On the eve of the latest Women in Cyber mentoring event hosted by the Department of Prime Minister and Cabinet (which you can read about here), I have been reflecting on the mentors I have had over the years.

How many organisations are considering the careful management of change when it comes to introducing or uplifting cyber security?  

Many companies are forthcoming with some information about how they are protecting the environment. But what about how businesses are protecting us? As consumers, for a long time, we have placed our money, information and sometimes our livelihoods in the hands of household brands – trusting that they have taken steps to protect us.

But are there smaller, niche players who are offering cyber security work experience in any way, shape or form?

A few months ago, I found myself on a call with Gartner’s event organisers. They were proactively seeking the support of the Australian Women in Security Network (AWSN) regarding their upcoming summit. Whilst on the call, they asked me “so what do you do when you’re not volunteering for the AWSN?”.

In the mid 90’s when I was in my later years of school in Victoria, my peers and I were all given a thick book from our careers adviser called a VTAC Guide (Victorian Tertiary Admissions Centre). Each university and TAFE course had a place in the book - title, description, what skills would be gleaned and then a host of ‘real world’ vocations that you could take on once you had your qualification in your hot little hand.

In talking to CIO’s while researching my upcoming book, I’ve been noticing a pattern forming across sectors and countries. In responding to my questions, many CIO’s have said that when hiring security leaders, they are looking for story tellers who are inspiring, uplifting and influential. And while these words don’t always appear on a job description, they are certainly used to describe an ideal security leader.

Normal0falsefalsefalseEN-USZH-CNAR-SA/* Style Definitions */table.MsoNormalTable{mso-style-name:"Table Normal";mso-tstyle-rowband-size:0;mso-tstyle-colband-size:0;mso-style-noshow:yes;mso-style-priority:99;mso-style-parent:"";mso-padding-alt:0cm 5.4pt 0cm 5.4pt;mso-para-margin:0cm;mso-para-margin-bottom:.0001pt;mso-pagination:widow-orphan;font-size:12.0pt;font-family:Calibri;mso-ascii-font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin;}With the global cyber events of recent weeks and months, I wonder how many Boards have met with their security leaders for the first time or after a long hiatus between updates. Are security leaders nervously waiting outside board rooms all over the globe for an impromptu meeting which brings that fated question “have we done what we can to address the potential impact of [insert latest breach here]”?  (I’m secretly hoping they no longer ask ‘are we secure’ given this is impossible to achieve).

In the security industry, like any other, there a few traits that should be on your list of non-negotiables when it comes to hiring a leader. The Information Security leader is one of the key roles in business today and is not a hire that you can afford to get wrong.  Here are the top 7 qualities to look for, in no particular order (except the first one)…:

We have all heard the question on podcasts and in interviews… “What do you wish you knew ‘then’ that you know ‘now’?”.  I’ve never really thought about what I would say to my younger self until recently when I began thinking about the skills I have needed and used most across my career.