s call for help to get women to apply for these jobs and stay part of the tech workforce, especially in Scottish civil service where compensation and benefits are strong.
Building and leading the many vectors of Scotland’s cyber resilience program across public private enterprise, the educational system, STEM efforts and extensive up-skilling activities have reinforced long-held lessons for Moises: collaboration is essential; always build awareness; continue to build skills; and share experiences—the good and the bad. Moises noted that these are also strengths she’s seen more often in women than men, a theme affirmed in the murmurs of those present—women and men.
While Moises described a career path solely in civil service, the career course of Gail Coury, Oracle Cloud global CISO, ISACA Women’s Leadership Council member and SheLeadsTech volunteer leader, has traversed roles within Oracle as well as previous information security leadership for PeopleSoft and JD Edwards. Coury balanced her seminar remarks between candid stories of courage and her “pearls of wisdom” list inspired by Oracle’s co-CEO, something of a call to action for the crowd:
- Things need to make sense. Ask questions for explanation and understanding;
- You can recover from a bad decision, but not indecision;
- If you don’t ask, you won’t get—a lesson she illustrated with her experience in building and winning her case to attend the Stanford executive MBA program, supported by Oracle;
- Just because everything can be put online does not mean it should be (also illustrated by the previous day’s firing of American actress Roseanne Barr from her TV show, based on an outrageous tweet);
- Integrity matters; be honest and straightforward;
- Don’t stand still, make it happen. Have a sense of urgency.
While their paths—past, present, future—differed, this SheLeadsTech trio of speakers converged and captivated. They didn’t just speak, they engaged attendees with stirring stories and authentic anecdotes, telling of the bad, and the good behavior; of policies they shaped; and of people who shaped, inspired, motivated them. They talked of overcoming barriers and bias, challenging conventions and, yes, achieving success. And while they were the day's designated speakers, no doubt much the same was exchanged at every SheLeadsTech event roundtable that followed that day.
Despite the many nuances about the new General Data Protection Regulation (GDPR) and questions about how it will be enforced, panelists at Tuesday’s GDPR panel during ISACA’s EuroCACS conference provided some straightforward guidance to organizations – if you don’t need the data, don’t collect it.
Operating within that basic framework can prevent many of the GDPR-related headaches organizations are facing, panelists in Edinburgh, Scotland, said. The panel, moderated by ISACA board chair Theresa Grafenstine, included ISACA board directors Mike Hughes, RV Raghu and Jo Stewart-Rattray, along with Andrew Neal, president, Forensic Technology & Consulting, TransPerfect Legal Solutions, and Ken Macdonald, head of ICO Regions, Information Commissioner’s Office.
Several of the panelists noted that the more stringent data privacy regulation brought on by GDPR must cause enterprises to re-evaluate what data is truly essential to gather and protect.
“It’s just amazing how organizations, just sort of by habit, ask for things that are highly risky to ask for that have nothing to do with the business process for which they’re asking, but they just got in the habit of doing that,” Grafenstine said.
Macdonald brought a regulator’s perspective to the discussion, saying the immediate aftermath of the 25 May compliance deadline has been relatively quiet, although a holiday weekend surely factored in.
“But we will soon be seeing a surge, probably from organizations needing a bit of clarity on the implications of the new act, but also individuals who are starting to enforce their new [privacy] rights,” said Macdonald, who noted that regulators will be more apt to look favorably upon organizations that are making a clear effort to comply, even if they have not yet achieved full compliance.
While there is widespread curiosity about how GDPR penalties might be enforced, Neal said organizations should not expect to get by with lax compliance efforts.
“Governments have a significant amount of coercive power they can bring to bear, and we don’t know what that’s going to look like. … I would recommend against saying ‘I dare you’ to a government,” Neal said.
While the EU has been the epicenter of the wave of GDPR publicity over the past couple years, organizations in other parts of the world that do business in the EU also need to comply. Stewart-Rattray, from Australia, said more awareness about the regulation still needs to be created outside Europe, and called on boards of directors to set a leadership tone at their organizations for more responsible data privacy policies.
Neal said organizations with strong governance programs will be best equipped to thrive in the GDPR era.
