Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of members of ISACA’s global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kyla Guru, a leader in spreading cybersecurity awareness among young people and an active proponent of ISACA’s SheLeadsTech program.
Kyla Guru is in a hurry to make her presence felt in the cybersecurity field.
While many of her fellow teenagers still are figuring out what they want to pursue in college – or if they want to go to college at all – Guru already is spreading cybersecurity awareness as founder of Bits N’Bytes Cybersecurity, which lists as its goal to immerse the youngest members of society in cybersecurity concepts.
“These students need to be able to see the role models in cybersecurity, realize how much potential there is for growth and impact in the industry on a grander scale, and feel empowered about developing the necessary skills, both technical and interpersonal, starting now,” said Guru, a junior at Deerfield High School in suburban Chicago, Illinois, USA. “It’s all about showing them that these roles are not for one type of person, and that there are opportunities, mentors, classes, and resources, to help us catalyze change right now.”
With that type of mindset, it’s no wonder Guru is zooming down the fast track in exploring the cybersecurity field. Guru, whose father, Naganat, is a longtime ISACA member, founded Bits N’ Bytes during her freshman year of high school, and considers the “passion project” a major piece of her identity. She said her interest in cybersecurity grew from conversations with her family around the dinner table, and accelerated when she attended a cybersecurity workshop at Purdue University the summer before she began high school.
“My fascination for these topics quickly turned into a string of past-midnight conversations in the lobby of our dorm, discussing about just how much of the Internet is ‘unknown,’ ‘unseen,’ or ‘unheard,’ Guru said. “It is knowing the relevance of these studies, and an urging pull to study the unknown, that continues to fuel my passion for cybersecurity.”
In addition to becoming intrigued by the cybersecurity field generally, Guru also is a proud “steminist” who is interested in addressing the gender gap within the technology workforce. In June, Guru co-directed “GirlCon Chicago,” the city’s first all-female high school tech conference, which included a video message of support from Facebook executive Sheryl Sandberg. In pursuing sponsorship for the conference with ISACA’s Chicago Chapter, she became aware of ISACA’s SheLeadsTech program.
“With ISACA’s support, a network of female leaders from the Chicagoland area, and steady collaboration with their SheLeadsTech program, our all-high school team was able to unite over 180 female students and 50 professionals from around the Midwest in engaging in the future of technology,” Guru said. “ISACA helped ensure that our event was the most rewarding and fulfilling experience for all our attendees.
“One thing I know our team learned from our partnership with ISACA’s energetic team was that you never know what could come out of asking questions with good intention. This was justification for most of the bold moves that went into making GirlCon. Looking forward, I am certain that my collaboration with the SheLeadsTech program has opened many doors to further collaboration, and I look to the program as a support system as I continue my tech journey.”
Beyond high school, Guru intends to study computer science and cybersecurity, in addition to gaining a strong background in business and analytics. By the time Guru’s professional career begins in earnest, there is unlikely to be a client appointment or board meeting capable of fazing her. Her presentation experience includes delivering a TEDx talk titled “Hacking a Solution to Global Cybercrime,” a presentation that allowed her to reach new audiences with her message of how cybersecurity is much more tangible in our lives than many people realize.
“My grander vision for my future is to find myself constantly shape-shifting for new solutions, challenging myself intellectually, and making progressive changes to the dynamics of society that fundamentally impact lives,” Guru said.
Naganat Guru is thrilled to see his daughter share his passion for technology, and said organizations such as ISACA “need the new generation of leaders like Kyla.”
“This is one of the best things that has happened to me and our family,” he said of his daughter’s beyond-her-years contributions in the cybersecurity realm. “I became a CISA in 1998 when Kyla was not even born, but she has achieved so many laurels in the last few years that I cannot probably accomplish in my lifetime. … I may sound biased since I’m her father, but this is true: Kyla is a born leader.”
Tim Mason, ISACA Chief Experience Officer and SVP, Operations, and a six-year member of ISACA’s executive leadership, passed away unexpectedly on 31 October. As members of ISACA’s professional community, we extend our condolences to Tim’s family.
