Month: February 2017

ISACA and CMMI each have a deep well of expertise and rich sources of guidance and leading models in the areas they cover: ISACA in the world of governance of enterprise IT (GEIT) with COBIT, and CMMI in the world of enterprise process maturity.

Together, we have teamed up to create a new product that leverages the deep guidance available within each of the models. Specifically, COBIT 5 and the CMMI maturity models each have extensive guidance in establishing practices that permit users to better align stakeholder requirements with the utilization of IT-enabled investments; using them both together can yield a resultant value that is greater than the sum of their respective parts.

Many users of framework products look for mapping tools to assist them in using both models or to reduce initial planning and implementation resources needed to bring the second model into use. Mapping tools serve a useful purpose in that regard but have always had one significant drawback: They only attempt to reveal direct connection points between the models being mapped. That serves to speed up implementation time for the second model, but is limiting in the degree to which it unlocks the additional value that using that second model could bring.

The other issue that comes up with traditional mapping tools is that they are designed to be used in one direction only. That is, a user looks up an element in model A and finds which element or elements in model B relate are related. What if you want to start with an element in model B? That element likely exists in multiple places throughout the map and isn’t easy to isolate to determine what in model A is related. These traditional maps are unidirectional.

ISACA and CMMI saw an opportunity in this gap to produce a tool between COBIT 5 and the CMMI maturity model. Called the COBIT 5 CMMI Practices Pathway Tool, users will now be able to quickly and easily navigate from either COBIT 5 or CMMI and uncover relevant guidance in the other model. This bidirectional capability is unique and will permit users greater flexibility in deriving value from the tool.

The tool is built in Excel to provide access to a larger number of people. It takes advantage of native functionality in Excel and uses filtering to provide a quick and easy means of selecting elements of interest. There also is a guidance document with the tool to better describe its function and use.

The end result will be the ability for business IT practitioners to deliver additional value to their stakeholders.

Peter Tessin, Technical Research Manager, ISACA

[ISACA Now Blog]

Demand never has been higher for the IT advisory skill set. At our firm, we’re seeing more competition now than even existed in the SOX boom of the mid-2000s. Positions across the United States are re-maining open for months at a time. Your company wants to make sure it’s not settling on the first ap-plicant who knows the difference between CISA and COBIT and, instead, wants to attract the brightest talent that will really make a difference to your team.

We’ve seen some common themes among our clients who consistently attract the best candidates, and I’d like to share them with you so that you can win the talent war in 2017 and beyond.

Impact
The number one motivation for making a job change that I hear time and time again goes something like this: “I don’t feel like my position really makes a difference. I just check up on everyone else.” You need to make sure you’re marketing your position as one that allows the applicant to see the meaning and purpose of his or her work. Tell them success stories about your department and paint a picture for them about how you are perceived in the organization.

A recent example from one of our clients was a project where the business operations and IT security teams could not agree on the best way to move forward on a large product rollout. The IT audit team (through years of showing its value to the business) was instrumental in making sure both sides came to an agreement in order to release a workable product. Not only does this IT audit team now have the pride and satisfaction from helping shape one of the company’s most important initiatives, but is has also turned into a great recruiting story allowing them to attract top talent. That’s true impact.

Work/life balance
The rise of the Silicon Valley style corporations with unlimited vacation time, a whole year for paterni-ty/maternity leave and game tables in every conference room has made it difficult to win the talent war without offering an appealing work/life balance. At the management level, I know you’re not able to change large policies like I’ve mentioned above, but what you can do is make your department one that embraces technological advances that allows your employees to work when they can, where they can.

I realize that this is more easily said than done, but companies that are doing this are able to attract the best talent. Perks such as working a day a week from home, flexible work schedules (get in early/leave early, etc.,) and making sure on-site time is used to maximize face-to-face encounters with internal customers and team members while the rest of the work is done from a coffee shop, etc., will help you to be much more appealing to the generation that has grown up with information available any-where, on any platform.

Growth
Obviously, your goal is to retain the talent you are able to attract. The best way to do that is to make sure your employees are challenged, able to grow and never bored: “I want to make sure I’m not a (insert job title here) forever.”

It’s a common concern among candidates I speak with and human nature to not want to feel trapped. Candidates want to feel there is a career path for them and know that they won’t be doing the same thing every day. They crave variety, challenge, growth and advancement. If you plan to hire someone who already knows how to do everything in your job description, you’re setting yourself up to have someone leave your department early if there is no significant growth or challenge for them if they stay. In so far as possible, create opportunities for your employees to add to their skill sets, and enable them to advance within and eventually beyond your department. If you don’t have a compelling story about the growth opportunities you can provide for your new team members, you will continue to lose that talent to other companies who can show them a challenging career path.

Use what sets you apart
If you search for the term “CISA” on LinkedIn, Indeed, Monster and CareerBuilder, you’ll find thou-sands of available roles. On ISACA’s own job board, there are 500. With competition like that, you need to be sure your company and opportunity stands out from the rest.

What is special about your company that attracted you to work there? How do you address mentoring younger talent? What processes do you have in place to groom the candidate for future leadership roles? Also, make sure to allow the applicant to go to lunch with potential co-workers, not just manag-ers. Applicants who leave the interview believing they will enjoy working beside the people they meet will be much more inclined to want to work for you.

Highlighting smaller perks doesn’t hurt, either. Do you have a generous 401K match? Does your com-pany offer free lunches in the cafeteria? Have an onsite daycare? Make sure you advertise those.

My goal for this article was to provide value to you and help you identify some things you can do to attract the talent you need to succeed. If I can answer any questions to help you win the talent battle, write your questions in the comments below!

Brad Owens, Recruiting Director, Duval Search

[ISACA Now Blog]

Are you looking to start an (ISC)² Chapter in your area? The enrollment period for chapters in the Europe, Middle East and Africa (EMEA) and North America regions is now open through February 5. Through the chapter program, (ISC)² members and other information security professionals further advance the organization’s vision to inspire a safe and secure cyber world by sharing knowledge, raising security awareness and advancing information security in local communities around the world.

To be eligible to start a chapter, you will need to meet the following requirements:

• Be an (ISC)² member in good standing for a minimum of three years.
• Be a resident of the area in which you plan to start a chapter for at least one year.
• Have proven leadership experience in a professional setting.
• Not currently serving as an officer of another security chapter organization.
• No previous convictions of criminal activity or conduct.

Since lifting the moratorium on chapters this month, we have already received several applications from the two regions, and we look forward to receiving more! The new chapter application process is streamlined and entirely online, making it easier to get started.

To submit a chapter application, visit https://isc2chapters.communityforce.com/

Open enrollment for the Asia-Pacific (APAC) and Latin America (LATAM) region chapters will begin in Q2 2017. Keep an eye on our blog for an announcement.

[(ISC)² Blog]