ISACA is grateful to Ron Hale for his years of knowledge, leadership and dedication. ISACA wishes him well and looks forward to his future contributions to the organization and the professions ISACA serves.
What is the biggest security challenge that will be faced in 2017? How should it be addressed?
The security challenges that we faced in 2016 will continue to be issues in 2017. Change comes over time. What I see is incremental change. This change includes the increased visibility of security, assurance and risk management as essential disciplines within the enterprise. I see more resources being dedicated to cyber security and more cooperation and collaboration among governments as well as within and among business sectors. This is what will make a change.
What are your three goals for 2017?
What is your number-one piece of advice for other information security professionals?
Always remember that what we provide are business solutions to business problems.
What is your favorite benefit of ISACA membership?
For me, the most important benefit of being an ISACA member is being part of an international community of practitioners. Whenever I have a question or need a resource, I always have an ISACA member who is willing to help.
What will you do when you are not at work?
I am enjoying more time to get back in shape. I am reading more and looking for opportunities to do meaningful things. I will be able to explore professional topics that interest me. Most important, I will be able to manage my time rather than having to go to a job where my time is managed by many others.
How have you seen ISACA change over the years of your service to the organization?
In many ways, ISACA has not changed. It is still a dynamic organization dedicated to serving the needs of its members. The nature of ISACA has led it to expand from being the organization representing the IS audit profession to embracing security, risk management and governance. As the times have changed, as professional needs have expanded, as auditors have been asked to take on new responsibilities, as business experienced new challenges, ISACA has been there to accept the challenge providing knowledge, education and professional certifications that distinguish our members in their areas of practice. As a result of the challenges that ISACA has accepted, we have increased our visibility globally to become one of the most highly respected resources for professionals. This has led to some visible changes such as expanding from about 40,000 members and a staff of 40 when I started at ISACA to where we are today. While the conferences ISACA offers, the certifications we bring to the market, the resources we provide for the community of practitioners we serve may evolve with time, ISACA has remained true to its core by providing for professionals, by creating professions and by enhancing professionalism.
What are your hopes and aspirations for ISACA’s future?
At certain times every organization reaches a plateau. At this point, the organization can remain the same and continue on or it can see opportunity and embrace the challenges that are being presented. ISACA is at such a plateau. It can remain comfortable and continue on a known path or it can see opportunity and embrace change. I know that ISACA’s volunteer and staff leadership are anxious to embrace a new future for ISACA and for those we serve. The disciplines we represent, audit and assurance, security, risk and governance, are being seen not as nice-to-have capabilities in the enterprise, but critical to strategic success. Our members are more frequently brought into discussions with the board. Senior management relies more on the expertise that our certification holders bring. My hope for ISACA is that it continues to serve the constituents it serves providing them the opportunity to build careers with the guidance, education and training, and community that they need.
How have the certifications you have attained advanced or enhanced your career?
The only certification I hold is the Certified Information Security Manager (CISM). If I had not been awarded this certification, I would not have had the opportunity to join ISACA as the first director of the information security management program. I am proud to be a CISM. I think that what this certification stands for in terms of the knowledge and skill clearly presents me as a professional with the capability and expertise to lead the security efforts in an organization. In my career at ISACA, working with standards bodies such as the International Organization for Standardization (ISO), with governments around the world, with leading enterprises and with other professional bodies, the CISM clearly signifies that I am a member of the profession.
What do you think are the most effective ways to address the skills gap in the information security workspace?
think we first have to understand what the skill gap means and what reasonable approaches exist to address it. While there is a shortage of capable cyber security practitioners, I do not believe that all of these jobs will be filled by people who report to the chief information security officer (CISO) as part of the security department. Since cyber security is everyone’s responsibility, everyone in the enterprise needs to do the right thing to protect information and the infrastructure. This means that people in technical roles need to have an understanding of what their particular responsibility is and how it relates to other technical specialists. Coders, system administrators, architects, database administrators and others need to be able to implement effective cyber security controls within their discipline. This is the only way to create a secure infrastructure. It is also the only way that enterprises will be able to implement early detection and response capabilities. The same thing applies to people in nontechnical positions. They need to have an appreciation of their role in cyber security as well. Only when everyone in the enterprise is cybercapable can we expect to solve the overall cybercrisis.
How will your future work continue to serve ISACA and the profession?
While I am retired from ISACA, I still expect to be part of the profession that I have had the privilege to be part of for more than 30 years. I will have an opportunity to get more involved in the ISACA Chicago (Illinois, USA) Chapter. I also want to continue my research and writing and contribute to the body of knowledge available to practitioners.