What is the biggest security challenge that will be faced in 2017? How should it be addressed?
The biggest challenge, is the human element. Lack of employee cyberawareness, weak passwords, failure to implement patches, falling for phishing scams and insider threat will do more cumulative damage than complex emerging issues.
What are your three goals for 2017?
- Developing a leadership pipeline
- Continuing and strengthening ISACAs Women in Technology initiative
- Exploring charitable options through ISACA’s ITGI foundation to give opportunities to people in developing nations or underrepresented demographics to obtain leadership skills, relevant training and certifications.
What is your favorite blog?
ISACA International does a great ISACA Now blog. CyberScoop and NextGov do a great job of reporting on important issues.
What is your number-one piece of advice for other audit professionals?
Do not rest on the fact that you are a regulatory requirement. Provide value to your organization every day.
What is your favorite benefit of your ISACA membership?
The fantastic people—the members, the volunteer leaders and the staff. ISACA has benefited my career in monumental ways, but the biggest benefit has been the friendships.
What do you do when you are not at work?
When I am not at work and I am not doing ISACA work, I am at my son’s ice hockey game, helping my daughter find the right college or walking the dogs with my husband.
As ISACA’s incoming chair of the Board of Directors, how do you see ISACA growing and adapting to the constantly changing marketplace and needs of its constituents over the next year?
New technologies—and threats—are introduced almost daily. ISACA represents an interrelated, yet diverse, set of constituents. As risk, audit, security, cyber and governance professionals, we need to be agile and prepared. Whether it is through partnering with other professional associations on content development or training, or the way in which it structures its volunteer committees, ISACA is looking at ways to become more agile to better serve its members and their professions. For example, ISACA was once tied to a volunteer structure that allowed appointments and changes on only an annual basis. By moving to a more agile model, ISACA is now able to move from a reactive to a proactive posture to tackle changes in technology, threats and future trends.
Can you briefly describe your role as inspector general (IG) of the US House of Representatives? What in your past experience has best prepared you for this position?
As IG of the US House of Representatives, I am a nonpartisan, senior House official who is jointly appointed by the speaker, majority leader and minority leader of the House. I am responsible for planning and leading independent audits, advisories and investigations of the financial and administrative functions of the House. Aside from having the necessary technical skills, I believe the experience that most prepared me for this position is, oddly, a moral philosophy class that I took as an undergraduate at St. Joseph’s University (Philadelphia, Pennsylvania, USA). Father Lombardi stressed that to really understand what you believe in, you need to understand a problem from all sides—and be able to argue with equal strength from all sides. As a person who needs to get bipartisan approval on everything I do, understanding how people think, how they solve problems and how they prioritize things has been critical in tackling important issues, bridging divides and, ultimately, making a difference.
How do you believe the certifications you have attained have advanced or enhanced your career? What certifications do you look for when recruiting new members to your professional team?
I believe getting certifications has proven my commitment to my profession and to life-long learning. Certifications are an outward representation and assurance of your skills, but they represent only one aspect of professional commitment. Getting involved and participating in a professional association demonstrates your connection to the broader professional community and helps you grow as an industry leader. When hiring staff at the House, I look for diverse certifications and higher degrees to help address the broad range of problems we face. Even as a senior executive, I like to show my commitment to the profession and prove my capability to my staff (and to myself!) by sometimes sitting for the same training and exams they are pursuing—which is the reason why I have so many certifications!
What has been your biggest workplace or career challenge and how did you face it?
I think an ongoing challenge for any professional is the rapid pace of change. How do we keep up with it? How do I find and retain staff who can meet the changing demands? This is even more so in the congressional environment. Every member of the House of Representatives is up for reelection every two years. In addition to the changes brought about by elections, leadership positions change as well. In my seven years as IG, I have served under three different Speakers of the House and four different congressional oversight committee chairmen. With all of these changes in leadership come changes in priorities, focus and direction. It teaches you to be nimble in adjusting the audit plan. You also need to be able to quickly acquire new or different skills to adjust to the changing priorities. That agility has made me a better auditor and a better leader because it forces me to constantly think on my feet and help others, who may struggle with change, to adapt.
What do you think are the most effective ways to address the lack of women in the information security workspace?
Diversity goes beyond a feel-good social initiative; it impacts the bottom line. It is a powerful resource that, if properly leveraged, increases an organization’s ability to connect with a broader base of people, deepens an organization’s knowledge base and, ultimately, reduces enterprise risk. When there is a pipeline shortage of women to fill senior leadership roles or in science, technology, engineering and mathematics (STEM) career fields in general, this puts organizations at risk. Women leaders bear a special responsibility to help fill this pipeline by serving as role models and mentors to our next generation of leaders. We need to connect with girls and young women to show them what a Woman in Technology leader looks like. If we wait until they have already made career decisions, it may be too late. I think it is important to volunteer at local schools as speakers on career day. I think it is especially important to reach out to schools in at-risk communities to show students that IT security is an amazing career option. If they have never heard of it, they cannot choose it. We can not only address some of the pipeline issues, but we can literally change the trajectory of young people’s lives.