AI, Hiring, and Trust: Why Shortcuts Break Interviews

00:00 – Intro
01:24 – Meet Kim Acosta and UCentric
02:06 – From Amazon to starting a recruitment consultancy
04:19 – Data engineering demand vs AI hype
05:31 – What data engineering roles actually look like
07:27 – Adapting business models to real market needs
10:04 – Where AI genuinely helps recruiters
11:09 – Custom GPTs and interview preparation
13:43 – One way interviews and candidate slop
15:09 – Technical assessments and AI misuse
17:19 – Trust, failure, and reapplying the right way
18:29 – Spotting AI generated answers in interviews
20:19 – Rapport, eye contact, and human signals
22:19 – Hiring for values and team fit
23:52 – Agency vs internal vs embedded recruiters
27:59 – RPO models and cost tradeoffs
28:47 – Layoffs, market shifts, and salary reality
30:57 – Where hiring is still strong
33:10 – Why hiring and podcasts still need humans

Kim Acosta
You would rather be that candidate that failed that technical assessment because we didn’t quite score high enough. So, you’ll probably be invited again in the future to retake that assessment and it’s fine. Even when I was at Amazon, people would apply two or three times before they landed a job sometimes. Whereas if you’ve gone into that technical assessment, making it very obvious that you were trying to use AI when you were being specifically instructed not to, makes it very difficult for that company to want to re-invite you.

Cole Cornford
I think folk misunderstand that ultimately hiring is a human decision-making process. I’m Cole Cornford, founder and CEO of Galah Cyber, and you’re listening to Secured, the podcast where I catch up with developers, security leaders, and innovators to talk about the real world of AppSec. OpenSource now powers over 90% of the software we build, but it’s also where attackers increasingly strike. Chainguard closes that trust gap with hardened, secure, production-ready open source builds, so teams can build faster, stay compliant, and eliminate risk. Get your free CVE reduction assessment at dayone.fm/chainguard and start shipping software with confidence.

And hello everybody. You’re here on Secured. I’m here with Kim Acosta. Kim is the founder of UCentric and she’s a former Amazon talent acquisition professional. She’s lived in Luxembourg, which is quite luxe as far as I’m concerned. And now she’s set up here to in Australia and is running a super awesome consultancy. So, welcome to the show.

Kim Acosta
Thanks so much, Cole. It’s a pleasure to be on your show.

Cole Cornford
Yeah, so I think what would be good is maybe just telling everyone a little bit about UCentric and why you started a business and how’s it going? Because it’s not easy as someone who’s coming into basically their fifth year. I know it’s not an easy street to walk along.

Kim Acosta
Yeah, definitely. So, in terms of UCentric, we are a recruitment agency specializing in technology recruiting. And for us, that’s been largely around data analytics and AI very heavily. It wasn’t supposed to be planned that way. I was never a data and analytics specialist recruiter. I actually recruited for solutions architecture at AWS and supported that 300-person or so org when I was there on the commercial side and also helped them with public sector hiring within AWS as well. So, data analytics and AI, I guess that’s reflecting the current market trends that’s become a bit of a specialization for us.

In terms of UCentric, it is a rather traditional business model currently when it comes to recruiting. I am an external recruiter as opposed to being an internal recruiter like I used to be. So, when I was at Amazon, I worked in lead recruiter roles where I was hands-on doing the recruiting. And then eventually I moved my career into management as well and leadership. So, I led the operations recruitment team during the pandemic year and then moved on to Luxembourg. So, I was transferred to Luxembourg from the company and ran a Pan-European team over there as well. So, delivering hundreds and hundreds of hires, supporting VPs. And now coming back here, I started my agency all on my own.

Fortunately now, I do have a team member and hiring another two more. So, I’ve watched this space food be growing quite a bit next year.

Cole Cornford
Will you use recruitment agencies to recruit recruiters for your agency? Is that something that the industry does?

Kim Acosta
Yeah, actually there are companies that do that and I’m sure they do a fantastic job. Fortunately, we’ve been doing a lot of our own direct recruiting and that’s been getting some really good results. I’m really excited about some of the new people that we’ll probably be bringing on board very, very soon.

