I have worked within information security, information assurance and IT security management for 12 years.

In 2002 I established one of the earliest information security practices within one of the UK’s largest ICT resellers ISC Networks PLC. I developed a business proposition based on understanding and managing information security risks to cash flow, profitability, budgets and the reputation of private enterprise and the public sector.

The success of the practice led to recruiting, inspiring and managing a team of 11 consultants and engineers.  I would like to think I inspired them to think in the context of risk rather than technology. We supported the corporate sector including banks, insurance, utilities and retail through to the emergency services and then general business through to highly successful SME’s in biotech and healthcare. It was here that I developed and trialled the UKs first programme for supporting businesses to implement BS17799 the pre-cursor to ISO27001.

I established my first business, Marmalade Box, in 2006, to serve the specific needs of the UK’s SME community .  This addresses the barriers of cost, time and skills common to most SMEs with under 50 employees through market leading products and services. My research, in particularly into Integrated Regional Information Security Strategies in 2007, and the challenges of SME adoption of security best practice brought me into contact with the UK House of Parliament, national policy advisors, information security and assurance bodies, leading IT security industry vendors, cyber security think tanks, research councils and European government. This exposure, and responses from people within these networks, reminded me that I had much of value to say and a contribution to make to policy debate on the relationship between information security and economic and social prosperity. Bruce Hallas ISI (Information Security Insight) was established to focus on corporate UK and national states information security & assurances challenges and opportunities and to contribute to the new thinking required to ensure corporations and national states are fit to take the next step to prosper within the global information economy rather than just participate.

My expertise has most recently been called upon by Hewlett Packards Research and Innovation Labs, the UK’s Economic & Social Research Council and UK CyberSecurity Knowledge Transfer Network to drive public policy debate.  I’ve also  been called upon, by both BBC radio and television, to comment upon information security related incidents.