(ISC)2 Members – Please support me for the 2017 Board of Directors election

In this post, I am announcing my intention to run for the (ISC)2 Board of Directors in the 2017 election. I have been interested in doing this for a while now, however due to time restraints, I decided to wait until after the 2016 elections in order to move forward with this. Well, here we are!

Who is (ISC)2?

(ISC)2 is the not-for-profit organization that issues and oversees some of the top Information Security certifications in the world, to include the CISSP (Certified Information Systems Security Professional) and the SSCP (Systems Security Certified Practitioner). More information can be found HERE.

Why do I want to do this?

I started out really getting to know (ISC)2 as an item writer for the CISSP and CISSP-ISSAP exams (I helped create questions for these), both certifications of which I hold. As I got to know the organization, I really enjoyed working with the people from (ISC)2, all of whom had a passion for security. Eventually, I moved to Florida to become the Director of Member Relations and Services at (ISC)2. In this position, I was responsible for member benefits, events, customer service, endorsement, CPE policies, etc., but none were more important to me than being an advocate for the membership. I met a lot of members during this time and worked hard to be the voice of the membership within the organization. When the organization was young, it was run by members. As it grew and acquired professional managed staff, and has been successful, the member per employee count has dropped substantially. Given that first and foremost, (ISC)2 is a 501(c)6, not-for-profit association, I believe it is imperative that the voice of the membership continue to be heard. My unique background and experience will allow me to bring this focus to the board.

In short, I want to be your voice! I want to ensure that you are heard and your voice carries to the leadership of the organization.

Why me?

I have been in I.T. and Information Security since the mid-1990’s, so I have the experience and have felt the pain many of the members deal with each day. I have worked in healthcare, manufacturing, and Department of Defense roles. In addition, I have worked as an employee of (ISC)2 and have seen the limitations and struggles in the day-to-day operations first-hand, while working with members to resolve issues and address their concerns.

In my job as a Security Awareness Advocate for KnowBe4, I am in a unique position to have regular interactions with (ISC)2 members and the security industry at large across many industries, both face-to-face and virtually. I will leverage this interaction to provide feedback to the other members of the Board of Directors, and to help shape the organizations strategy.

Through a position on the Board of Directors, I will push to see that more resources are placed toward becoming an association of Information Security professionals that you can be proud to be a part of. Specifically, among other things I will:

  • Work to ensure that new certifications are not launched without a well designed plan and review of current certification value. These certification launches take significant resources from the membership focused projects.
  • Work to build the (ISC)2 membership in to a real community as opposed to a crowd made up of certification holders. If only 10% of the 110,000+ certified members worked toward a common goal, we could radically change the Information Security world for the better.
  • Push for more transparency from within the organization. The current Board is doing a great job with the push for more transparency, but there is more to be done. I will support the work being done and help to expand it even more.

I need your help!

Per the (ISC)2 Bylaws, any member in good standing can be elected if willing to serve per section IV.7:

The name of any qualified person who agrees to serve if elected may be submitted by signed, written petition, of at least 500 members in good standing as of the date of the election announcement, to the Board at least sixty (60) days in advance of the start of the election. Any such petition shall identify the Board seat for which the nominee is to be considered. Nominees received under this process shall be included on the ballot.

This means that I need a petition from 500 (ISC)2 members nominating me for the Board of Directors in order to get on the board election slate. This petition must be emailed to me at [email protected] from the email address you have associated with your (ISC)2 account and must contain your name and member number. I have made a sample email below that you can quickly copy and paste, replacing the key areas with your information.

Challenges to being elected.

For the sake of full disclosure, I do have a challenge to overcome with (ISC)2 in which there is a possible contention between the Bylaws and the election process webpage that states that for the “endorsed slate” (i.e. names chosen to run in the election by the Board itself), among other things the candidate must not, “Have not been a salaried employee of (ISC)² or its affiliates”. When I inquired about this, I received the following:

The definition of a qualified candidate applies to petitioners, write-ins, and slate candidates.   The qualifications needed by prospective candidates can be found here https://www.isc2.org/board-election-process/default.aspx#selection .  These qualifications include, among others, that the prospective candidate “have not been a salaried employee of (ISC)² or its affiliates”.  It is possible that prior employees of (ISC)² may have a conflict of interest, that the board would be unable to mitigate.  However, these situations are reviewed on a case by case basis subject to the (ISC)² Conflicts of Interest Policy.

I am of the opinion that the membership-approved Bylaws are the authoritative document and since they do not contain this condition, it does not apply. This is especially true given the context related to the “board endorsed slate”. I do understand where a conflict of interest could be established for a current employee, however as an ex-employee, gone for almost a year, I do not believe this to be an issue . In order to get a final decision on this, it appears that I will have to submit the petition with the 500 signatures.

What will I do with your email address?

I will only use the email address for the purpose of verifying your eligibility, communicating directly with you about the election/petition in a brief manner, and will provide it to (ISC)2 with the petition (they already have the email address after all). This is what I expect as far as emails I will send go:

  • I plan to send a short communication once upon submission of the petition
  • One short email as a reminder about a week before voting opens
  • One short email when voting opens
  • One short email with the results of the election (namely if I made it or not)

It is possible that additional emails regarding the status of the submitted petition and/or election will be sent if needed, but I promise to only do this if really necessary.

The template

If you would like to support me in my bid for the (ISC)2 Board of Directors, please copy and paste the below template in to an email that will come from your email of record with (ISC)2 , replace the bold sections with your information, and send it to [email protected].

(ISC)2 Election Committee,

I, <INSERT NAME>, holding the <INSERT (ISC)2 CERTIFICATION(S)> certification, petition that Mr. Erich Kron, CISSP #392400 be included on the 2017 Board of Directors election slate. I have sent this email from my email address of record associated with my certification and will continue to be a member in good standing for the election in 2017.


<Name><Member Number>


Thank you very much for your support!


Erich, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in the InfoSec industry.