I am an information security specialist who has worked within information security, assurance, governance and IT security management for over 12 years.
Back in 2002 I established one of the earliest information security practices within one of the UK’s largest ICT resellers ISC Networks PLC. It was here that I developed a business proposition based on understanding and managing information security risks to cash flow, profitability, budgets and the reputation of private enterprise and the public sector.
The success of the practice led to recruiting, inspiring and managing a team of 11 consultants and engineers. I like to think I inspired them to think in the context of risk rather than technology. We supported the corporate sector including banks, insurance, utilities, retail, government and highly successful SME’s in biotech, healthcare and finance. It was here at ISC that I also developed and trialled the UK’s first programme for supporting businesses to implement BS17799 the pre-cursor to ISO27001.
In 2006 I established my first business Marmalade Box. Whilst serving corporate UK we also developed a strength, in supporting UK SMEs to adopt security best practice. Centres of excellence, such as Royal Holloway University, have continued to steer people to us when asked about the challenges SMEs face with regards to information security. We focused on addressing the barriers of cost, time and skills common to most SMEs with under 50 employees through offering market leading products and services. In developing our services, I carried out extensive research into the challenges of SMEs adoption of security best practice and how an integrated approach on a regional level could form part of the solution. This research has enabled me to foster links with UK House of Parliament, the Cabinet Office, the Department of Business Innovation & Skills, national policy advisors, information security and assurance bodies, leading IT security industry vendors, cyber security think tanks, research councils and European government. This exposure, and the responses from people within these networks, reminded me that I had much of value to say and a contribution to make to policy debate on the relationship between information security and economic and social prosperity. It was in response to this that I set up Bruce Hallas ISI (Information Security Insight) to enable me to focus on corporate needs and the UK’s information security & assurances challenges and opportunities. It is through Bruce Hallas ISI that I help stimulate debate through contributing to the new thinking required to ensure corporations and national states are fit to take the next step to prosper within the global information economy rather than just participate. My most notable success here has been in developing IRISS an Integrated Regional Information Security Strategy based on the key economic and social priorities of any given geographic region.
My expertise has most recently been sought by Hewlett Packard’s Research and Innovation Labs, the UK’s Economic & Social Research Council and UK CyberSecurity Knowledge Transfer Network. I also advice academic institutions, such as Lancaster University on course curriculums to ensure they incorporate both the present and future information security challenges and opportunities, students and professionals, will face having graduated. I’ve also been called upon by both BBC radio and television to comment upon information security related incidents.