I’ve been thinking recently about the interview process we go through when hiring security leaders. What is your structure when it comes to the number of interviews you require of a candidate? Or the length of each interview per candidate? What if we were to rethink our interviewing approach?

I believe every manager’s job is to ready their staff for their next role and then set them free. If both parties are ‘on the bus’ with this, it’s a very efficient, effective, and honest way to get the best outcomes for all involved. Planning ahead for the exit of your new hire isn’t for everyone, but, having said that, in recent stats the average Australian stayed in their job for just over three years, even less for millennials, so it is not as defeatist as it sounds.

I’ve spent the past week at the Australian Institute of Company Directors (AICD) learning about the ins and outs of being a company director.  During the five day course, they spend a considerable amount of time talking about the role of the board and how directors go about fulfilling their obligations.

A CV/resume is a window into what a candidate sees as important and can help with job and cultural fit. What do they see as priority content? There is no right or wrong, but a CV is much more than a historical document. As a hiring manager, are you clear about what you expect from this document?

In the next few months, many information security professionals and CIO’s will be preparing to attend Board meetings across our land in relation to CPS 234. How are you preparing to update the Board and ensure they fully understand their new responsibilities?

It can be easy to get swept away by a candidate who looks great on paper. But what if they are not the right fit for your organisation in other aspects. In my latest blog post I provide advice on considering all sides of a candidate and how this contributes to hiring success.

A lot of diversity talk in Australia centres around women. More women needed on Boards. More women needed in senior management. Not enough women in cyber security. Not enough school girls taking up cyber related subjects. All in the name of diversity. But diversity is so much more than gender when it comes to cyber security (or any industry).

We have some amazing people applying for jobs in Australia - those who are born and bred here, those born abroad who want to live here and those who leave and then want to return.  With such a skills shortage in cyber here in Australia, can we continue to think international experience cannot bring value to the Australian market?  Is it time we reconsider those with international experience?

When undertaking security strategic planning, often a holistic view of security risks is taken resulting in a broad range of projects to be delivered over 2-3 years. But are these truly your immediate priorities? What if we took a different approach?

For many years I have spruiked culture change as the key to reducing security risk. I made it my thing, requiring my teams across my career to ensure they had comms plans and event days, quirky videos and mouse mats with catchy security phrases on them. I even won a regional award for having a cyber strategy that was built on a foundation of culture change.  But I’ve come to realise that culture change isn’t the key after all.