Tim’s leadership and his commitment to incredible member and customer experiences are the cornerstone of his very successful professional career. What I will recall as his most high-impact contribution to ISACA is Tim’s work with me in 2015 to define our organizational Values as well as our Purpose and Promise, centered on helping practitioners and their enterprises realize the positive potential of technology. Both were unanimously approved by the ISACA Board of Directors, and together with our Values they form the foundation for our ongoing transformation to an organizational culture of ONE. These are not just words on a wall. From this foundation, and driven by Tim’s leadership experience and energy, the ISACA community has benefitted from a wellspring of new capabilities and offerings. These include sophisticated digital marketing and analytics, an accredited training organization program, online learning and webinars, a heightened focus on product management, and a customer experience center, to name only a few. Our members and customers have seen, felt and experienced the incredible difference Tim brought to the workplace, and around the world, every day.
I walked the office floor last week following the announcement of Tim’s passing to comfort our employees during this difficult time. I was struck by many the comments I heard about Tim, including how he always said hi to everyone he passed in the hallways, his regular check-ins and counseling of staff on their career development, how his sense of humor, sarcastic at times, often helped to get through the most stressful of times, and that “he was the best boss I ever had.” Tim recognized that accomplishing great things not only requires hiring great people, but also supporting and nurturing them.
What I will remember beyond Tim’s professional accomplishments and contributions is the person Tim was outside of work. He had a real love for the outdoors, with a relentless passion for spending time on his Wisconsin farm (where he spent his final days) working the fields, hunting and fly fishing. Tim had an incredible knack for woodworking, and my wife and I will cherish forever a serving tray he made for us for no other reason than “just because.”
Most of all, he was a family man and father. Tim’s wife Brenda was, and will always be, his rock and the love of his life. His children, Nicholas and Caitlyn, were always top of mind, and his stories of what they have accomplished showed how proud he was of them. And then there’s Makenna—his granddaughter, and the apple of his eye. Yes, she had “Papaw” wrapped tightly around her little finger, and the vignettes Tim would share about her quips and antics, with this gleam in his eye, grin on his face, and warmth in his heart will remain with me forever. This was the real Tim.
Dr. Seuss said, “Don’t cry because it’s over, smile because it happened.” Tim, we’re doing a lot of smiling in your memory, and we’re going to miss you a whole lot. Godspeed, my friend.
Editor’s note: Memorial donations in Tim’s honor will benefit the Epilepsy Foundation.
The loss of Tim Mason, ISACA Chief Experience Officer and SVP, Operations, who unexpectedly passed away this week at age 59, has prompted an outpouring of love, respect and admiration for Tim from staff colleagues and throughout the professional community.
Here is a sampling of some of the comments we have received about Tim and his ISACA legacy:
From Robb Micek, ISACA Senior Vice President, Shared Services and CFO:
“One thing Tim and I used to tease each other about was the ‘traditional’ love/hate relationship between organizational leaders of Marketing and Finance. Tim would tell me stories of the many challenges he would have with CFOs prior to joining ISACA regarding funding for his marketing programs. Those stories would often start with him saying to me, “You know, bud ...,” and then he would retell the story. While there were several times where we did not have the financial resources for all the things the ISACA Marketing and Communications team wanted to do, Tim and I developed a strong partnership in part because he knew I understood the value of investment in those functions and would try to work together to figure out creative ways to “get to yes” when we could. … I feel incredibly lucky to have had Tim as one of my closest friends. I still cannot believe I am not going to have the opportunity to talk to him, share advice and ideas, and trade anecdotes about the most important things in our lives – our families.”
From Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, past board director of ISACA, chair of ISACA’s Women’s Leadership Council and director of information security and IT assurance at BRM Holdich:
“When my husband, James, was recovering from cancer and it was clear that he wasn’t well, Tim showed him such thoughtfulness, including staying with James one night when he wasn’t up for making it out to the restaurant. That sort of kindness is never forgotten. Tim also had a terrific sense of humor, and teased that he could sense I was about to make a big statement in the boardroom whenever I clicked my pen. Tim will be sorely missed.”
From Ken Kujundjic, ISACA Senior Vice President, EBD and Managing Director, Mainland China:
“Like many of us, I am having a hard time processing this news. Tim was a respected figure not only at ISACA but in the association industry. During my time at ISACA, Tim and I worked closely on many initiatives and we traveled together on many business trips. I could share any one of his many accomplishments during his time at ISACA, but I would rather like to remember his dry sense of humor. Tim could find humor in just about anything and had the ability to see the bright side of things. I will miss Tim as a valued colleague but more importantly as a friend.”
