1

GRC Professionals: Roadmap for Personal Success

Facilitated by Bashar Dari CISA, CISM, CGEIT

November 20, 2014

Idea in brief: Simple Model!

2

Know You! Lead You! Know Others! Engage/Lead Others!

It is a journey rather than a destination!

Note: Similar to the emotional intelligence (EI) model!

Know You!

3

Diversity: We are all different!

Diversity is not about how we differ.Diversity is about embracing one another’s uniqueness.

~ Ola Joeseph

1st Question: What tactics or strategies you use to better know yourself?

1. Deliberately putting yourself in a unique situation….David.

2. Toastmasters..Joanne

3. Feedback from coworkers.

4. Personality Test…Cornell

5. Solitude…Chris

Know You: My Tactics!

4

1. What do I want to be in 5-10 years?Bashar: Work-I want to be an IT Consultant. Family? Life?

2. What is my motto in life?Bashar: “Leadership is all about serving others & finding the best in everyone”

3. What are my core values that guide my actions?Bashar: 1. Honesty & Integrity. 2. Collaboration. 3. Excellence. 4. Service.

Name: Stan

5-10 Years Goal: IT Security Consultant

Motto: Lead By example

Core Values: 1.Service 2. Integrity.

In late 2009, I enrolled in Government of Alberta’s

Leadership Program. I have been asked these 3

questions. I needed to share my answers with my

Leadership Team.

They are now part of my resume!

There are three constants in life: Change, Choice and

principles ~ Stephen Covey

Know You: Personality Tools!

5

Myers-Briggs Type Indicator (MBTI) assessment is a psychometric questionnaire designed to measure psychological preferences in how people perceive the world and make decisions.

The preferences are grouped in four categories:Extraversion (E) – (I) Introversion

Sensing (S) – (N) Intuition Thinking (T) – (F) Feeling

Judging (J) – (P) Perception For more info, visit http://www.myersbriggs.org/

Mine is ENFP…The Inspirer

What is yours?

ISTJ - The Duty Fulfiller ESTJ - The GuardianISTP - The Mechanic ESTP - The DoerISFJ - The Nurturer ESFJ - The CaregiverISFP - The Artist ESFP - The PerformerINFJ - The Protector ENFJ - The GiverINFP - The Idealist ENFP - The InspirerINTJ - The Scientist ENTJ - The ExecutiveINTP - The Thinker ENTP - The Visionary

http://www.personalitypage.com/html/high-level.html

Know You: Personality Tools!

6

Insights: http://www.insightsvancouver.com/

We want to create a world where people truly understand themselves and others,and are inspired to make a positive difference in everything they do

Mine is:Yellow Green Red

Blue

What is yours?

Your “Personal Profile” contains sections like:

Key strengths & weaknesses Value to the team Communications Possible blind spots Opposite Type Suggestions for development Management (managing Bashar & motivating Bashar)

Know You: GRC Knowledge

7

2nd Question: How do you acquire GRC Knowledge?

1. Response 1

2. Response 2

3. Response 3

4. Response 4

5. Response 5

Know You: GRC Knowledge

8

GRC related Knowledge can be acquired through myriad ways:

1. Membership with professional organizations and tapping on their knowledge libraries (e.g. ISACA, ISC2,PMI, ITSMF …etc).

2. Fast-track knowledge by studying for a professional certification (e.g. ISACA certifications).

3. Hands-on experience with related GRC activities.

4. Online resources (e.g. webinars, virtual conferences, social media …etc).

5. Reading GRC-related books, magazines, …etc.

6. Youtube: (COBIT:Example, ITIL:Example, TOGAF:Example).

Lead You!

9

Knowing others is intelligence;Knowing yourself is true wisdom.

Mastering others is strength;Mastering yourself is true power.

If you realize that you have enough, you are truly rich.~ Lao Tzu

3rd Question: What tactics or strategies you use to better lead yourself?

1. Response 1

2. Response 2

3. Response 3

4. Response 4

5. Response 5

Lead You: My strategies!

