Latest news with #JamieNorton
Business Wire
a day ago
- Business
- Business Wire
ISACA Welcomes 2025-2026 Board of Directors
BUSINESS WIRE)--ISACA, a global professional association championing the workforce advancing trust in technology worldwide, installed its 2025-2026 Board of Directors during the association's Annual General Meeting held today in Chicago, Illinois, USA, and virtually. This group of top global experts will be headed by returning board chair John De Santis and new board vice chair Jamie Norton. Returning chair John De Santis to lead board with incoming vice chair Jamie Norton. De Santis is a technology executive and past chairman and CEO of HyTrust, an IT infrastructure security software company that was acquired by Entrust in January 2021. A company-builder based in New Hampshire, USA, he has more than 40 years of international and US-based experience at venture-backed technology start-ups as well as at large global public companies in the telecom and IT fields. He currently serves on the fiduciary boards of Cequence Security and ValiMail, leading innovators in the cybersecurity space. Prior to HyTrust, he was vice president, Cloud Services for VMware, chairman & CEO of TriCipher, entrepreneur-in-residence at Trident Capital, and CEO at Sygate Technologies, where they developed the technical foundation of Symantec's Enterprise Endpoint Protection suite. In his earlier experience, he led European operations for various software, hardware and telecom networking companies, as well as co-founded and led to exit a start-up that built the first optical fiber networking capability for IBM mainframes. "Leadership is a responsibility I take very seriously. For me, it's about walking alongside others instead of leading from above, listening more than speaking, lifting others up and creating an environment where everyone feels heard, valued, and empowered. It's about relentless curiosity, constant learning, and doing the right thing," says DeSantis. "The board is committed to working hard for the good of the association, its members and stakeholders, ensuring transparency, unity, innovation and progress. I commit wholeheartedly to help fulfill our noble mission, instantiate our vision, and accomplish the goals we set together." Advancing to board vice chair is Jamie Norton, a highly respected cybersecurity, AI safety, risk, governance and assurance expert based in Australia who currently serves as chief information security officer for the Australian Securities and Investments Commission (ASIC). Prior to ASIC, Jamie was a partner with corporate advisory and restructuring firm McGrathNicol and chief information security officer (CISO/CSO) for the Australian Taxation Office. He also currently serves on the board or as an advisor to several leading organizations, including Australian startup Crisis Commanded, enabling clients to decisively take control during crisis response. He has contributed to many industry initiatives and programs, including ISACA's CISM certification, Australian Cyber Security Strategy and the ASD IRAP and Cloud programs. A long-time ISACA member, Norton is a speaker and media commentator and regularly works with boards, executives, and operational teams to enhance their capabilities, awareness, and performance. One new director has joined for the 2025-2026 term—Dr. Tim Sattler. A recognized information security and cybersecurity leader based in Germany with over two decades of experience shaping enterprise security strategies across diverse industries, Sattler currently serves as the Head of Corporate Information Security and CISO at Jungheinrich AG, a global intralogistics leader. Sattler spearheads the organization's information security and cybersecurity initiatives, has established company-wide ISMS programs and developed multiple security capabilities from the ground up. Before joining Jungheinrich, Sattler held senior security leadership roles at Kuehne + Nagel, Bauer Media Group, and Nordcapital Group. He has contributed extensively to ISACA as a past chapter leader and through multiple international committees, working groups, and task forces. In total, the following 13 leaders were installed on the 2025-2026 ISACA Board of Directors during ISACA's Annual General Meeting: John De Santis, chair, technology executive and past chairman and CEO, HyTrust, Inc., USA Jamie Norton, CISA, CISM, CGEIT, CISSP, CIPM, vice chair; chief information security officer for the Australian Securities and Investments Commission (ASIC) Tracey Dedrick, director and 2020-2021 board chair; board member and chair of the Risk Committee for First Bank Puerto Rico, USA Stephen Gilfus, NACD director, director; chairman, Gilfus Education Group, general partner at Oversight Ventures; founder, Blackboard Inc. Niel Harper, CISA, CRISC, CDPSE, CISSP, NACD. DC, director; technology and cybersecurity executive and the global chief security officer at JetBrains, Germany Gabriela Hernández-Cardoso, director; NACD director, social entrepreneur and past president and CEO of GE Mexico, Mexico Jason Lau, CGEIT, CRISC, CISA, CISM, CDPSE, CISSP, HCISPP, FIP, CIPP/E, CIPM, CIPT, CEH; director; global chief information security officer at Hong Kong and Singapore Massimo Migliuolo, director; executive chairman, Intuin, Malaysia and Switzerland Pamela Nigro, CISA, CRISC, CGEIT, CRMA, director and 2022-2023 board chair; vice president of security and security officer, Medecision, USA Maureen O'Connell, director; finance and education executive, audit chair for three public boards, USA Tim Sattler, PhD, CISA, CISM, CGEIT, CRISC, CDPSE, CISSP, CCSP, ISO 27000 LI/LA, director; head of corporate information security and CISO at Jungheinrich AG Germany Asaf Weisberg, CSX-P, CISM, CRISC, CISA, CDPSE, CGEIT, director; founder and CEO of introSight, Israel Erik Prusch, Director and ISACA CEO, USA 'It is a true pleasure to welcome this year's board directors, who have all contributed so much to both this organization and the industries we serve,' said Prusch. 