From Kristen Kessinger, ISACA Senior Manager, Media Relations:
“I had the opportunity to report directly to Tim for several months, and got to know him much better as a person during that time. I once told him that he made me nervous at first, but once I saw him melt into a puddle at the mention of his granddaughter, he no longer had the ability to be intimidating! He was so encouraging of my career and professional advancement, and he was determined to make me a more confident person. I saved a bunch of emails he sent to me while serving as my mentor, and I am so glad to have those memories of his good advice and kind words. In my most recent interaction with Tim, he called me over to look at a new video of (his granddaughter) Makenna driving his tractor. He was so excited, and his whole face was lit up. She is going to have a very proud guardian angel for the rest of her life.”
From Marie Gilbert, ISACA Director, Consumer Insights and Market Planning:
“Tim loved brand research and he loved cool research techniques. He latched on to the term ‘Euclidean distances’ when we started the market monitor brand mapping. I can hear him saying it and see him smiling. I will miss him terribly.”
From Alexander Josephite, CIA, CISA, CFSA, ISACA New York Metropolitan Chapter Past President:
“I’m very sad to learn of Tim’s passing. I’m fortunate to have met and worked with Tim when he joined ISACA. His energy was magnetic and his attitude positive and realistic. My prayers go out to Tim’s family and the ISACA community.”
Editor’s note: To find out more about ISACA’s Purpose and Promise that Tim set in motion, view this video.
Dozens of women in the SheLeadsTech program attended ISACA’s first fly-in advocacy event in Washington, DC, just a week ago with a plan to bring their voices and views to US Congressional leaders on a host of relevant legislation. After hearing speakers discuss professional development and other issues facing women in technology, delegations visited 12 offices representing California, the District of Columbia, Illinois, Maryland, New York, Pennsylvania and Virginia.
ISACA’s SheLeadsTech program seeks to increase the representation of women in technology leadership roles and the tech workforce through raising awareness, preparing to lead, and building global alliances. For this inaugural advocacy day, SheLeadsTech focused efforts on the NIST Reauthorization Bill, the future of IT audit and the role emerging technologies will play in it, and the need for a qualified federal cybersecurity workforce.
The NIST Reauthorization Bill (H.R. 6229) not only reauthorizes the National Institute of Standards and Technology but also further supports and strengthens the research and development programs of NIST, such as cybersecurity, artificial intelligence (AI), Internet of Things, quantum computing. Focusing on emerging technologies could improve the United States’ cybersecurity workforce, as well as foster further development of AI and IoT. The bill also could expand opportunities for women in the cybersecurity workforce, leaders noted.
Other bills of interest to the ISACA community are H.R. 935 – Cyber Security Education and Federal Workforce Enhancement Act, which establishes an Office of Cybersecurity Education and Awareness Branch within the Department of Homeland Security to provide recommendations to enhance the cybersecurity and computer security workforce. The bill specifically requires reporting on the causes of high dropout rates of women and minority students enrolled in science, technology, engineering and math (STEM) programs. Additionally, H.R. 2709, S. 1246 – Women and Minorities in STEM Booster Act takes important steps toward SheLeadsTech’s goal to increase the representation of women in technology leadership roles and the tech workforce, and H.R. 3137– Promoting Women in STEM Act provides avenues for SheLeadsTech goals to increase the number of women in STEM career and technical education programs.
Anne Marie Zettlemoyer, cybersecurity strategist and visiting fellow at the National Security Institute, who previously served as a special adviser to the U.S. Secret Service, and Olivia Crowley, who serves in the Army National Reserves and works for a government contractor, both spoke about the importance of security clearances. They noted these processes can take long to obtain and keep clearance, which reduces the ability for cyber experts to accept short-term assignments in federal posts. The government needs to partner with private business to offer tours of digital service as a cyber reservist, they suggested.
Zettlemoyer urged the ISACA community and lawmakers to consider the wide reach that a cyber workforce can have. “College isn’t for everyone, but a good living is,” she said. “There are several areas in cybersecurity that don’t require a university degree and can be treated as a trade; providing that opportunity would not only lift our national intelligence and security but also our economy.” She believes that retraining and investing in people whose jobs have diminished are perfect for careers in cybersecurity. “Talent and aptitude are not discriminate, but opportunity often is. We need people to answer the call, and that means looking at non-traditional backgrounds for talent. For example, coal miners are known for their exceptional analytical skills and the ability to problem-solve and react quickly when conditions change in the mine; these analytical skills can translate into triaging alerts with the proper training. Cyber as a trade can offer a high-tech path back into the workforce for them.”
