Editor’s note: ISACA’s Career Catalyst Stories showcase how members have been supported by ISACA throughout all stages of their careers. Today, we profile Ejona Preci, global CISO, Lindal Group, a 40 Under 40 in Cybersecurity honoree and the winner of the Cybersecurity Woman of the Year Award, “Barrier Breaker,” for 2024. Find out more about ISACA membership here.
Ejona Preci was preparing for a major security audit at a time when the organization where she then worked was struggling to align IT processes with business goals.
Resolving the disconnect faced obstacles and pushback until Preci, utilizing governance objectives from ISACA’s COBIT framework, was able to articulate a business case that resulted in fewer disruptions and increased efficiency.
“That moment shifted the organization’s perspective on information security, from viewing it as a ‘necessary evil’ to recognizing it as a business enabler,” Preci said. “The confidence I gained from my ISACA certifications allowed me to lead those discussions with authority.”
Ejona and ISACA: early career
Preci, now a global CISO based in Germany, has been an ISACA member for seven years. She views her relationship with ISACA as a key element in building her professional network.
“What started as a simple conversation at an ISACA conference turned into a pivotal moment in my career,” Preci said. “During the 2022 GRC Conference in Orlando, I connected with industry peers, sharing experiences and insights. Little did I know that these conversations would set off a ripple effect that significantly shaped my career path. Those peers not only invited me into key industry groups and discussions but also mentioned my name in rooms full of opportunities, opening doors I hadn’t even anticipated.
“I’ve been fortunate to meet brilliant, incredibly knowledgeable professionals and true powerhouses through ISACA. With their guidance, I’ve navigated complex challenges and advanced into roles where I’ve made a real impact. These connections have constantly sharpened my technical skills and opened doors to new opportunities.”
Before becoming a CISO, Preci spent the first several years of her career in roles such as database administrator, cybersecurity consultant and risk manager. As she established a foothold in the risk and security spaces, Preci said that ISACA credentials and related learning resources proved valuable in her progression.
“Early in my career, ISACA was instrumental in providing me with essential resources and guidance,” Preci said. “Through certifications like CISM and CRISC, I gained the knowledge and credibility I needed to establish myself in the field. The study groups, webinars and access to industry leaders gave me a solid foundation.”
What’s happening now?
Preci describes her current role as CISO as both strategic and highly dynamic, balancing immediate security needs with long-term risk management and business alignment. She oversees the protection of her organization’s data, ensuring regulatory compliance and fostering a security-conscious culture, all while navigating a rapidly changing threat landscape.
“One of the biggest challenges has been maintaining this balance while managing competing priorities, especially when new risks emerge from technologies like AI or evolving regulatory frameworks,” Preci said. “ISACA’s network has been invaluable in navigating these challenges. Through the community, I’ve been able to tap into a wealth of knowledge and best practices from professionals facing similar issues.”
Preci also is contributing back to the community as a topic leader for the CISM and CRISC online Engage communities, as well as volunteering as an expert reviewer of ISACA exam materials. She said those experiences have “kept me updated on industry trends while deepening my expertise.”
“Giving back to the community is not just a professional responsibility—it's essential for the growth and resilience of the cybersecurity field as a whole,” she said. “Cyber threats are constantly evolving, and no organization can tackle them in isolation. By contributing to the community, whether through mentoring, speaking at industry events, or collaborating on best practices, I aim to bolster the collective defense of the industry.
“Moreover, the cybersecurity talent pipeline needs to be nurtured. By sharing my experiences and knowledge, I want to help develop the next generation of professionals, which is crucial for addressing the skills gap we’re currently facing.”
What’s next for Ejona?
As she looks ahead, Preci’s focus is integrating and managing AI within cybersecurity. She sizes up the challenge as twofold: leveraging AI to bolster defensive capabilities while also ensuring the security and governance of AI systems.
As has been the case throughout her career journey, she will turn to ISACA to support her in acclimating to an increasingly AI-influenced digital ecosystem.
“I plan to continue leveraging ISACA’s resources to expand my expertise in AI and emerging technologies, as well as data privacy and IT governance,” Preci said. “I’ll stay updated through ISACA’s conferences, webinars and training courses while continuing to contribute as an SME to stay connected with the latest trends, grow my network and mentor others.”