'Each member brings valuable insight, experience and passion that strengthens our mission and vision and amplifies our impact for our members.' This year's Annual General Meeting coincides with the first ISACA Awareness Day in Illinois, where the organization is headquartered. Read the full proclamation here. Read board member biographies at About ISACA For more than 55 years, ISACA ® ( has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways.
Techday NZ
26-06-2025
- Business
- Techday NZ
Organisations lag in AI policies & skills as workplace use surges
A new survey has found that while artificial intelligence use is widespread in workplaces, most organisations are unprepared to address associated risks due to a lack of formal policies and training. ISACA's annual AI Pulse Poll, which surveyed 3,029 digital trust professionals across the globe, revealed that 81 percent of respondents believe employees at their organisation use AI, regardless of whether it is officially permitted. Despite this high adoption rate, only 28 percent of organisations have a formal AI policy in place. According to the research, 22 percent of organisations provide AI training to all staff. In contrast, almost one third of organisations provide no AI training at all, while 35 percent restrict training to IT-related roles. Most digital trust professionals view this skills gap as pressing, with 89 percent saying they will need AI training within the next two years to retain or advance their careers, and 45 percent indicating it will be required within six months. Jamie Norton, Board Director at ISACA, highlighted that the integration of AI tools at work is outpacing the development of organisational oversight and policy. He pointed to growing risks from sophisticated threats, such as deepfakes, that organisations are not sufficiently prepared to counter. AI is already embedded in daily workflows, but ISACA's poll confirms governance, policy and risk oversight are significantly lacking. A security workforce skilled in AI is absolutely critical to tackling the wide range of risks AI brings, from misinformation and deepfakes to data misuse. AI isn't just a technical tool, it's changing how decisions are made, how data is used and how people interact with information. Leaders must act now to establish the frameworks, safeguards and training needed to support responsible AI use. The survey found that while AI is delivering tangible benefits—68 percent report time savings and 56 percent expect a positive impact on their career in the next year—organisations lag in implementing comprehensive frameworks. Only 28 percent have a formal AI policy, although this figure is up from 15 percent last year. Similarly, 59 percent permit the use of generative AI, up from 42 percent in the previous year. Respondents are employing AI for a variety of functions: 52 percent to create written content, 51 percent to boost productivity, 40 percent to automate repetitive tasks, 38 percent for analysing large data volumes, and 33 percent in customer service roles. Despite these applications, understanding of AI remains limited. Over half (56 percent) consider themselves somewhat familiar with the technology, 28 percent very familiar, and only 6 percent extremely familiar. Concerns about the risks associated with AI are significant. Sixty-one percent report being very or extremely concerned about generative AI being exploited by malicious actors. Fifty-nine percent believe AI-powered phishing and social engineering attacks have become harder to detect, and 66 percent expect deepfake attacks to become more sophisticated within the next year. Despite these risks, only 21 percent of organisations are investing in detection or mitigation tools for deepfakes. Questions also remain around organisations' ability to manage the ethical aspects of AI. Forty-one percent think ethical issues such as privacy, bias, and accountability are being addressed adequately, while just 30 percent express high confidence in their organisations' ability to detect AI-related misinformation. For many organisations, AI risks are still not a top-level priority. Only 42 percent view them as an immediate concern. The top cited risks include misinformation or disinformation (80 percent), privacy violations (69 percent), social engineering (63 percent), loss of intellectual property (53 percent), and job displacement (40 percent). Jason Lau, ISACA Board Director and Chief Information Security Officer at commented on the need for continuous learning and updated AI policies. Enterprises urgently need to foster a culture of continuous learning and prioritise robust AI policies and training in AI, to ensure they are equipping their employees with the necessary expertise to leverage these technologies responsibly and effectively—unlocking the AI's full potential. It is just as important for organisations to make a deliberate shift to integrate AI into their security strategies—threat actors already are doing so, and failing to keep pace will expose organisations to escalating risks. The survey indicates that organisations are recognising the need for more AI skills: nearly a third expect to increase jobs for AI-related functions within the next year. Additionally, 85 percent believe many roles will be modified because of AI, while 84 percent rate their own expertise as beginner or intermediate. Seventy-two percent of respondents say AI skills are very or extremely important for professionals in their field at present. The findings suggest organisations must address the skills gap and integrate AI risk management into their broader security and governance strategies if they are to respond to the challenges of expanding AI adoption in the workplace.