SheLeadsTech advocacy attendee Sanja Kekic, president of the ISACA Belgrade chapter and member of the global SheLeadsTech Chapter Engagement Working Group, was among those inspired by the SheLeadsTech event. She plans to create an advocacy day for her chapter. “Being able to educate members of the Serbian parliament about cybersecurity and the technology workforce, especially under the SheLeadsTech banner, would be an amazing experience for our chapter,” she said.
“My career journey wasn’t through luck; it was hard work and putting myself in situations where I wasn’t always comfortable,” said SheLeadsTech Advocacy Day keynote speaker DeAndra Jean-Louis, Vice President, Global Services Operations at Workday. Providing insights from positions at IBM, Aon-Hewitt and Arthur Andersen, among others, Jean-Louis said her start as a model, after attaining a mathematics degree from Louisiana State University, spurred her to become a technology leader. “Modeling is a business – you’re an entrepreneur: working hard, working under contracts, building a book of business, building relationships, selling yourself as the product.”
Jean-Louis said she’d been told to “stay in her lane” throughout her education; a guidance counselor had advised her to have more realistic goals even as she wanted to be a doctor. Yet, she wrote down ambitious goals – to one day be a computer programmer, to work as a professional model, and to live in New York City and Europe. These all came true. She is now drafting a new list.
Being told to “stay in your lane” was a common thread with the SheLeadsTech inaugural Day of Advocacy speakers this week in Washington, D.C. Panel moderator and ISACA Women’s Leadership Advisory Council chair Jo Stewart-Rattray shared that her guidance counselor had advised that she join the police force, and she ended up studying psychology and education. Panelist Anna Murray, CEO of tmg-e*media, was an English major with a journalism career, and it wasn’t obvious to her that she would hit her stride in technology. “Younger women don’t understand that if they have communication and analytical skills, they can have successful careers in tech. We need English, economics, and other liberal arts majors.”
In her keynote, Jean-Louis shared a list of things to “always be,” which included: uncomfortable, meaning to always challenge yourself; building your brand and championing yourself; curious; building your ecosystem; making peace with failure and questioning the status quo. Whether in your personal life or while leading a team, acting with intention and clear goals is key to success. “I build strategy maps,” she shared, “that define the objectives for financial, customer, and internal business processes, including the learning and growth of employees. Every time I have an issue, I go back to my strategy map, and look at the resources and operations – you need the right people and the right mechanisms to drive success.”
Engaging young women and girls in technology goes well beyond science, technology, engineering and math (STEM) classes, SheLeadsTech speakers believe. Panelist Pam Nigro, president of the ISACA Chicago chapter, discussed the chapter’s partnership with and sponsorship of Girl Con, which is open to girls from eighth grade through high school. Girl Con’s sessions all demonstrate how tech is a part of every career path you enter; Nigro said that partnering with schools and organizations that teach kids how to be safe online can include education on privacy, cybersecurity, audit, governance and risk management as careers.
The panel’s conversation included a discussion on differing views of mentoring (it was posited that men don’t have mentors, they have champions, and women should try to do the same for other women: invite them to meetings that they wouldn’t attend otherwise, speak highly of their skills and recommend them for positions). Panelist Melody Balcet, director of global cybersecurity program for the AES Corporation, encouraged attendees to remain flexible and accept change. “Where we come from, our cultural norms, shape our career paths. Sometimes we’re forced to make changes – we lose a job, get divorced. Moving and uprooting makes many women uncomfortable, but people and kids are resilient. You can create what is important to you. Seek what makes you the best you.”
ISACA chapters may be planning a SheLeadsTech event soon; join the SheLeadsTech community in Engage to learn more about the program and how your chapter can engage, empower and elevate women in technology. Sign up for the SheLeadsTech newsletter at https://sheleadstech.isaca.org/
In my presentations on leadership, I always cite one example of an incredible leader who has touched my life and hundreds—probably thousands—of others: John Lainhart. John, an ISACA volunteer for nearly 40 years, introduced me to ISACA and the value of professional associations. He was my champion and my friend.
