David Gee talks to Erica Hardinge, manager, security culture and capability, at ANZ.
Could you introduce your current role and key responsibilities? Do you have a favourite aspect of this role?
In my role as manager, security culture and capability, I’m responsible for developing the global strategy for raising security awareness and influencing behaviour change across more than 50,000 staff in over 30 geographies.
The role involves engaging staff to educate and enable secure choices. By far the most meaningful aspect of my role is the opportunity to better enable my colleagues to be cyber safe – whether that’s at home or at work.
In your role you have responsibility for changing behaviours of staff at ANZ Bank. How challenging is it?
Organisational change management is possibly more challenging now than ever before. Staff members are faced with constant messages competing for their attention, many of which seek to alter the way roles are carried out.
There are constant work pressures, innovations and technology advancements which mean security culture change efforts need to be carefully targeted and pertinent to cut through the noise.
Our staff members need to see they have a specific, achievable and critical role to play in making their organisation safe and secure. The constant nature of change also makes for some great opportunities. For example, internal and external social networking platforms can facilitate two-way and real-time communication – enabling us to engage with staff members on their own terms to create real understanding about new threats and issues.
What’s the best piece of coaching or career advice that you’ve ever received?
So many examples! A couple of my favourites:
“Don’t handle something twice that you could deal with the first time” — this is particularly great for today’s crazy inbox. It’s so easy to open emails, scan and then close with the intent to “deal with it later”.
I find it’s better to allocate time to inbox management, deal with those that can be handled immediately and allocate specific calendar time for those that can’t. But this saying applies to many other aspects of (working) life, particularly those things we may prefer to put off!
“Everyone has time for networking, you do too; part-time status is not an excuse!” — it’s easy to feel too busy to take the time to really connect with colleagues and industry partners but it’s those connections that actually make working life more enjoyable and typically more effective, not to mention provide valuable lessons.
"The career you'll have in 10 years doesn't exist yet" — couldn't be more true! From a criminology and psychology major student, to MBA, to change management applied to information security — I couldn't have planned this adventure!
Have you benefited from great role models? What particular lessons have you learned from them?
For me role models are critical, particularly when working across all layers and roles in an organisation. The different people I look up to bring a variety of expertise, approaches to relationship management and technical specialty.
As a non-techie working in a deeply technical environment, I really value the experts around me who painstakingly explain and share their knowledge. I’ve benefited from working with so many great individuals and continue to learn a lot from those who successfully balance great careers without losing sight of the importance of family.
We all get passionate about our roles using different lenses. Does fear of failure motivate you?
It’s important to fail, sometimes, as this is how we can best learn. I think it is about what you do after a failure that counts. I’m motivated most when I feel that what I’m doing has a greater good.
If I can help my colleagues to be more cyber safe, for example, then maybe they can avoid being the victim of phishing, or recognise the signs of cyber bullying in the life of a loved one, or make secure choices about what to share on social media. Working for an organisation like ANZ provides an opportunity and I think an obligation to help people to operate safely in the online world.
Strategic thinking is a great attribute of leaders; how do you personally hone this particular trait?
I’m lucky enough to have a direct manager who has spent a lot of time working and refining skills in the security strategy space. This provides a ‘hands on’ opportunity to hone my own strategic skills in a safe environment.
On top of this I make sure I periodically check in with a wide range of stakeholders. These are the people that challenge my strategy, keep me honest and ensure that my thinking makes sense in the real world – be that frontline, operations or the upper most levels of the organisation.
What’s the first thing that you do on Monday morning?
After coffee of course... I like to spend a little bit of time catching up on emails (that never ending task) and planning through my priorities for the week from the non-negotiables to nice-to-haves.
Do you consider yourself an ambitious person? In that regard do you have a mentor (or mentors) that you can speak confidentially with? What value has that provided?
I’m ambitious for my function. I’d like to see the importance and opportunity this role offers better understood in our region — I’m sure the advent of the Security Influence & Trust group will help with this goal!
My mentors have helped to refine my thinking in recent years and challenge the way I approach issues. I’ve had mentors close in reporting lines and those more removed, both are important and provide different perspectives.
Sometimes it’s important to get totally unbiased external insights to a situation, while in other scenarios I have benefited from the opportunity to openly discuss with those who really understand the personalities, context and all possible levers available. Mentors have helped to shape my work life and remind me to balance the aspects of my life that are important to me.