Techday NZ
30-04-2025
- Business
- Techday NZ
Majority unprepared for quantum computing's security risks
Most organisations remain unprepared for the security and business implications of quantum computing, despite growing concerns among professionals about the potential risks it poses to current encryption methods, according to recent research from ISACA. The ISACA Quantum Computing Pulse Poll, which surveyed more than 2,600 professionals in fields such as digital trust, cybersecurity, IT audit, governance and risk, found that while awareness of quantum computing's transformative potential is increasing, concrete planning and readiness measures are largely absent from organisational agendas. According to the poll, 62% of technology and cybersecurity professionals are concerned that quantum computing could break today's internet encryption, raising the possibility of vulnerabilities in digital signatures, websites, utilities and medical records. However, just 5% of respondents said that their organisation considers quantum computing a high priority for near-term planning, and only 5% report having a defined strategy for it. Jamie Norton, ISACA Board Director, highlighted the accelerating pace of quantum computing and the significant implications for sectors that handle large volumes of sensitive data. He said, "Too many Australian and New Zealand organisations remain in reactive mode and underestimate quantum computing's potential to break existing encryption. Now is the time to assess whether you have the expertise to implement post-quantum cryptography solutions and start building internal capability. This is essential to mitigate its impact and protect sensitive data, maintain customer trust and ensure long-term business resilience." The research underscores that many see potential for quantum technology to drive major advancements. Sixty-three percent of respondents expect quantum computing to significantly speed up computational tasks or data analysis, and 46% anticipate that it will lead to revolutionary innovation. Nearly half (48%) are optimistic about the impact quantum computing could have within their sector. At the same time, respondents are alert to new risks, with 63% saying quantum computing will increase or shift cybersecurity risks. More than half (57%) believe it will create new business risks, 52% expect that it will change the skill sets required by businesses, and 50% foresee challenges around regulation and compliance. Among participants from Oceania, concern was even higher across all these areas by at least 10 percentage points. A total of 62% of respondents expressed concern that quantum computing could break current internet encryption before new, quantum-resistant algorithms have been fully implemented. More than half (56%) cited fears around the so-called "harvest now, decrypt later" threat, whereby data is stolen now with the intention of decrypting it using quantum computers in the future. Despite a quarter of poll respondents believing that quantum computing will have an industry-wide impact within five years, and 39% saying they expect it in six to ten years, many organisations are taking a wait-and-see approach. Forty-one percent report no plans to address quantum computing at this time and 40% are not aware of their company's intentions regarding quantum issues. When questioned on the role of quantum computing in their current technology strategies, only 15% indicated it was on a long-term roadmap, while 19% had discussed it in some form but made no formal plans, and 37% had not discussed it at all. Nearly a quarter (24%) were unsure of their organisation's view on the matter. The poll findings also point to significant knowledge gaps. Only 7% of respondents claimed to have a strong understanding of the new post-quantum cryptography standards developed by the US National Institute of Standards and Technology (NIST), while 44% said they had never heard of them. Many organisations have yet to take decisive action to prepare for quantum computing. More than half (55%) have not started any preparatory steps. Of those that have, actions cited include: assessing regulatory or compliance implications (46%); exploring quantum-safe cryptography (38%); collaborating with quantum hardware or software providers (28%); training staff (27%); and investing in research and proof-of-concept initiatives (27%). The poll also found that 30% of global cyber and IT professionals do not feel they have a good understanding of quantum computing's capabilities, highlighting the need for training and skills development in this area. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, advised that organisations begin preparing now. He said, "Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritising critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography. Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat."
