In the 25 years Julia Harris has been working in information security, she has learned that prioritising communication skills - for herself and her team - means her agenda is met. She began her career in financial services working in a stressful trading environment. "You can take the wind out the sails of an irate trader. They'll listen, even when they are furious, if you know how to get your point across," she explains.
Now head of information security for the BBC, Harris reveals that the two infosec managers directly reporting to her had not previously worked in this field. One was a wide area network specialist with a university degree in English.
"I didn't advertise for an English degree, but as a point of assessment, it was an asset. It was obvious that his written and verbal communication skills would ensure his ability to communicate with the rest of the organisation or the board," she says. "He came across as more qualified for the role than others who had more technical ability."
Harris's team acts as an interface between operational services, most of them outsourced. While not directly managing any information security operations, it is involved in information risk management. "You need a certain level of confidence in your communications skills if people are going to believe in what you say."
To develop this, Harris has authorised courses in presentation skills when it benefits, and she says she never presents a concern on behalf of someone who reports to her. "I'll often go through the scenario with them in advance, but I want them to secure their own position and gain their own credibility."
Other professional development priorities for her team include assuring a breadth of knowledge in the information security discipline, and be confident of the people working with the outsourced service provider. "I like to take advantage of people from different backgrounds. The subject is so broad that it requires a good grounding to effectively manage the risk. We have funded professional certifications, such as the CISSP, and it makes a difference."