ISACA Journal
Volume 5, 2,016 

Columns 

The Network 

Leonard Ong, CISA, CISM, CRISC, CGEIT, COBIT 5 Implementation and Assessor, CFE, CIPM, CIPT, CISSP ISSMP-ISSAP, CPP, CSSLP, CITBCM, GCFA, GCIA, GCIH, GSNA, PMP 

What is the biggest security challenge that will be faced in 2017? How should it be addressed?

Lack of awareness and support from senior management. Address this by engaging the board and senior management and keeping them situationally aware.


What is on your desk right now?

A work laptop, a personal laptop, a business notepad, a travel journal, a set of fountain pens


How has social media impacted you professionally?

It is amazing that we are no longer confined by physical geographical boundaries to network and collaborate.


What is your number-one piece of advice for other information security professionals?

Be proud and continue to partner with business and other functions toward common enterprise goals.


What is your favorite benefit of your ISACA membership?

Meeting like-minded professionals globally and learning from those interactions. Also, access to regular publications, surveys and research.

What do you do when you are not at work?

Spend my time with my family and volunteer. In my role as a director on ISACA’s Board of Directors, I visit various ISACA chapters and interact with chapter leaders and members. At the same time, I contribute in knowledge sharing by presenting at various conferences.


Question How do you think the role of the information security professional is changing or has changed?

Answer As information technology becomes integrated with business, information security professionals should be well versed in business context. The role is now changing from being reactive and supportive to proactive and enabling. Information security professionals are enabling and delivering new values just like other business functions.


Question How do you see the roles of information security, risk and governance changing in the long term?

Answer The functions will become intertwined more than they have ever been in the past. Professionals in information security, assurance, risk management and governance will have to work closely and seamlessly. I see that there will be both movement from one role to another, and professionals will become multidisciplined. ISACA enables professionals to acquire new knowledge areas and validate that knowledge through certifications.


Question How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when recruiting new members of your team?

Answer Through the process of certification, I have minimized my knowledge gaps by learning widely accepted bodies of knowledge. The certifications I have earned also help me to get recognized. When hiring, I do look at candidates who have relevant certifications more closely; for example, in a role focusing on IT risk management, a candidate who holds the Certified in Risk and Information Systems Control (CRISC) would be desirable.


Question What would be your best piece of advice for information security professionals planning their career paths and looking at the future of information security?

Answer One should understand his/her strengths and areas of interest. Generally, there are technical and management tracks. In each of these tracks, there is an option to be a generalist or a specialist. The Cybersecurity Nexus (CSX) Cybersecurity Career Road Map is a great tool for mapping a career. One can choose to be a Certified Information Security Manager (CISM) (management) or a CSX Expert (CSXE) (technical).


Question What do you think are the most effective ways to address the cybersecurity skills gap?

Answer Structured, practical and experiential learning with skill validation will have the greatest effect. Cybersecurity skills can be developed in various venues including colleges, universities and in the workplace through job conversion. An important element to bridge the gap is having the practical skill that can be usable in the field.


Question You have been an active volunteer in a number of security associations for more than a decade. Why do you make volunteering a priority among the many demands on your time?

AnswerEveryone can make a difference in this world and I choose volunteering in security associations as a way to make a positive impact in our society. Given the elevated importance of technology, our roles in ensuring that we continue to benefit from positive use of technology through security are critical.


Question What has been your biggest workplace or career challenge and how did you face it?

Answer When the roles of information security and technology risk management were not seen as adding value to business, but rather unnecessary overhead, it was a challenging time. In order to transform the situation into a more conducive environment, I did extensive outreach to business leaders and other functions. As part of the outreach, I reintroduced our value proposition and how we can be a partner rather than a barrier.

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.