10

Lead By Example:

“Be the change that you wish to see in the world”~Mahatma Gandhi

Positive Outlook:

“A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty”

~Winston Churchill

Continuous Learning & Improvements:

“Live as if you were to die tomorrow.Learn as if you were to live forever”

~Mahatma Gandhi

Examples: Clean desk policy, wearing your business photo ID, and maturing processes

that you own.Also, Lead by example when it comes to others asking you

to change!

It is easy to find problems… we are all wired to do that!

The trick is to come up with suggestions to address them and be part of the solution.

There is always something good in any problem…You

just need to find it!

Be passionate about learning: 2014 resolutions, development plan & career

plan!

11

Lead You-ISACA Certifications!

90,000+ CISAs certified since inception in 1978 18,000+ CISMs certified since inception in 2003

16,000+ CRISCs certified since inception in 20105,000+ CGEITs certified since inception in 2007

12

Global recognitionCredibilityHigher payDiverse career opportunities Career advancement

+ Based on my own experience Continuous LearningIn-depth knowledge in that certification area ** Reference Material **

Value of Professional Certifications

Lead You-ISACA Certifications!

Tip: If you are already an ISACA Certified,

Have you looked at other certifications (e.g. PMP,

ITIL & TOGAF)?

Remember that GRC is not restricted to ISACA &

COBIT!

Lead You: Leadership!

13

Organizations have many leadership development programs/initiatives:

Examples:Government of Alberta: Two years GoA Leadership Program. University of Alberta – Management CertificateBC Ferries:

1. Coaching for business success & Coaching for Excellence.2. Skillsoft Leadership program (9-10 modules)3. Leadership Program with a local university.

* Seize the opportunity & Join your organization’s leadership initiatives *

Key advantage: Opportunity to connect with

Business and others in a positive,

learning setting.

Tip: I follow Leadership gurus on twitter. I compiled my own

leadership twitter lists if you want to get a head start!

Lead You: Toastmasters!

14

Toastmasters: WHERE LEADERS ARE MADE!

Toastmasters was suggested to me by my Technology mentor in

2011 and I joined them in 2012. I am now

member of two clubs: Advocates &

Coastmasters-Corporate. I am also VP Membership

with Advocates.

Youtube link: www.youtube.com/watch?v=WxAV39ySH2A

Lead You: Mentoring!

15

Mentorship is one of the most rewarding relationship that you might have (either as a mentor or mentoree).

Values of establishing a mentorship relation:1. Law of connection.2. Law of inner circle.3. Law of addition.4. Law of explosive growth.5. Law of legacy.6. Self development & self-awareness.

For more information, check this video: http://www.youtube.com/watch?v=aM-vHOzU5PI

Did you know that my Technology Mentor “Robert Burwood”

introduced me to iPad, Twitter & Toastmasters?

Lead You: 7 habits of highly effective CISOs

16

Habit 1: Let your strong moral compass guide you — always.

Habit 2: Be flexible and nimble.

Habit 3: Run security like a business.

Habit 4: Make patience your top virtue.

Habit 5: Be the king maker, not the king.

Habit 6: Work the corporate psyche.

Habit 7: Gather data and know how to use it.

Source: Forrester Research by Khalid Kark.

Five secrets to success:1. Understanding and communicating risk.2. Collaborating3. Delegating.4. Having a great mentor.5. Understanding the business.

Know Others!

17

Fred Factor principles:1. Everyone makes a difference

2. Everything is built on relationships3. You must continually create value for others, and

it doesn't have to cost a penny.4. You can reinvent yourself regularly.

Mark Sanborn (Link)

4th Question: What tactics or strategies you use to know others?

1. Talk/Ask …Allen.

2. Social Media + google…

3. Share a meal with them.

4. Response 4

5. Response 5

Know Others!

18

1. In Project Management, they call it “Stakeholder Analysis”. Do you know who are your key stakeholders/partners?

For example: In my organization, we partner with “Privacy Office”, “Internal Audit”, “Risk & Insurance”, “HR” and “Safety & Security” departments.

