My name is Seth, and I would like to run for one of the available seats on the (ISC)2 Board of Directors.
Last year, I learned about the election process right as it was announced. I'd recently been involved in a number of discussions about the CISSP exam, the certification, and its future, and I decided I wanted to do what I could to improve the certification and the (ISC)2 organization as a whole.
I quickly put up a site in an attempt to collect petition signatures to get myself on the ballot. I figured I'd try to get people's attention with an informal, offbeat way of presenting myself: as a member of a community, instead of a distant and inaccessible person, not much more than a name on paper.
I received many replies to my petition request, and they were almost all overwhelmingly positive. While I hope I don't have to grab people's attention with a tongue-in-cheek picture of me holding a CISSP prep book this year, I do hope to present the same image: as a member of a larger community, trying to gain greater representation within the organization for those of us "in the trenches."
Coming from a primarily technical background, I would like to help (ISC)2 improve the technical quality of its exams. I believe the management side, the policy and procedure side, is sufficiently well-represented within the Board of Directors; I'd like to see a minimal amount of representation from someone on the other side of the infosec divide.
I want to make the certification exams offered by (ISC)2 more respected on a technical level. While I understand that the exams are not focused on technology -- "Security Transcends Technology", even! -- this is not a valid reason for exams that have outdated, misleading, or incorrect material.
I want greater accountability from (ISC)2 to its members. This is focused on (but not limited to) exam procedure and feedback. If there is a problem, it should be acknowledged and addressed in a reasonably transparent manner.
I want the purpose and scope of the (ISC)2 certifications to be well-defined. The CISSP certification is considered the de facto standard for technical security jobs; if it is not designed to do this, there should be clear guidelines from (ISC)2 on where it is appropriate and inappropriate to be gauging the skill and qualifications of a job applicant depending on whether they have the certification.
What I said last year is a pretty good summary:
I would like to improve the way the (ISC)2 certifications are viewed by the parts of the infosec community that are more technologically oriented: the innovators, the researchers, the hackers. I'd like for my demographic to be better represented within (ISC)2; I think it would benefit both us and the infosec community as a whole. There's a large divide right now, and it's growing. I'd like to fix this.
(ISC)2 has announced six candidates for the upcoming election for four board seats. In order to be added to the ballot with these six candidates, I will need 633 (or 1% of the entire (ISC)2 member base) signatures for a petition. Signing the petition does not imply that you are voting for me, only that you would like to see me added to the official ballot.
The first step is to collect the 633 signatures. To sign my petition, send me an email at sethforisc2board@gmail.com. For it to count, you'll need to be In Good Standing with (ISC)2, use your email address on record with (ISC)2, include your member number, and state that you're signing my petition.
While 1% may not seem like a large number, getting the word out to this many people is a very difficult task. Last year I received nearly 300 signatures, but I have since then spoken with many CISSPs who didn't even realize I had attempted the petition. You can help by spreading the word in any way you can: forums, local meetups, Twitter, anything. This really is the most important thing you can do to help.
Finally, should I make it on the ballot, I'll still need to win the election. Don't forget to vote!
Seth Hardy is a Senior Malware Analyst at MessageLabs, working as part of the anti-malware Research and Response team. He has a strong background in cryptography and vulnerability research, and is currently using these skills for stopping malicious software. Outside of his primary job, Seth has been involved with cryptography research, academically and professionally, for the last nine years. Some of these areas of research include elliptic curves, combinatorial cryptography, random number generation, and trust networks.
Seth has degrees in both Mathematics and Computer Science from Worcester Polytechnic Institute, and is currently finishing his MSc., doing research on provably secure random number generation. He enjoys teaching and getting up in front of an audience; he's presented his work at a number of meetings and conferences worldwide, ranging from security group meetings, to high school classes, to large conferences such as Black Hat, DEF CON, ShmooCon, and the CCC Congress. He holds the (ISC)2 CISSP certification as well as the GIAC GREM Gold certification.
In his spare time, Seth provides free Internet services such as email and web hosting for over 100 people, and has developed a strong community called aculei animi around this technical core.
Please feel free to email me with questions, to make suggestions, or to share your thoughts.
I'll do my best to respond to every email, but please be patient and understanding if it takes a while. I got a lot of emails last year.