Cole Cornford
That’s really good to being able to effectively double your headcount means that business is really picking up for you because you said data and analytics. I’m hazarding a guess in saying that it’s all about artificial intelligence, right? That seems to be no matter where I go or how much I want to dig my head into the sand, there’s a way to someone’s going to just get a shovel, pull my head out and say, “Hey, have you heard about this?” And I just rub my face and die inside a little bit and say, “Okay, I guess I need to learn a bit about it.” So, that’s where the majority of the roles are in the space at the moment, because I think that’s where most of the money’s being funneled too.

Kim Acosta
Yeah. So, a lot of our roles right now are, I would say the majority of them would be more data engineering. There’s only one company I’m working with right now, maybe two, that’s at that phase where they’re getting AI applications into productionization, building things that are now being used by end users and their consumer base. Some of them are very progressed, but I think the majority right now are really trying to just build some strength and capability in data engineering, and that’s where a lot of our roles are actually sitting.

Cole Cornford
So, when you say data engineering, does that mean how do I do ETL flows? How do I move stuff into a data lake? How do I… Because this is a space that’s pretty… I don’t know that well.

Kim Acosta
Yeah, I’m learning as I go as well, but pipeline building, people that are really hands-on in SQL, Python. Yeah, those are some of the skills that are most in demand, I would say, without customer base.

Cole Cornford
I guess learning as you go, I guess, are you finding that is how it is when you’re running a company as well?

Kim Acosta
Yeah, yeah, because when you are in-house, quite often, you’ve got pretty defined technical verticals. Like I said, when I was at AWS, it was solutions architecture, even though that was a pretty broad technical vertical and I did support a team of solution architects and leaders that were all in data analytics and AI, you have a very targeted talent pool to tap into and particular stakeholders that you supported. But going into this business, I thought I’d be recruiting for solutions architects for all my customers. And funnily enough, the very first role actually was a solutions architect also. I was like, sweet. Okay, we’ve got it. This is working.

And then as you go on, people are like, “Oh, Kim, do you recruit software engineers or do you recruit data analytics people?” And then you just end up recruiting quite a broad range of roles. Yeah, I guess you have to really listen to your market, listen to what your customers actually need and create solutions for them or find them what they need. So, it’s really just working backwards with a customer mindset that I’m trying to apply with everything that I’m doing over here at UCentric.

Cole Cornford
Understanding what people need, it can be quite challenging for people, especially as they come out of big tech. I know that a lot of people are really shocked when they’re like, “What do you mean that we don’t have all of the things in the world? And I have to actually have a limited resources, limited capability, and little reason to want to do this kind of stuff.” I know that over the years, when I was working even big tech and then before that, Westpac or the ATO, there were so many parts of cybersecurity programs that were taken for granted or that I just didn’t quite understand the value of as opposed to nowadays.

And early on, I just figured that my entire business could be literally around secure code reviews, training developers and just designing AppSec programs. And I’ve over the years had to pivot because I’ve realized that people need software assurance, people need advisory and people need just compliance a lot more. And so, those verticals are all things that we’re positioned in with Galah Cyber, but they weren’t where I started. I started by just assuming everyone needed code reviews and that was not the case.

Kim Acosta
Definitely. You have to constantly be testing your market, finding out what they need and creating solutions, or else if you’ve got this rigid idea about what you want your business to be, that might not be what your customers need and want. So, yeah, could completely understand that.

Cole Cornford
Yeah. And I’ve been speaking to a lot of segments that I think aren’t serviced particularly well in security as well. I know that, for example, regional Australia is not touched, and generally the best security that they get is an MSP will bundle in patching a software or just general monitoring. And it’s not really risk contextualized for that business. It’s just we’re just doing security activities and just charging more money or reselling products to you. And so, I think that, for example, that’s got a great gap is how do you go out and find those? Australia is not a country of a thousand person businesses like the US.

It’s a country of 30 person businesses, hundreds of those, not like 20,000 person businesses. So, I think there’s a massive opportunity space to be looking at that and that’s something I’m looking into next year. But the other opportunity space is just the sheer amount of stuff that’s going into artificial intelligence. I know I think a lot internally about what can I do to leverage this kind of stuff myself without compromising on either the quality of the work that we produce or on the experience of our customers around working with individuals.