Today, I am heartbroken to share that the ISACA family has lost a great leader and a truly great person. John passed away early this morning.
Over his four decades with ISACA, John was involved in so many aspects of the association. He served as board chair from 1984-1985 and expanded ISACA’s geographic reach. He was known as the “father of CISA” and was instrumental in the development of COBIT. In fact, he was the lead developer of COBIT 2019, which will be released later this year. John held ISACA’s CISA, CISM, CGEIT and CRISC certifications, and was a member of numerous ISACA committees and working groups—most recently, the COBIT Working Group and the Future of IT Governance Steering Committee.
ISACA will celebrate its 50th anniversary in 2019, and John is a part of so many of those five decades of memories, milestones and successes.
He is also a part of so many of my memories. I succeeded John in his role as inspector general of the US House of Representatives, where he implemented COBIT among many other accomplishments. During his time as IG, he mentored me and helped me become the professional I am today. Though I only worked with him for one year, he supported me on my career path for more than two decades.
In addition to working for the US House of Representatives, John held positions at US Department of Transportation (DOT), the US General Accounting Office (GAO) and IBM Global Business Services’ (GBS) Public Sector, as well as his current role as a director in Grant Thornton Public Sector's Cyber Risk Advisory practice.
Throughout his career he received countless awards recognizing his outstanding work. While with GAO, he received several awards for innovative computer auditing techniques. While with DOT, he was the 1988 Paul R. Boucher Presidential Award winner—the President's Council on Integrity and Efficiency's highest award; in 1991, he received the Presidential Rank Award of Meritorious Executive; and in 1993, he was awarded DOT's Exceptional Service Award. In 1988, he was awarded ISACA's highest award, the Eugene M. Frank Award for Meritorious Service, and in 1991 he became the 14th recipient of the ISACA New York Metropolitan Chapter's Joseph J. Wasserman Award. He also received ISACA’s 1995 and 1996 President’s Awards and, in November 1996, became the first recipient of ISACA’s John Lainhart Common Body of Knowledge Award.
John co-authored two books on information systems auditing—System Development Auditor and Computerized Information Systems (CIS) Audit Manual and a National Institute of Standards and Technology special publication on systems development life cycle auditing.
But as dedicated as he was to his work, John’s first priority was his incredible family—his wife Alice, his son and two daughters, and his grandchildren. The entire ISACA family wishes the Lainhart family peace and comfort as they grieve the passing of their devoted husband, caring father, and loving grandfather.
John leaves behind a remarkable personal and professional legacy—and I am grateful to have been so profoundly impacted by his knowledge, generosity and kind spirit.
It is important to me that I carry on his legacy of leadership and mentorship—that I reach back and help others who were once where I was, when John reached back and helped me.
John recognized that one of the best parts of being a leader is the ability to help others follow in your footsteps. Today, I encourage you to follow in his. Be a John Lainhart, and find people to champion. You won’t believe what a difference you’ll make in their lives.
This weekend, all ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a dear friend. Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA Board Chair, and Board Director 2015-2018, will be deeply missed.
Only 55 years old, Rob passed away Monday, 3 September 2018, after being struck by a vehicle while jogging on Long Island, New York, USA. He is survived by his devoted family: his wife of 35 years, Connie, sons Josh and Kyle, daughter-in-law Allie Elizabeth, and grandchildren Ayden, Haylee and Jeremy.
To honor the contributions, leadership and legacy of Robert E Stroud, and with the express wishes and support of the Stroud family, ISACA has established the Robert E Stroud Memorial Fund within the Information Technology Governance Institute (ITGI). For more information on the Memorial Fund and to make a donation please visit ITGI.
Rob brought boundless energy and enthusiasm into everything he did for ISACA—and those contributions were many. He was board chair for the 2014-2015 term, and was a driving force in the launch of ISACA’s Cybersecurity Nexus (CSX). Prior to that, he was international vice president of ISACA, member of the Strategic Advisory Council and Governance Committee, and chair of ISACA’s ISO Liaison Subcommittee. He was a COBIT champion and contributed to COBIT 4.0, 4.1 and 5, as well as numerous COBIT mapping documents. Additionally, he was involved in the creation of ISACA’s Basel II, Risk IT and Val IT guidance.
