This is the next blog in the continuing series of interviews with top-echelon and renowned professionals. In this blog, I interview Leon Strous, Senior IT Auditor DNB (Netherlands Central Bank); President 2010-2013 International Federation for Information Processing (IFIP).

Enjoy,
Stephen Ibaraki, FCIPS, ISP, ITCP/IP3P, DFNPA, CNP, MVP

Leon StrousLeon Strous was born in 1960 in the Netherlands, and he is still residing there today with his wife Pattry.

Leon has bachelor equivalent degrees in business economics and business informatics, a postgraduate degree in EDP-Audit; he is qualified as a registered EDP-Auditor (RE) in the Dutch Association of Registered EDP-Auditors (NOREA) and he is also a Certified Information Systems Auditor (CISA).

Leon started his career in metal and plastics processing and then went onto eight years with the sales organisation of Philips Electronics in the Netherlands. His focus areas were administration, internal control and information security. Since 1993, Leon has been with the De Nederlandsche Bank (DNB), which is the central (or national) bank of the Netherlands, in different positions as IT auditor in the internal audit department and as overseer in the oversight department of the cash and payments division, focusing on the security of payment systems. His work also links to the European System of Central Banks (ESCB). Currently his main jobs are advancing business continuity and crisis management arrangements with the key players in the payments and securities clearing and settlement processes in the financial sector in the Netherlands, and liaising between the financial sector and the government concerning critical infrastructure protection programs.

Leon is a member of a number of professional societies and has been active in many different positions in the Dutch Computer Society (NGI) since 1988, including member of the Board for five years, and in the International Federation for Information Processing (IFIP) since 1994, including a vice-presidency and in August 2009, he was honourably elected as president for the 2010-2013 term.

Leon has co-authored and co-edited publications in the area of information security and chaired/organized several international security conferences. Since 2001, his significant contributions include work with the IFIP World IT Forum (WITFOR), a conference focusing on the application of ICT in developing countries. Currently he is the chair of the WITFOR International Steering Committee.

To listen to the interview, click on this MP3 file link

DISCUSSION:

Interview Time Index (MM:SS) and Topic

:00:40:
Leon discusses his prior job roles and projects and the key lessons that he learned.
"....If you really want to learn processes and get to know your organization, try to find a way to have a job that offers you this possibility...."

:04:10:
In your prior roles, what were the most difficult challenges that you were not able to overcome at that time? What would you do differently now?
"....The major one was in my early career when I tried to convince management of a solution by presenting them only one solution, and I discovered quickly enough that that doesn't work because management needs alternatives...."

:05:11:
What were the key disruptive forces driving change in your life and how can we learn from your experiences?
"....Don't be afraid of making a total change. Don't be afraid of failing. Continue, and find a new challenge....Never say never....If there is a trigger (even if you are not affected), don't be afraid to use it for your own next step...."

:07:48:
In "all" of your current roles, what are the biggest challenges, and their solutions?
"....In my current role, one of my biggest challenges is keeping up with trends and trying to find the solutions to these trends - but at the same time not forgetting about dealing with the old threats and processes...."

:09:26:
Which do you consider to be your top contributions in IT audit and security?
"....Being active in the computer society and organizations like the computer society and to contribute the best I can to promote research work, to promote topics, and to make people aware of what's happening...."

:10:40:
Can you briefly outline some of these areas in terms of the working groups?
"....We made an inventory of security standards and most people (in the industry) were not aware of all the standards that were available....We tried to provide some guidance by publications (it's a Dutch publication) but we have been trying to translate this into international content....on quite a variety of security topics...."

:11:52:
What are your top recommendations on: business continuity, crisis management and critical infrastructure protection?
"....Business continuity - prepare yourself for a worst case scenario....Crisis management - Keep practicing....Critical infrastructure protection - identify the interdependencies of sectors from each other...."

:15:28:
Leon shares his views on standardization in the area of information security.

:18:06:
What are your views on the more important broader business challenges, crisis management and solutions?
"....The business challenges are sharing best practices in business continuity and critical infrastructure protection. There is a definite need to share experiences....and between different sectors and disciplines...."

:19:22:
Provide your predictions of future Business IT trends and their implications/opportunities?
"....What I see in my IFIP community is quite a lot of interesting technical developments in terms of artificial intelligence, cloud computing, even entertainment computing...."

:20:19:
How will developing countries achieve the IT Millennium Development Goals?
"....It really can be effective if you work together between the different parties - industry, research, developed world and developing world. You have to set up a structure making use of the knowledge in the developing countries itself. Don't underestimate their capabilities - make use of what they have available...."

:22:38:
How can industry and academia work more effectively together?
"...What I've seen in the past few years is that there is already progress made in that area. If you look at certain industries that hire academics on a project basis, they have exchange programs with universities so there is a trend in the right direction....The biggest challenge will be to have the industry at large listen to what research has to offer and to interact with the researchers by indicating focus areas, topics of major interest, etc. We have the responsibility as a computer society - not only IFIP but the national computer societies - to try to organize events which try to achieve this interaction between the two...."

:24:56:
What can we do to foster international cooperation between disciplines and different types of bodies in order to achieve benefits for society?
"....What you see today are many more societies, groups and organizations trying to achieve the same goals and there is a point at which you have just too much competition. The trick is to talk to each other and see how we can co-operate and organize joint events and join forces because most of these societies are driven by volunteers and there is a limit to the number of volunteers you can find who are willing to spend a lot of their free time in working with this...."

:28:16:
What does it mean that IT is the first truly global industry?
"....If you look at everything as possible in terms of outsourcing....it's no longer a prerequisite that everything is in your backyard....Another one is that through all the communication mechanisms, the world is constantly open. It is a 24-hour economy...."

:29:44:
Can you talk more about the key initiatives for IFIP and what you hope to achieve while President?
"....IFIP started some strategic initiatives a few years ago and it is my goal to continue those and to make sure that the five-year strategic objectives are met. A few of them are:... Continuing to present high quality research work...Co-operate more with our member societies which are also trying to achieve this....To be more active towards a couple of relevant United Nations bodies, like UNESCO and a few others....We have a project going on which tries to promote the professionalism of the profession [International Professional Practice Partnership (IP3)]....To find a way to make the work that is being done in research and other areas accessible at no-cost or low level cost for the world...."

:34:35:
Can you provide your top recommendations for what you see as the top resources out there for the public?
".... Digital libraries by a member society like ACM, British Computer Society, IFIP, ICS, etc....they are really valuable sources, but not all the outside world has easy access to it....Also look into scientific journals of your specific area...."

:37:37:
Leon shares some stories from his work.

:40:27:
If you were doing this interview, what questions would you ask and then what would be your answers?
"....'How would you motivate professionals (in academia and industry) to devote part of their time to be active as a volunteer in a computer society or a society like IFIP?'....'Would you give up part of your activity if someone else could do a better job?'...."