Editor’s note: “Notes from the Boardroom” is a series of blog posts from ISACA board directors providing transparency, context and perspective on how the ISACA board is carrying out its governance responsibilities. In this installment, ISACA Board Director Stephen Gilfus explores how the Board is focused on innovation and building member value.
To lead innovation within an association is to shift from being “stewards of the status quo” to becoming the collective and collaborative architects of our members’ future. Since joining ISACA in July 2023 and being asked by the Global Board to serve as Chair of the ITC (Innovation and Technology Committee) in 2024, my focus has been to extend the committee’s activities beyond the governance of internal IT projects. As such, in partnership with ISACA’s ARC (Audit and Risk Committee) and CHCM (Compensation and Human Capital) I have been working to transform the ITC into a body that takes an active, visionary role in de-risking the future state of the organization—moving from general IT and technology oversight to the governance of the envisioning and risk management of new products and services for our members, effectively bringing the “Big I” (Innovation) to the Innovation and Technology Committee (ITC) with the intent of making ISACA more agile in its ability to meet its members’ needs.
I am deeply grateful to each member of the Board for their endorsement, passion and support of these initiatives, which I believe are vital in maintaining ISACA’s leadership position. By bridging the gap between legacy IT governance and our current reality, we are moving the ITC and ISACA toward a proactive stance—one that contemplates how the shifting technological landscape (audit, cybersecurity, artificial intelligence and even vibe coding) will fundamentally impact our members’ careers and their daily work.
My perspective is rooted in my early studies of managerial economics and entrepreneurship, which ignited my lifelong passion for innovation and a commitment to improving the human experience. This journey includes a 25-year history of building enterprise SaaS technologies. From my tenure as a co-founder of Blackboard Inc., pre-internet, where a small team of undergraduates from Cornell University and I developed enterprise technologies for learning organizations in support of tens of millions of faculty and students globally, to my founding of the Gilfus Education Group, which focuses on driving innovation practice into education, workforce and training markets, to new initiatives, including the launch of a not for profit AI Vibe Coding Venture Studio, I have dedicated my career to developing technologies and processes that transform the way people live, learn and work.
I have, oddly enough, always been in a position where I traverse the for-profit and non-profit sectors. Throughout my founding and contributions to multiple for-profit and not-for-profit startups, I have lived and breathed the complex challenges of building organizations and designing, architecting and bringing enterprise technology to market. With this shared background, I have a deep understanding and appreciation for our members and the rigorous skills and capabilities required to audit, implement and deploy complex technological systems.
As a board member of ISACA, I frequently visit chapters and speak with members to gain an intimate perspective of what they are feeling and seeing. By asking questions about our members’ most frequent activities, current challenges and what is impacting job roles today, one gains a clear view of the relative challenges and opportunities, as well as what individual members need to learn to advance in their careers. Recent conversations confirm that our members clearly understand that the world that we all live in is already changing, impacting and influencing our current career roles.
They feel it, they know it, and if it hasn’t impacted them yet, they sense it coming, and they know it will come to them.
Change is no longer on the distant horizon; we are standing in the midst of it, in a moveable landscape where the traditional boundaries between IT audit, cybersecurity, AI and vibe coding are vanishing, and the job roles we currently have are changing in real time.
To support our members in managing change in today’s rapidly evolving markets, the Innovation Technology Committee, along with the greater ISACA Board, has been working closely with the organization's CEO, Erik Prusch, and his operating teams to embed an innovative mindset, alongside tools and technologies, that support a formal innovation lifecycle. This collaborative governance and operational effort is meant to ensure that innovation within ISACA is not just an abstract concept, but a measurable, repeatable process integrated into ISACA’s core strategy.
As a bonus, ITC committee members are deeply knowledgeable individuals and, thankfully, have not been afraid to lean into more tactical, short-term activities. Each ITC committee member and the board are keenly aware that innovation activities are transformational for ISACA and its ability to meet the future needs of its members. As such, once completed, ITC members will govern the organization against a new formal and operational process for innovation.
To achieve transformation, ITC has been focusing on three strategic phases: 1) Implementing an innovative mindset; 2) working with operational teams to develop innovation process tools and technologies; and 3) developing an innovation framework for ideation and incubation.
By fostering and mechanizing an innovation environment, we can ensure that ISACA can become and remain agile, safely exploring the risks and rewards of these vanishing boundaries. We at ISACA recognize that empowerment at all levels is key to unlocking untapped potential, ensuring that, as we embrace emerging technologies, we never lose the human judgment and ethical and tactical oversight that define our profession.