“Make no mistake – most of what’s going on with GDPR is a governance problem,” Neal said. “It’s managing your data to be in line with the company’s or organization’s best interests. The ability and the incentive to reduce your data footprint while increasing your data relevancy, and the importance and the utility of that data, I think is a very positive direction.”
Citing recent ISACA data on the challenges of cross-departmental collaboration, Raghu said all stakeholders within organizations need to have more dialogue about the risks and rewards of collecting data, and potentially make changes to their business processes based on those insights.
As the panel concluded, an audience member questioned Grafenstine on whether, given the potential pitfalls of GDPR, the emphasis on big data is becoming a double-edged sword. Grafenstine said she does not view valuing data and valuing privacy to be an either-or scenario.
“I still believe that data is going to be perceived as the air that we breathe because it is absolutely what is going to fuel innovation and move society to the next level,” Grafenstine said. “We just need to make sure that we’re mindful and deliberate in how we do that.”
Editor’s note: For more of ISACA’s resources on GDPR, visit www.isaca.org/GDPR.
Given my upbringing in the Australian bush, I have long been mindful of the many challenges faced by rural women and girls. Nonetheless, the 62nd United Nations Commission on the Status of Women provided a comprehensive and jarring view of just how many systemic challenges demand the world’s collective commitment to address.
As the discussions unfolded, one common denominator to mitigating many of the challenges emerged – technology.
My background in the technology industry – as well as my involvement in ISACA’s SheLeadsTech program – led to my great honor of serving as part of the official Australian Government delegation to the Commission, which took place in March at UN headquarters in New York. The Commission had the ambitious charge of reaching consensus on conclusions to determine how to empower rural women and girls by enhancing economic opportunity, education, personal safety and a range of other critical areas that factor heavily into quality of life.
While technology cannot solve all of society’s problems, there is no other force in the 21st century as equipped to make meaningful impacts in all of these areas. That is why one of the Commission’s most important conclusions was emphasizing the importance of investing in infrastructure that expands information and communications technology in rural areas. In large swaths of the world, technology-driven activities that many of us take for granted – such as the ability to take an online course or watch a training video – are not feasible for women and girls. That level of isolation widens the gulf of opportunity as digital transformation reshapes the global economy at a staggering pace. Being cut off from technology can have even more dire consequences – alarmingly, UN statistics show that 35 percent of women worldwide have experienced physical and/or sexual violence. At a minimum, women and girls must have the ability to place emergency phone calls and report crimes to protect themselves and their loved ones.
When it comes to expanding economic opportunity for rural women and girls, the technology workforce itself needs to be part of the solution. Fields such as cybersecurity and governance of information and technology are in urgent need of more qualified professionals, largely because of a shortage of women in those professions. I can certainly attest, having been the lone woman at more conference sessions and client engagements than I can recall. The underrepresentation of women in the technology workforce is a systemic problem that will require the activation of global coalitions, one of the pillars of the SheLeadsTech program. I’ve never been more optimistic about the appetite to forge these coalitions based on the dialogue that took place throughout the session in New York.
These collaborations should also take place at the enterprise level, with organizations and professional associations sharing best practices of how to encourage more women to join and remain part of the technology workforce. ISACA’s recently released State of Cybersecurity 2018 research underscores how influential proactive enterprise attention can be. Among survey respondents from enterprises that do not have diversity programs specifically supporting gender equality, only 36 percent of women believe that they are offered the same career opportunities as men, compared to 73 percent of male respondents (a 37-point gap). Among respondents from enterprises that do have diversity programs, that gap was only 10 points, with 77 percent of women believing they have the same opportunities for career advancement as their male colleagues.
When the Commission began, it was difficult for me to envision how we were going to meet our objectives in less than two weeks’ time. With 170 UN member-states taking part in the proceedings – representing countries with distinct cultures, economies and political systems, just to name a few of the variables – finding common ground so many weighty challenges faced by rural women seemed like a Herculean task. As the session unfolded, there were times when reaching consensus on many of these topics seemed near impossible. But in mustering the required level of resolve, flexibility and persistence, the Commission arrived at a roadmap of what the empowerment of rural women and girls – with emphasis on unleashing the positive potential of technology – would look like.