Because I know that if given the opportunity, a business director will try to see what they can about reducing headcount and cutting costs, and AI they think can just fundamentally just remove humans out of the equation. And I know that that doesn’t work. And so, I’m quite confident in job security for security into the future. But where are you seeing AI being used in the recruitment industry? Because I imagine it’s just everywhere.

Kim Acosta
Yeah, look, there are products for everything these days, but where I’ve been using it is with a lot of back office admin. So, recruitment can be a really admin heavy role because you’re managing so many candidates, you want to make sure that you’re updating their information. So, a lot of the AI that we’re using at the moment within our company is all backend tools that help us with that and help us sort of synthesize candidate information. I have been experimenting with it myself as well as a way to be able to help more people.

Cole Cornford
We got to do it. We’re business owners. We’ve got to experiment and try stuff out.

Kim Acosta
Definitely. Definitely. So, I’ve got my own recruitment revised custom GPT that I first of all trialed with my MBA classmates, so shared that with them. They’ve played around with it and I had some really positive feedback, so then I did make it public and I do share it with my candidates that may want help with preparing for interviews. And you can go type in your responses or use your microphone to answer some questions, and then it will help you prepare for your interview. It’s like I’ve said it with a lot of the stuff that I would normally give them to help them prepare for their interviews. So, that’s been really cool, and that’s how I’ve been using AI.

But I guess in the broader market, we have seen various uses of AI across the whole end-to-end stages of a recruitment process. Where I have decided not to really use it is when it comes to interviewing candidates. I mean, I’ve tried, but it just really takes away from that one-to-one human connection that I think we really do value when it comes to working with recruiters or talent professionals. And I found that with these AI solutions, they were great when it came to testing for technical skills and probing for technical skills. So, AI’s probably a lot more technical than I am.

I’m not going to lie about that, but they were missing a lot of the nuances that recruiters normally try to capture in an interview. So, that’s your candidate’s motivations, their salary expectations, how are they going with their job search? Are they far progressed with another interview process and unlikely to take this role? And I think that where we’re not quite there yet is being able to capture those nuances. And I don’t know whether we’ll ever really get there actually, because you’re not going to tell that to some animation on a screen. You’d rather tell that to a person that you trust, right?

So, yeah, I’m not confident in what’s out there at the moment. It’s not to say that I will never be, but that’s what I’m finding right now.

Cole Cornford
I know that my wife is looking at Christmas casual jobs, and one of the things that just kept coming up is labor hire firms using one-way interviews where you’d have an AI just ask you a question and you’d get two or three attempts to answer it, and then it will just find the best sounding one and rate you off of that. And I think to myself, if that’s the case for entry level positions, that’s really inhuman. I understand that that’s because of the scale of people who apply for Christmas casual jobs, you can’t really shortlist particularly well. And candidates are also using AI a lot themselves. I think I see people sending me on the Galah Cyber website.

So, pro-tip, everybody who sends me on the careers form and you say something along the lines of, “I really want to work at Galah Cyber because I want to improve Australia’s cybersecurity posture and my background in network security and CrowdStrike is super effective for application security.” I think ChatGPT has screwed you out of a job and for that entirely because it’s irrelevant to what I care about as a business owner, right? And so, I think that the responsive businesses to start adopting these one-way interviews is because of the amount of slop that candidates are producing. Would you say that that’s fair?

Kim Acosta
Yeah, yeah. Look, I think there is a lot of use of AI when it comes to those really top of funnel recruitment stages such as applications, cover letters. I think that people should really be thinking about how relevant these things are in the recruitment process anyway, like cover letters. Why are we still using them? I really don’t understand because that’s where we just see a lot of very generic ChatGPT generated stuff coming out, right? I don’t even know why we’re using them anymore.

Where what I have found, which has been interesting is that recruiting for tech, tech assessments are still very widely used, so often to test for people’s coding proficiency, programming proficiency in whatever language is relevant for the role. And what I’m seeing at the moment is that a lot of my clients who do adopt this as part of their process, they do have AI detection software in place, or they get candidates. I’ve got one customer at the moment that actually gets candidates to do technical assessments on site with them using their computers so that they could see how they’re approaching the task.