His excitement about emerging technologies and extensive knowledge of assurance, governance, cloud security and DevOps made him a highly sought-after speaker at events around the world—including ISACA’s. Rob’s technical expertise, his excitement to travel and share his knowledge around the world, and his humor and wit in delivering remarks will be greatly missed.
Rob’s dedication to the profession extended beyond ISACA. He previously served on the itSMF International Board, the board of the itSMF USA and multiple itSMF local chapters.
Additionally, he served as a member of the ITIL Update Project Board for ITIL 2011 and in various roles in the development of ITIL v3.
Rob’s high-impact career in assurance, governance and innovation leaves a lasting legacy. Rob was Chief Product Officer at XebiaLabs, where in the last year he primarily focused on DevOps scalability in the enterprise. Prior to that role, he was Principal Analyst for Forrester Research Inc., where he helped large enterprises successfully drive their DevOps transformations and guided them through organizational change.
He spent more than 15 years in multiple roles at CA Technologies, including Vice President of Strategy and Innovation, where he predicted changing trends in the domains of assurance, cybersecurity, governance security and risk. He also advised organizations on strategies to ensure maximum business value from their investments in IT-enabled business governance.
On a personal note, Rob has been my good friend and mentor. It was his inspiration and support that led me to serve on the ISACA board of directors. I have had the privilege of co-presenting with Rob many times, and frequently we have had lively discussions about new technology, cloud, DevOps and how we can help ISACA have even greater impact. The day before his passing, I was working on a DevOps presentation using slides that Rob had put together and just shared with me to use. Having collaborated with him for so many years, enjoying his advice, company, humor and zest for life, I feel like I have lost a part of me. I’m sure many of you feel the same, and we will explore a fitting way to honor his contributions and legacy. I will let you know of those opportunities as they are decided by the board in a timely fashion.
Rob was always looking forward to new trends, new challenges and new opportunities, so he could best serve his clients, his colleagues, and his friends, whether bonds were just formed or existed for decades. His exuberance lit up the room wherever he went, and he was truly a guiding light and progressive proponent for the association and our professional community.
Rob’s enduring spirit of innovation will continue to influence ISACA and our global family for years to come.
Thank you, Rob. You are gone too soon. We miss you.
While artificial intelligence and machine learning deployment are on the rise – and generating plenty of buzz along the way – organizations face difficult decisions about how, where and when to introduce AI.
In a session Tuesday at the 2018 GRC Conference in Nashville, Tennessee, USA, co-presenters Kirsten Lloyd and Josh Elliot laid out many of the ethical considerations that should be part of those deliberations.
The pair detailed several instances of high-profile AI events over the past decade that highlighted the need to give ethical components of AI deployment a high level of focus early in a product or service’s design, as opposed to risking unforeseen fallout. The examples included the development of a controversial algorithm that predicted higher rates of recidivism for black defendants in the judicial system and a Stanford University study exploring how often AI could determine a person’s sexual orientation based on photos of their faces.
Yet, for all of the questionable or even potentially malicious use cases of AI, Lloyd and Eliot highlighted an extensive list of powerfully compelling uses for AI, such as advancing new medical treatments, preventing cyber attacks, improving energy efficiency and increasing crop yields. Elliot, Booz Allen Hamilton’s director of artificial intelligence, noted that AI also may prove transformative in missing person crises, such as being able to swiftly locate missing children in AMBER Alert child abductions.
Whether the potential ethical implications of AI and machine learning outweigh the good that can be accomplished is very much a case-by-case judgment call, Elliot said, requiring a holistic evaluation of the possible outcomes through a risk management lens. Successful, ethical implementation of AI and machine learning also call for strong governance, with emphasis on benefits realization, risk optimization and resource optimization. Elliot and Lloyd said organizations should identify and engage key stakeholders in AI projects, including the creation of an ethical review board and a chief ethics officer. Some high-impact deployments might also require direct access to the C-Suite for input on risk considerations.
Elliot and Lloyd suggested that organizations consider the following questions when deciding how they might want to deploy AI and machine learning:
- What are our goals?
- How much risk are we willing to tolerate?
- What is the state of our data assets?
- What talent assets do we have?
- What are our values?