Too many generations of women have been denied the same basic opportunities as men, and this inequity is especially pronounced in rural areas that have not kept pace with the technology-driven advancements that are increasingly essential to achieve prosperity. The conclusions outlined by the Commission provide strong guidance for governments, civil society, advocacy groups and enterprises alike to take meaningful steps forward in the near future. It is up to all of us to recognize the urgency of the moment and ensure we are not leaving rural women and girls behind as technology propels society forward.
Editor’s note: This blog post originally published in CSO.
Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kimberley St. Pierre, territory manager with Check Point Software Technologies, Ltd., and a leader in ISACA’s Vancouver, Canada chapter. Interested in joining ISACA and networking with colleagues like St. Pierre? Learn more here.
Early in her career, Kimberley St. Pierre worked as a sales executive for a transportation company in a warehouse setting, with forklifts rumbling, propane fumes in the air and a coating of dust throughout the building.
One day, as she sat in a rolling chair, one of the wheels came loose, sending St. Pierre sprawling to the floor, mid-meeting. That spill served as a not-so-subtle message to St. Pierre that it was time to reconsider her career options.
“It was at that moment, although I loved my clients and my employer, that I decided I would prefer to work in a different physical environment,” St. Pierre said.
And, as it turns out, a different career track altogether. St. Pierre’s next step, as a sales executive at Bell Canada, marked her initial foray into the technology sector, and nearly 20 years later, the ISACA member is a veteran of the tech workforce, including her current role as a territory manager with Check Point Software Technologies, Ltd., a multinational provider of cybersecurity software and hardware solutions.
St. Pierre has taken a recent interest in cybersecurity and envisions remaining in that field for the long-haul, saying “the industry is so dynamic and relevant to every person and organization globally, I feel the demand will be there.”
St. Pierre has lived in the city of Vancouver, Canada, for much of her adult life, but considers herself to be “a farmgirl at heart” after growing up in the Canadian province of Alberta. It was there that St. Pierre began riding horses as a 4-year-old, the origins of what developed into a lifelong passion. St. Pierre now owns a former racehorse that she has retrained in jumping, cross country and dressage, and is involved in amateur equestrian organizations and competitions in the Vancouver area. She considers being around horses “good for the soul,” and also sees tangible benefits in her daily life.
“Throughout my years of being involved with horses, I have learned patience, compassion, grit, confidence, empathy, humility, dedication, trust, responsibility and teamwork,” St. Pierre said. “These traits have served me very well in my professional career as well.”
As much as St. Pierre loves horses, she is no one-trick pony. She describes herself as “obsessed” with interior design, decorating enthusiastically for just about every holiday on the calendar, and she closely monitors the local real estate market. St. Pierre also is a frequent volunteer, having served on numerous non-profit and charity volunteer boards. Her spot on the ISACA Vancouver Chapter board is her first such role that links directly to her career.
A former colleague of St. Pierre’s, past chapter president Justin Malczewski, introduced St. Pierre to ISACA as she transitioned to a cybersecurity role with TELUS. Through ISACA’s Vancouver Chapter, St. Pierre is chair of the BC Aware initiative, a privacy and security campaign that includes educational components and events for organizations in the area. The campaign, which included a high school cyber-defense challenge competition, helped the Vancouver Chapter earn this year’s K. Wayne Snipes Best Chapter Award in the Large Chapter category.
“My local ISACA members are not only professionals in my network, but many of them have now become great friends as well,” St. Pierre said. “I am actively encouraging contacts in my business network to join ISACA Vancouver and sharing the great experiences I have enjoyed over the last two years. ISACA members reach out to one another when they are trying to solve a business challenge, recruiting new employees for their teams, or when they need to leverage the multitude of skills and expertise across our team of 650-plus members. I am thankful to be part of this great team.”
St. Pierre traces her volunteer roots back to chipping in at an elementary school library as a 12-year-old. These days, her schedule is considerably busier, but St. Pierre makes time to regularly offer guidance to her ISACA colleagues and others in her professional network.
“I was very fortunate to have had the opportunity to be mentored by some incredibly successful women and men in my career, and I feel it's very important to pay it forward,” she said.