So, I guess clients are being really cautious about that because at the same time, we’re seeing quite a few candidates trying to use AI in these types of assessments when they’ve been specifically instructed not to, and that’s where the problem’s really occurring. In my view, as a recruiter, you would rather be that candidate that failed that technical assessment because you didn’t quite score high enough. So, you’ll probably be invited again in the future to retake that assessment and it’s fine. Even when I was at Amazon, people would apply two, three times before they landed a job sometimes.

Whereas if you’ve gone into that technical assessment, making it very obvious that you were trying to use AI when you were being specifically instructed not to, then makes it very difficult for that company to want to re-invite you to apply again if some of that trust has been broken.

Cole Cornford
Yeah, I think that’s it. It’s about respect and trust. And because I had a candidate who came in, we did a technical video interview with them and we gave them reasonably, I would say reasonably easy questions like, does it matter what order you would do encryption and compression in? And the general answer to that is it does. And the reason is because if you encrypt something that’s compressed, then that’s good. If you do it the other way around Vo, then you’re not going to get any benefit of compression because encrypted data is reasonably uniform. So, the correct answer is always to compress first and then encrypt.

But the candidate waited 20 to 30 seconds basically staring down and then having their eyes do the left or right thing as if you’re looking at other monitors and stuff or their phone and then proceeded to come up with an answer. And then I just threw in a really question where there is no correct answer and he just made up stupid stuff. Well, I think it was like, how do you do static analysis when you are doing transportation using Xamarin or . NET MAUI into an intermediary language? And the answer is you cannot reconcile the outputted code through the transportation process at all.

There’s no static analysis approach that if any answer to a candidate gives should probably be along the lines of, this is a stupid question and you should not ask it. And if they asked you a proper question, it’s like you don’t understand the subject matter because it’ll hallucinate an answer and try to do its best.

Kim Acosta
I’ve had some instances like that. There have been a few times where I’ve had to stop a candidate interview because I meet all of my candidates on Teams or I meet them in person. We don’t do phone interviews when we’re screening on behalf of our clients. And it’s a way for me to gauge how they would interview with my customers as well. And there have been some candidate interviews I’ve had to stop so that I tell them that, okay, I’m not receiving any eye contact from you. I don’t know whether you’re reading off something or you’re just distracted, but just being very clear with you right now that this is not going to sit well in a future interview with any of our customers.

So, just wanted to point that out. And normally by that time, some people would stop reading off things, whether it be an AI prompter or whether it be their CV or whatever notes they’re prepared. But yeah, that’s been an increasing trend actually and it is a little bit concerning.

Cole Cornford
It’s just as people are really desperate to find work and trying to use whatever shortcuts that they have available to them. And I think folk misunderstand that ultimately hiring is a human decision-making process and it’s like we don’t make decisions off of some large language model saying that, yes, this is the correct person to use.

Kim Acosta
Yeah. And also prevents them from building rapport properly with their interviewer. Interviewers are not necessarily looking for the right answers each and every time. They want to know, is this a good person for my team? Will this person contribute new skills to my team? Will they fit in with the team or compliment the team in terms of a number of things? It could be the values, it could be the skills, it could be sort of team fit, personality fit. But yeah, when you are using an artificial aid, it’s just going to really not work in your favor.

Cole Cornford
And I get that quite deeply myself because I run a consultancy. And I mean, so the people I bring into my business are ultimately a representation of the things that I accept and the things that matter to me. So, I universally want to hire for people that are easy to get along with, are friendly and a little bit outgoing, technical interdiscipline and have really good work ethics. But all of those are really good, strong human qualities that you can ascertain by just chatting to people in a pub and just being nice to them.

And I imagine that for yourself, when you’re thinking about what the customers want and also the experience you provide to your customers, you don’t want to put forward candidates that are not representative of your business and the values you adhere to.