2. Simplest approach: Observe and ask questions. (e.g. notice their insights blocks).

3. Attend professional meetings (e.g. ISACA monthly luncheon meeting or conferences) to connect and network with other GRC professionals and vendors.

4. Social Media: Use LinkedIn, twitter and facebook to connect with others. Do you know how to connect on twitter?

5. Meet with your stakeholders on a 1-on-1 or coffee/lunch meetings. Do not underestimate the power of meeting outside work!

Engage/Lead Others!

19

People do not care how much you know until they know how much you care

~ John Maxwell

5th Question: What tactics or strategies you use to engage/lead others?

1. Response 1

2. Response 2

3. Response 3

4. Response 4

5. Response 5

Engage/Lead Others: Engagement Models!

20

A study of different retail outlets for the same company has shown that the three key factors contributing to better outcomes are:

Know Me Focus on Me Support Me

Top questions to ask for Engagement (mainly employee but can be extended to any context):

1. Do I listen to their ideas and concerns?

2. Do I communicate clearly what I expect of them?

3. Do I ensure they have the resources they need to do their job?

4. Do I give them the chance to do what they do best?

5. Do I praise them for doing a good work?

6. Do I show I care about them as a person?

7. Do I encourage their development?

We have them printed and laminated.

Engage/Lead Others: Professional Organizations!

21

Membership in professional organizations (e.g. ISACA and PMI) has twolevels of engagement:

1. As a member: mainly connecting and networking.

2. As a Board member: Leading your chapter and constituents. Learn more by watching this video.

Youtube link: www.youtube.com/watch?v=4-ETu9iAa0w

Engage/Lead Others: Partnership!

22

One of the best way to engage and lead others is by rallying behind aCommon Cause. A great example that works for me all the time is:“Information Security Awareness”. We all know that we need ongoing andsituational awareness process. Though, dealing with people involves working with all your key stakeholders.

How about partnering with a vendor?BC Government has been organizing “Security Awareness Days” each year and they ask their vendors to sponsor them.

How about letting one of your partners drive your initiative?Privacy Office (from a FOIPPA compliance) can drive some of your initiatives(e.g. end point encryption).

How about partnering with your Audit team?Partnering with your audit team will bring value to both parties. For example,Office of the Auditor General in Alberta was driving all ministries to developand implement an IT Controls Framework. Try it!

Engage/Lead Others: Social/Sport Activities!

23

Story #1: Shadowing Energy Deputy MinisterPart of the “United Way” campaign. I was able to ask DM for advice. He gave me two Encore “Thank You” Cards. His words “You got the right attitude & approach” are part of my resume! He is now the DM for the Executive Council in Alberta. He is a big champion of the GoA Leadership Program.

Story #2: Connecting with 2 Admin SupportAt the beginning, I had performance issues with 2 admin support staff. Later, one of them told the CIO that I am the best thing that ever happened to her. I told the CIO that the other person touched my mind (Fred Factor book) and my heart (gave an orange rose to my wife on her birthday).

Story #3: Captain of Big BikeWhat a great way to connect with your co-workers in a fun way while helping a great cause “Heart & Stroke”.

I have been doing it for the last 7 years and I am always amazed by the generosity and stories of everyone.

Dare to try it!

Story #4: Corporate ChallengeI participated in many activities during the corporate challenge in Alberta both as a member and a captain. Each activity is a different team building experience. I use photos to capture the legacy of these rich & memorable events.

Connect & network with Bashar!

24

You will be amazed as to what we have in common and how we can help each other learn & grow…

Let’s connect!

Social Media Links:

http://ca.linkedin.com/in/bashardari

http://twitter.com/bwdari

http://www.facebook.com/bashar.dari

http://www.kiva.org/lender/BasharDari

Emails:bashar.dari@bcferries.combwdari@hotmail.com

25

Any questions or needs?!