From a people talent standpoint, Elliot noted there is a serious shortage of professionals with the expertise to help enterprises effectively and securely implement AI and machine learning, causing many organizations to turn to the ranks of academia and research to fill in the personnel gaps. Lloyd, an AI strategist with Booz Allen Hamilton, acknowledged the workforce worries many harbor regarding the potential for AI and machine learning to displace large numbers of practitioners, but said that there will remain an enduring need for humans’ critical thinking skills, while machines continue to introduce process improvements in computational thinking.
Taking the long view, Elliot and Lloyd said AI and related disciplines have transitioned from their previous state of simple task execution to the current era of pattern recognition, with a future that will be reshaped by added capabilities of contextual reasoning. Elliot said many of today’s common uses, such as robotic process automation (RPA), are a mere “gateway drug” to more sophisticated technologies and applications that are being aggressively researched in Silicon Valley and beyond.
Editor’s note: Luke Williams, author, professor of marketing at the NYU Stern School of Business and founder of the W.R. Berkley Innovation Labs, will give the closing keynote address at the GRC Conference 2018, to take place 13-15 August in Nashville, Tennessee, USA. Williams recently visited with ISACA Now to discuss how enterprises can spark more innovation, the concept of disruptive hypotheses and more. The following is a transcript of the interview, edited for length and clarity:
ISACA Now: How, if at all, is entrepreneurship different from it was 10 years ago?
In the past 10 years, the public perception of “entrepreneurship” has shifted toward “disruptive entrepreneurship,” which is about trying completely new products and business models that haven't been tried before. Instead of staying small, disruptive entrepreneurship is focused on high-growth businesses.
We often contrast small business entrepreneurs as sort of “incremental” entrepreneurs; they're incrementally improving business models that have already been established. So, someone who wants to open a shoe store might take their own incremental spin on it, but that's pretty much what it is. Disruptive entrepreneurship is a different form of entrepreneurship and it requires a completely different skill set. As a result, it requires a different approach to education.
Ten years ago, this approach was very much focused on the business plan: this long, elaborate document with all these sorts of financial projections. There was emphasis on getting the plan right. There was little emphasis on prototyping and experimenting. That has been a significant shift in the last 10 years. What we’re really educating entrepreneurs on today is far less about writing a business plan and far more about putting that focus, time, and energy into trying out your idea.
ISACA Now: What are some of the most common missteps made by people who are starting their first business?
I think the biggest misstep or mistake is that people are focused on finding problems to solve. We’re obsessed (in America in particular) with problem-solving. We almost use “problem-solving” as a label for thinking. The problem with problems is they’re seductively clear. They’re screaming for your attention, which typically means that problems are all that are getting anyone's attention.
The richest areas for innovation are found in the seemingly unbroken aspects of the situation you're focused on, precisely because nobody else is looking at these things. Because nothing appears to be wrong, or because it’s not broken enough to be really a problem, that doesn't mean that there’s not an opportunity there.
Often, an adequate idea blocks the emergence of a better idea. Because something is adequate, people don’t feel the need really to look at an alternative way of delivering their model. If it’s not broken, they don’t see the need to spend the time and attention to fix it.
ISACA Now: What type of management style most lends itself to fostering innovative thinking among employees?
What I’m going to talk about at the conference is the difference between sustaining leadership and disruptive leadership.
Sustaining leadership means incrementally improving what you’re currently doing. It’s all about maintaining the continuity of the current business.
Building options for the organization’s future is about managers introducing prolific discontinuity into the business – not waiting for disruption to happen, but rather being proactive. You've got to disrupt yourselves.
There are a lot of managers running around saying they value innovation. Where I find the disconnect most readily occurs is in the metrics; most managers find they’re rewarding the status quo, basically incentivizing people to keep the existing system of continuity. They have to fix that disconnect and figure out how to actually start rewarding effort rather than result.
ISACA Now: Which themes from Disrupt: Think the Unthinkable to Spark Transformation in Your Business tend to surprise people the most? What kind of feedback have you heard that are kind of new, a-ha moments for people?
There’s a tool called “disruptive hypothesis.” With a regular hypothesis, we make a reasonable prediction of what we can do, and then we test that prediction. An example: if your phone wasn't working, you would predict that the battery was flat, so you'd charge your phone. If your phone starts working, your hypothesis was correct; if it doesn't, you need to formulate another hypothesis.
That’s OK for sustaining leadership. If you want to start growing through innovation, you have to get out of the habit of making reasonable predictions and into the habit of making unreasonable provocations.