Kim Acosta
Yeah, absolutely. Absolutely. We’ve got a really critical hire at the moment where I’m actually putting a recruiter on site with one of my customers. So, this person is representing UCentric within that SaaS company and they’re going to be an employee of mine, but working on site with one of my customers. And yeah, that fit, that personality fit, the values alignment, all those soft things are really what matters. So, could you imagine if someone was using some artificial aid to do that interview, it would just not work, not benefit them, whatsoever.

Cole Cornford
So, you said that you’re embedding a recruiter into a SaaS business. Because I know earlier you mentioned internal versus agency, which is the models I’m most used to, is you have someone who represents your company internally and gets that stuff, or you go to agencies who have significantly broader, at least in my experience, they’re out a lot more, they know a lot more candidates, they go speak to people. Whereas I guess internal recruiters, I don’t know that much about internal, but you also mentioned embedded. Would you be able to explain a bit about what is the best situation or want to be using each of these? Because as a consultancy, I always go agency, I don’t want to have internals.

Kim Acosta
Yeah, and it makes sense at the phase of your business. So, I guess with external agencies, we all know what they do. That’s what I do primarily, and that’s largely working on one-off roles with various customers. And I hope that I end up working with them a couple of times a year, for instance. And, yeah, you’re a consultant from the outside bringing specialist talent into an organization in that more common scenario. Then you’ve got internal recruiters that are, in your case, they will be Galah employees on your books, you’re paying them a yearly salary, and they’re working with you day in and day out.

And they are a representative of Galah in the market and probably advising you quite a bit around market intelligence, advising you around the recruiting process, market mapping, a really good talent partner would be having that really good long-term view about what your goals are as a business and exactly where you’re going to find that talent in the long term. So, that’s what they should be doing for you as an internal recruiter. And then you’ve got embedded, or quite often in Australia, we call it RPO, so recruitment process outsourcing, where it is like a hybrid of both. So, you will actually have a recruiter that goes onsite to the client’s side.

So, they will be, in the case of our company’s Cole, a UCentric employee going onsite at Galah and I guess helping you there and doing a lot of the things that an internal recruiter would do, but there is a slightly different model. So, rather than them being one of your direct employees, they’ll be one of mine, working on site either full-time or fractionally for you. And I guess it’s my responsibility in that situation to make sure that they are properly trained, delivered to what you need. And in this case where we will have an embedded recruiter go onsite to one of us SaaS companies that we support, I’ll be their backup.

If ever they tell me, “Oh, hey, Kim, I’m struggling to find a sales leader in Singapore.” I’m having trouble trying to find candidates.

Cole Cornford
Because they always want sales leaders in Singapore, don’t they?

Kim Acosta
Yeah, of course.

Cole Cornford
Why is it always? I want my…

Kim Acosta
That’s the first one that came to mind.

Cole Cornford
First thing, I want my advice president of sales in Singapore, but they also need to do an SDR.

Kim Acosta
Yes, yes, yes.

Cole Cornford
But to me, it sounds like I have a service offering that’s similar to I call AppSec as a service where I basically get someone effectively dedicated to an account effectively two days a week. And then there’s a variety of AppSec activities that we would pull on a broader Galah workforce to go and deliver. So, strategy conversations, you get me involved because I have a reasonable brain. It’s not that bird brain, but it’s a good one. But then pen test or code reviews, or they’re usually specialist skills, and the person who’s embedded to understand what order do I want to be doing these things and then liaising with their customers internally.

So, I think that’s a good model. I mean, it works for me, so that’s got to work for you too, right?

Kim Acosta
Yeah. Yeah. And I think that from a costing perspective as well, with an RPO solution, as opposed to charging an external agency would, this would mean for us a flat fee for our customer for that term. So, for us, it’s going to be a one-year commitment. So, the model is going to be very different, and that’s what we’re experimenting with going into this year, so that’s going to be a new offering from us.

And it was really my way of being able to add value to customers in a different way, because quite often, yes, I do share a lot of my internal recruitment experience with our customers, but that would be an arrangement where they could truly benefit from having that internal recruitment knowledge without having to recruit an internal recruiter themselves.

Cole Cornford
That’s it. That’s it. Well, moving on for topics, I think that I’d like to probably finish up on understanding what your thinking is going to happen next year on A, just a broad tech industry, but also just a general recruitment landscape. So, what do you think’s going to happen?

