A few years back, I wrote a book called ‘The Secure CIO’. Given that about 75% of security leaders were reporting to CIO’s at the time of writing, I focused my consulting business, my book, and subsequent podcast of the same name, on advising CIO’s on how to select and retain the right cyber security leader to reduce risk for their organisation. I aspired to make every CIO a secure CIO (meaning they had a CISO or equivalent by their side). That was then. But this is now.

Everyone has a story. Everyone makes mistakes – some bigger than others and some more likely to take action on the lessons learned. When hiring, do you trust your instinct that someone is right for your business, no matter their previous reasons for leaving?

My eldest son wants to be a professional soccer player. He lives and breathes soccer. He tells everyone who will listen that he dreams of playing for Tottenham Hotspur. He only plays soccer-based video games. He watches YouTube videos of soccer. His bedroom wall is plastered with soccer players and we have converted our backyard into a soccer pitch. Since March, he and his brother have given the backyard goal a thrashing.

If you make the choice now to put a dedicated leader in place who will plan your security future, take proactive action to uplift security maturity and influence behaviour change in your employee community, you are much more likely to lower your information security risk.

Cyber is a broad reaching topic and it may seem impossible to have all the data stored in your memory. However it’s important to be able to share relevant information with the Board at regular intervals. If you have served your organisation more than a few months, do you think you would feel confident to approach your Board or subcommittee slide free and from the heart?

With popular businesses and/or popular roles, the list of applicants can be long. But short lists are …well, short. Surely there is a few minutes to spare to provide a brief note on why they didn’t fit the criteria?

I’m often asked by security leaders how they should prepare for a job interview.  What questions should they plan for? How can they get the edge over other candidates?  While I will tailor my response depending on their circumstances, here are 10 universal tips for preparing for an interview.

As a CIO, could you see value in the identification or hiring of a complementary 2IC to round out the skills of your CISO or Head of Information Security?

If you have read my book or heard me present, you know I’m pretty passionate about your values aligning with the company you work for. When was the last time you thought about the values of your organisation? Do they sit in the background, or do you use them to inform decision making in your organisation?