Our three innovation activities, in more detail, focus on the following:
- Driving Strategic Impact Through an Innovation Mindset
True innovation requires a fundamental cultural shift, moving ISACA beyond static processes toward a “fail fast, learn faster,” “do better, be better,” agile philosophy. By fostering a culture of psychological safety, we empower internal teams and external stakeholders to experiment with emerging technologies without fear of failure. This mindset ensures that every exploration is an opportunity to capture insights that drive long-term member value and measurable return on investment. - Developing Tools and Technologies for Innovation
To transform disruption into opportunity, we provide the community with advanced technical capabilities designed for co-creation. By deploying automated ideation platforms across our global network, we enable members to directly participate in the organization’s evolution. These tools provide a secure, “sandboxed” space to de-risk early-stage concepts, enabling us to collaboratively and collectively develop solutions that maintain a competitive advantage for our members in an ever-changing market. - Deploying a Framework for Innovation
A robust innovation framework provides the strategic architecture needed to turn abstract creativity into professional results. By institutionalizing scalable, repeatable functions—from initial insight to global launch—we ensure that resources are focused on high-impact frameworks, credentials and member tools. This structured approach, supported by formal evaluation gates, mitigates risk and drives operational excellence, empowering our global membership to achieve proactive leadership and superior career outcomes.
Creating an innovative mindset and deploying innovation processes within ISACA facilitates the aforementioned shift from being a “steward of the status quo” to a proactive architect of the digital future. Activities for innovation transformation are intended to have several key strategic impacts on members:
- Future-Proofing the Association: Evolving the Information Technology Committee (ITC) from a body focused on internal IT oversight to one that envisions and de-risks new products and capabilities for members and ensures ISACA, its chapters, and members remain relevant and ideally ahead of the curve – the result being a committee that will govern innovation and manage project risk through a known formal process accepted by the greater board and organization, making innovation agility pervasive throughout ISACA.
- Accelerated Certification Development: Imagining the future, anticipating need and facilitating the rapid launch of critical, stackable credentials that meet market demands in real time. This is demonstrated by recent certification launches like the Advanced in AI Security Management (AAISM) designed for security leaders to master AI-specific risk and ethical governance, the Advanced in AI Audit (AAIA), which empowers experienced auditors to assess complex AI systems and ensure regulatory compliance, and the Certified Cybersecurity Operations Analyst (CCOA), which validates technical proficiency in threat, detection and incident response. By treating certifications as living frameworks rather than static achievements, we create an insurance policy against obsolescence and ensure that longstanding ISACA credentials such as CISA and CISM, as well as new certifications, remain the “global currency” of the IT profession.
- Enhanced Framework Relevancy: Feeding our global member “eyes and ears” intelligence into the evolution of core frameworks like COBIT and the Digital Trust Ecosystem Framework (DTEF), ensuring they remain the gold standard for converged technologies. This includes bringing industry partners and governments into the collective to advance abilities in frameworks and proliferate market use, while extending support around frameworks like CMMI, MDDAP and ISACA’s appointment by the US Department of War in December 2025 as the global credentialing authority for the Cybersecurity Maturity Model Certification (CMMC) program.
- Global Membership Empowerment: Through the implementation of innovation practices, we are looking to provide you and 200,000+ peers with the dynamic tools and capabilities needed to realign your expertise with the job roles of the future. This agile approach ensures you aren’t just a spectator of technological change, but an active participant. By decentralizing innovation and fostering global participation, our goal is to empower you with the knowledge, skills and capabilities to pivot your career in real time, ensuring your skills remain as fluid and resilient as the digital world you govern.
- Future-Proofing the Resume: As ISACA becomes more agile through our own innovation, we are committed to providing members with the new skills and capabilities necessary to re-align their profile with these rapidly changing job roles. By showcasing how you leverage these evolving resources to integrate new knowledge into your professional practice, you prove to the market that your greatest value isn’t a single certification—it is your proven capacity to evolve at the same speed as the disruptions you are tasked to govern.
By continuously reconciling the insights of our global community with a formal innovation lifecycle, ISACA will remain at the forefront of the industry. This is how ISACA and its members maintain a leadership position and obtain the stability and agility needed to thrive in an era of rapid technological change.
True innovation is a shared journey where we collectively and collaboratively help our members move beyond legacy compliance to navigate a world shaped by rapid technological change.
