As Chief Information Security Officer, Kim Valois has her hands full keeping Flinders University safe from cyber attacks. We spoke with Kim about her interesting career in intelligence, and her mission to add cook book author to her impressive resume.
What is your role and what does your work focus on?
My role is the Chief Information Security Officer (CISO) for Flinders University. The role is all about cybersecurity for the University, which is a big remit. We have thousands of systems, devices and applications that we assess, monitor and tool up to protect against cyber attacks and other disruptions. My team also provide Identity Management Services, because the security boundary of our organisation is our people, wherever they are and doing whatever they do for the University.
What journey brought you to this point in your career?
After a tour in the military, I became a professional intelligence analyst and my special skill was learning how to find things that wanted to remain hidden. I learned to write Unix scripts to find more needles in haystacks, to support intelligence analysis and investigations.
I moved into private industry and worked as a cybersecurity architect, which included a project that brought me to Australia in 2001. I’ve managed professional cybersecurity services for multinationals, run a global security incident response centre, and managed global security certification for data centres in 15 countries. I’ve also worked with the Defence Department, and joined Flinders University two years ago to take up the CISO role.
What is something interesting people might not know about you?
I started my professional career attending a foreign language academy in California in the military intelligence field. My ambition at that time was to learn as many languages as I could. I’ve always thought I should learn seven. At the moment, I know five, so I’ve got a few more to learn.
Any funny stories about working in your field?
This job is not dull and I’ve had some amazing intelligence tradecraft training and assignments, presenting really unique or unusual things. I led a team to pass a security certification audit in a faraway place where, just a few weeks earlier, there had been a 9+ magnitude earthquake. Windows were still broken from the earthquake and taped over, but we used compensating controls and activated our business continuity plan to successfully demonstrate that our security and resilience met international standards.
It’s common for cybersecurity teams to work around the clock. Several times I have baked and delivered cookies to shift workers on my Incident Response or Security Operations Centre teams on Christmas Day. I became rather well known for turning up at odd hours to see how my late night shift workers were and what they had found in the IT systems they were monitoring or investigating.
What is something you are most proud of?
I’m proud of being a supportive leader, mentor and colleague. I believe we can all build our skills and competence, and that we are better as a collaborative team. I want to help people develop their abilities and pursue what they wish to do. I’ve met so many amazing people and some have been very helpful as I’ve pursued my career. I keep this in mind, and work to support and help create opportunities for others around me.
What does a normal day look like for you?
I am not sure there is a normal day, and maybe I don’t really want one. I like and enjoy a varied schedule to keep things interesting.
It’s wonderful that at Flinders there are so many different things to work on. Still, I usually attend a lot of meetings, because it’s an important factor of a CISO’s work. I enjoy collaborating with other teams, my counterparts at other universities, and learning about new tools and technology from our partners. There are often cybersecurity assessments to review or to conduct, and I love being able to solve some pretty complex problems.
I’m interested in many things, so I love mixing things up. You might find me sitting in the Hub or outside doing some work, just for change of scenery. Our work doesn’t stop at the close of business. It often spills over into late evenings, weekends and even holidays. The cyber threat actors often plan to conduct attacks when they think we aren’t going to notice, so my teams have to be vigilant. We often get called out when everyone else is off work.
How do you like to relax or spend your spare time?
I like to tend to my Barossa rose garden, paint in my studio, and sing in foreign languages to my cats while I clean my house. I also make jam, a perfect form of kitchen chemistry and artistry. I’m working on recipes for a jam cookbook – maybe in 2023? I still have to do a little more kitchen research to perfect the recipes.