Kim Acosta
Yeah, so I actually think that there are very common patterns that we’re starting to see unfold right now that is pretty similar to the 2023 period. And sadly, that means lots of layoffs are happening right now and lots of restructures.

Cole Cornford
It’s all disguised as AI productivity, but it’s actually just the economy’s rubbish.

Kim Acosta
Yeah, that could be a whole podcast on its own.

Cole Cornford
Let’s get my can of worms open and just like…

Kim Acosta
Definitely. But I think the distinction to make here is that similar to 2023, this has been happening a lot among our enterprise customers and our very large customers and a lot of the tech vendors we’re seeing that’s where a lot of the layoffs are occurring and some of the SIs as well, the big, big players. I think that what that means is that there’ll be a lot of really good talent in the market, but what that means for that talent is That they’re going to have to readjust some of their expectations to suit what the local market is like and what the local market pays.

That’s always a big adjustment for a lot of people coming out of big tech and being a former talent acquisition manager at Amazon, I know exactly how much those salaries are and how they compare to some local players. So, that’s going to be quite an adjustment for quite a lot of people. But at the same time, it’s not all grim because I’m seeing a lot of movement and a lot of hiring happening with a lot of our growing customers. So, our customers that are roughly 50 to a hundred people, they’re hiring quite a lot and that’s been really nice to see. And some of them are extremely busy right now. So, it’s not all grim.

And I really look forward to seeing people make new moves in their career. And if not making new moves in their career, they might end up getting the nudge they need to do what you and I did as well, Cole, and you may get started with their own businesses too.

Cole Cornford
Having a change, it’s a force change. Maybe you didn’t want the force, but that could be all you need to go out and do something that’s different and fun and helps you grow tremendously. I think every person I know who’s given entrepreneurship a go, a red-hot go, not just tried it for two miles and then chucked it in, they’ve given it a year or two, has come out of it and become a lot better as a manager, an individual contributor or just director in another company because there’s a lot of things that they understand having run a business previously that most of the other employees wouldn’t get. And I do agree very much with what you said earlier about the expectation management.

I think at least even locally, it’s not just big tech, it’s also perma contractors. I’m noticing people who’ve only worked at banks or they’ve only worked in government and are used to constant $2,000 a day contracting deals. And then they come to market and you say, “Well, instead of being 90 contracting positions, there’s seven. Are you at the caliber to be one of those seven?” Well, then you’ve got to accept a permanent position or a significant pay cut. And I find a lot of those people have really leveraged themselves into a place where enough it’s not easy for them to do that. Yeah.

Kim Acosta
Yeah, it is difficult. But that’s the whole nature of temp and contract work. You are compensated significantly higher because you’re not getting paid leave and a lot of the other benefits that come with a permanent role. So, you need to actually make a 20% to 30% adjustment at the moment you go from contract perm.

Cole Cornford
That’s okay. Anyway, Kim, thank you so much for coming on Secured. It’s been great to get some insight into the recruitment industry. I know that I hope that artificial intelligence doesn’t disrupt us too much and we could continue being humans for as long as possible.

Kim Acosta
Next time we’re on the podcast, we’ll right be our robot cells or our…

Cole Cornford
We’ll get our avatars to talk and have a podcast for us. There’s actually podcast creation AI things out there. And someone asked me the other day, they’re like, “When are you going to just get your voice, give it to the AI thing and make it start making podcasts for you?” And I’m just like, “The day that I die.” So, he wants to cure giga.

Kim Acosta
Oh, well. Who’s going to want to listen to that? You’re so much more entertaining when you’re your real self.

Cole Cornford
And people don’t listen to podcasts just because it necessarily is just purely about the information. It’s also got to be funny and interesting and people bring their unique human experiences to it. But I really appreciate your unique human experiences.

Kim Acosta
Thank you so much, Cole. It’s been such a pleasure to chat with you. It always is. So, thank you so much for having me as a guest.

Cole Cornford
Thanks a lot for listening to this episode of Secured. If you’ve got any feedback at all, feel free to hit us up and let us know. If you’d like to learn more about how Galah Cyber can help keep your business secured, go to galahcyber.com.au.