“These are the key things I look for from information security professionals:

• People who have clear thought process as well as all the normal things of cultural fit, and competence.
• Business analysis experience, able to work with people, ability not to be "bullied" by the business but with a pragmatic attitude.
• To cope with the issue of trust - recruit from within where possible.
• Good thought process and analytical skills.
• A divergent thought process - look at people processes and systems with a mind to "how can I break this".
• A wide range of experience, both IT and business.
• The classic mistake senior people make when hiring is to hire someone who is just like them. To avoid this, you should recruit to fill the gaps in your knowledge and experience.
• In the past there were IT staff with specific technical skills (such as firewall configuration). Now what is needed is business consultants with security experience.”

“When hiring information security staff the criteria are fourfold.

Proactive behaviours, a solid moral compass and good collaboration skills are a must: - skills that are certainly relevant for all executives, but reflect the increasing importance of IS staff within the organisation, and the need for them to be able to converse and translate their activities at a business level.

Certifications for security are also key – but not a must for new hires.”