Person of Interest: Anna Harris, Office of the Victorian Information Commissioner

There is an old Yiddish proverb, popularised by film producer Woody Allen in the 1990s, which states, If you want to make God laugh, tell him your plans. While not an exact translation of the original proverb, the idea is the same. We rarely end up where we intend.

Her Early Life

In her current role as the Principal Advisor for Information Security within the Office of the Victorian Information Commissioner (OVIC), Anna Harris is responsible for administering the Privacy and Data Protection Act (2014) and the Freedom of Information Act (1982), regulating three main areas:
• Protective data security / Information Security
• Privacy
• Freedom of Information

And while Anna embraces and enjoys her current role, it is not something she would have initially imagined for herself. Born and raised in Melbourne, Anna attended Victoria University, where she studied Multimedia Telecommunications Engineering.

“I was one of only 60 people who enrolled in that course. It was a very small intake.” Explains Anna. “And then, after four years, I graduated with just four other people.”

Like so many others, Anna applied for many roles upon completing her studies.

“I remember answering a wide range of ads for network administrators,” explains Anna. “So when I received a phone call from someone at Snowy Hydro explaining that they wanted to fly me up for an interview, I was surprised. However, it turned out to be a great opportunity.”

“I really enjoyed the whole juxtaposition of living the country lifestyle while working in a highly technical role at power stations and switch yards. My role working on networks at Snowy Hydro led me to configure and manage firewalls, which I ended up really enjoying. While I was working at Snowy Hydro, we were in the process of installing SNORT, a powerful open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that provides real-time network traffic analysis and data packet logging.

“As part of that process, I took a course and received a certification in intrusion detection, which ultimately led to applying for a role as an intrusion analyst for Defense.”

After several years working in Canberra as part of a security team involved in incident response and management, Anna decided it was time to move back home.

“I found a job at Justice at the Commissioner for Law Enforcement data security as an InfoSec person. That department eventually merged with privacy and became Commissioner for Privacy and Data Protection. That department eventually merged with Freedom of Information to become the Office of the Victorian Information Commissioner.

Her time at OVIC

Through her time with OVIC and the former offices of the Commissioner for Privacy and Data Protection (CPDP) and the Commissioner for Law Enforcement Data Security (CLEDS), Anna led the delivery of the first regulated information security regime across the Victorian Government. This is commonly referred to as the Victorian Protective Data Security Framework (VPDSF) and the Victorian Protective Data Security Standards (VPDSS).

In addition to her extensive experience in information security, Anna is a member of two Standards Australia committees, MB-025 Security and Resilience and IT-012 Information security, cybersecurity and privacy protection.

“It has been a long and winding journey from studying multimedia engineering to advising on, and developing, international standards for information security”, laughs Anna.

With the growing demand for skilled people in cyber and information security, we asked Anna what her advice would be to others looking to enter this space.

“For fear of sounding like an advertisement for Nike, just do it. InfoSec is not going anywhere, and there are so many areas within it that you are bound to find something you like. Whether it’s operational security, if you like the tech stuff, or it is doing what I now do, writing and reviewing policy and standards. You might have a preference for implementing and auditing controls. There are so many facets to this industry that I believe there is something for everybody. You might even choose to work in communications or develop and deliver training and awareness programs. Just get involved, try a few things until you find what you like and stick with it.”

If you would like to hear Anna Harris presenting on the Why Standards, she will be speaking at the ASIAL security conference, as part of the Security Expo taking place at the International Convention Centre at Darling Harbour in Sydney from the 17 – 19 August 2022.

Book your tickets here