So, you might start thinking, “Well, why does a phone even need a battery?” The difference is profound. The point of a “disruptive hypothesis” is to give yourself deliberate permission to be wrong and try to create a new idea.
If you’re in a brainstorm session and everyone’s nodding and going “Yeah! Great idea! We can implement that tomorrow!” it means it’s incremental; one of your competitors is already doing it or will be soon. A disruptive hypothesis is an intentionally unreasonable statement that gets everyone’s thinking flying in a different direction.
Another takeaway from the book, I talk about the “cult of personality” problem with innovation. It forms out of celebrity CEOs – Steve Jobs, Jeff Bezos, and Elon Musk – and reminds us that they’re role models of innovation. It’s all about their personalities, and it’s not productive. It’s not about actually creating new products and services. For all of us as innovators, our most important job is to educate and create more innovators. We need to treat innovation as a skill. This isn’t about asking them to change their personality.
I often use the metaphor of cooking; there’s cooking show on every channel. Weirdly, we have a problem teaching people to cook, because it’s nothing more than, “We show you how to take the ingredients and arrange them into a meal.” It’s the same with innovation. Those recipes are ideas, and those recipes (your ideas) make the ingredients (your resources) more valuable. The cooking metaphor is powerful for people because this isn’t about inventing anything new; it’s just rearranging things we already have.
Recognition of service and of outstanding achievements has long been an ISACA tradition, and it has been my pleasure to volunteer on the ISACA Awards Working Group, which was charged with enhancing the prestige and increasing global participation in the ISACA Awards Program. We have made great progress over the last couple of years in creating a peer recognition program, soliciting nominations from our membership and inviting distinguished colleagues to fairly peer-review the nominations, identifying the “best of the best” among a rather elite professional community.
Our 2018 class of recipients lived up to that reputation, and we celebrated their accomplishments during the awards presentation at EuroCACS in Edinburgh, Scotland in May. Terry Grafenstine, 2017-18 ISACA board chair, presented each recipient with his or her award after the audience viewed a short video on the importance of recognition activities and how we can inspire future generations.
Recipients celebrate on stage and with their families and colleagues.
Jack Freund, recipient of the ISACA John W. Lainhart IV Common Body of Knowledge Award, brought his wife and 10-year-old daughter (and possible future ISACA member if her lawyer/racecar driver/veterinarian career falls through) to celebrate with him. Jack has been instrumental in developing the CRISC certification and maintaining the quality of the exam content.
Upon learning of his award selection, Mark Thomas, a top-rated speaker at many ISACA meetings and recipient of the ISACA John Kuyers Award for Best Speaker, said, “I am honored to receive this award, and appreciate all that ISACA does for our professional community.” This is a common remark from our humble honorees, who dedicate so much of their time, energy, expertise and passion toward advancing ISACA’s purpose and promise.
2018 ISACA Global Achievement Recipients pose with 2017-18 ISACA Chair Terry Grafenstine.
CISM and CRISC Exam Top Scorers pose with 2017-18 ISACA Board Chair Terry Grafenstine.
We are inspired by Gail Coury, recipient of the ISACA Chair’s Award for her dedication to advancing women in technology and supporting ISACA’s philanthropic initiatives, and Nikesh Dubey, an active author and reviewer for the ISACA Journal. We appreciate the knowledge shared by Ahmet Efe in his outstanding articles about COBIT, and we value the leadership Christian Palomino has provided in the CGEIT and CISM working groups. Additionally, our Certification Exam Top Scorers outdid themselves with seven honorees this year for our five certifications: CISA (tie), CISM, CRISC, CGEIT and CSX Practitioner (tie).
To meet these outstanding ISACA contributors during the awards presentation was truly my honor, and now I’m eager to help select the 2019 award recipients. But the Awards Working Group and I can’t do it without your help!
The 2019 ISACA Awards call for nominations is now open, and I ask each ISACA member to think about the incredible articles and speakers you have learned from and the volunteer leaders you have met throughout your ISACA journey. ISACA needs you to nominate them so we can publicly recognize their contributions. Our Global Achievement Awards and our Chapter Awards nominations close 15 August and will be presented in 2019.
To learn more about the ISACA Awards Program and to submit a nomination, visit our webpage.
To learn more about the 2018 ISACA Award recipients, download the 2018 Awards Booklet.