Nine months into his one-year tenure as chairman of the (ISC)2 board of directors, Wim Remes talks to Eleanor Dallaway about his objectives, achievements and regrets as chair of board, and explains why he considers himself an under-dog...
What's your history with (ISC)2?
I joined the board in 2012, and was initially regarded as a rogue element swimming against the stream. I was the elected as chair last winter.
What are your objectives as chair?
I'm focussing on getting as much value as possible for members, and improving integration with the security community and non-members through involvement with local conferences and inviting non-members to our events. We also need to focus on communicating the value of certification.
What are the main challenges?
Keeping the curriculum up to date and relevant in line with the speed of change in the industry is a key challenge, and a job task analysis continually assess what needs updating and changing. Before I joined, the main criticism was that the CISSP is not relevant, which I never believed to be true.
How crucial is certification for information security professionals?
I'm not a fan of certification being a requirement on a job specification. A certification validates knowledge and experience, but someone without certification may still be qualified. The value certification gives to an individual is more important than ticking a box when applying for a job. The access to the information security community that comes from being an (ISC)2 member is a big driver.
We need to focus on communicating the value of certification
Speaking of sense of community, how are the (ISC)2 chapters progressing?
They enable members to learn from each other. Some are more mature than others. Each channel has a feedback channel straight back to (ISC)2, allowing feedback to be compiled collectively. Our largest chapter is in South Korea, with 5500 very active members. Our smallest chapter is in Ethiopia with six members. Rules state you must have 15 signatures to start a chapter, but this was waivered for Ethiopia.
What are the biggest information security challenges facing your members?
Our members face very diverse challenges, but a common one is making security relevant to the business. They need to learn to break away from tech talk, and be able to communicate and justify security at a management level. All information security professionals are now focussing more on risk.
The workforce study is due out in 2015. Can you make any predictions about what you expect to see from the results?
I predict that the gap between supply and demand [for information security professionals] will have increased further. I hope to see a positive trend around women in security, as I'm definitely seeing more diversity in the workforce.
How is the information industry nurturing its young talent?
We can't all be generalists and we shouldn't expect juniors to be. We should create an environment where young people can grow and develop. I believe the most valuable career path is to start your career as a specialist but use experience to become a generalist. We should allow specialists to broaden their skillsets through teaching and mentoring. (ISC)2 are active in mentoring, but could do more.
I believe the most valuable career path is to start your career as a specialist but use experience to become a generalist
How welcoming is the industry to those entering it?
It may look like a clique industry from the outside, but it isn't. People take the time to talk to each other and explain and guide. At the core of the industry, there is a lot of intelligence sharing and no competition in knowledge.
Nine months into your tenure, what has been your greatest achievement?
I've worked very well with a diverse range of people. I hope I've proven that I've come from the position of underdog and [succeeded] as chair.
If you could do it all over again, what would you do differently?
I wouldn't do anything differently if I was to do it all again. And I'd be focussed on the same goals.