Business Wire
28-04-2025
- Business
- Business Wire
Despite Rising Concerns, 95% of Organizations Lack a Quantum Computing Roadmap, ISACA Finds
SCHAUMBURG, Ill.--(BUSINESS WIRE)--While 62 percent of technology and cybersecurity professionals are worried that quantum computing will break today's internet encryption, only 5 percent say it's a high priority for the near future, and just 5 percent say their organizations have a defined quantum computing strategy, according to new research from ISACA's global Quantum Computing Pulse Poll. Despite rising concerns, 95% of organizations lack a quantum computing roadmap, ISACA finds. Share More than 2,600 global professionals in digital trust, cybersecurity, IT audit, governance and risk were surveyed in this inaugural ISACA poll on the perceptions and preparations around quantum computing. Potential for both transformation and risk Quantum computing has revolutionary potential; however, there are also clear concerns about the risks it presents. Nearly half (48 percent) are very or somewhat optimistic about quantum computing's impact in their sector/industry, 63 percent believe it will speed up computational tasks or data analysis significantly, and 46 percent say it will create revolutionary innovations. However, many anticipated outcomes of quantum require significant preparation. Sixty-three percent say quantum will increase or shift cybersecurity risks and 57 percent say it will create new business risks. Poll respondents (62 percent) are worried about quantum computing breaking today's internet encryption before browsers and websites fully implement the new post quantum cryptography algorithms approved by National Institute of Standards and Technology (NIST) standards. They are also focused on the potential for cybercriminals to start collecting encrypted data now and decrypt it once quantum computing becomes viable—with 56 percent citing the practice, known as 'harvest now, decrypt later,' as a concern. 'Many organizations underestimate the rapid advancement of quantum computing and its potential to break existing encryption,' says Jamie Norton, ISACA board director. 'They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now, to ensure they are able to effectively mitigate its impacts.' Despite expected impacts, planning continues at a slow pace It appears many organizations have not yet mobilized to prepare for these coming changes. Forty percent are not aware of their company's plans, and 41 percent say they do not plan to address quantum computing at this time—even though 25 percent believe that the transformative potential of quantum computing will be realized on an industry-wide scale within the next five years, and 39 percent feel it will happen in six to 10 years. When asked about how their organization views quantum computing within its current technology or innovation strategy: 5 percent consider it a high priority for near-term planning 15 percent say it is on their long-term roadmap but not a near-term priority 19 percent say they have discussed it but not made any formal plans 37 percent have not discussed quantum computing at all 24 percent don't know Additionally, only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards, even though NIST has been working on them for more than 10 years. Forty-four percent admit they have never heard of them. Taking action, prioritizing quantum skills More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing. Additionally, a third of global cyber and IT professionals (30 percent) do not have a good understanding of the capabilities of quantum computing, indicating there is work to do to upskill and educate those working in the IT sector to have a skilled workforce ready for the advent of quantum. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions. 'Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritizing critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography,' said Clyde, who is presenting on this topic at the ISACA North America Conference in May. 'Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat.' Learn more about ISACA'S Quantum Computing Pulse Poll at About ISACA For more than 55 years, ISACA ® ( has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.
