Select Page
About Bruce

Are you a Security Professional?

You’re in the right place to learn how to become more effective what you do.

Even if you’ve been a successful security professional for years, times are changing. Fast. In this line of work, you need to be able to stay one step ahead, because the forces affecting the organisations we’re hired to protect are relentless and test us on every front.

Technology is only part of the picture. The real gains to be made are in reducing the guesswork from the human factor. How can we create a security environment where our colleagues choose to make the positive security choice?

This is my personal site, where you can find out more about information security and how we can demonstrably raise awareness so that we can better influence behaviour and cultivate a security-savvy culture within organisations.

CISO LEAD MAGNET
“I’d recommend the SABC™ workshop to security leaders with responsibility for culture change programmes if they’re interested in learning about new thinking on the topic, and about the scientific, academic and real-world support for those ideas.”
David Rimmer

VP Cyber Security EMEA & Global Education & Awareness, Equifax

My Story

I’ve never been one for fitting into a neat peg. I originally trained in law, finance and marketing but once I’d qualified I decided I wanted something more XXXX. So I did a masters in international law.

My early career involved recruitment, sales and XXX so by the time I landed my first opportunity in security, I had learned to see businesses from all functions. It’s hard to un-know something, and I couldn’t help but approach security from a perspective that acknowledged the various business functions.

When I set up my consultancy practice Marmalade Box in 2009, this holistic view informed our whole approach, and my clients always appreciated my legal training because I could help them to quickly understand the legal implications of security decisions (and they could save on the lawyer fees!)

My legal and commercial approach to security means that I’m often invited by board members to help them get to grips with the security decisions they’re facing.

My ability to see things from other people’s perspectives and communicate it in terms they understand has often led to me being invited to speak to research bodies, co-working groups etc. XXXXX

My “Human Factor” Moment

It all started for me when my parents noticed that their credit card had been used to buy porn online. My brother, who was still living at home, suddenly looked like the obvious culprit. Lots of difficult and embarrassing conversations later, it was clear that their credit card details had been stolen.

This was a very difficult time for the family as we wrestled with trust, honesty and integrity, values that were at the heart of how my parents had raised us. This never left me and it taught me an important lesson: the human element of a data breach.

In my first fifteen years in information security, I always considered my work to be protecting people. They are not “data”; they are human beings with lives.

My focus on the human factor expanded from those whose data we’re protecting to those who support us within the organisation; how can we help them to help us?

I love history and stories and one day I had a light-bulb moment: what if we could use analogies to get the security message across? And what if security professionals everywhere could access a bank of content and stories to help them engage their colleagues in security to improve compliance?

This led to me setting up The Analogies Project, a not-for-profit, open-source collection of information security analogies. This was the first project to come out of the Hallas Institute, an organisation I’ve set up that is dedicated to researching and developing ideas and XX in keeping humans safe.

My obsession with the human factor continued. Through my Hallas Institute, I undertook a vast research project where I brought together findings from leading thinkers and researchers from the worlds of behavioural science, XXX ,XXXX . Over a period of six years, this research and its findings were applied it to current challenges facing information security XX.

I realised there was a gap between where we were and where we needed to be in terms of application. This led to the development of my SABC framework, which brings these disciplines together in the context of organisational security.

Marmalade Box is now hired by companies from around the world to help them implement SABC in their organisations. We either do it for them, or help them do it. I also train security professionals in the SABC framework so that they can implement it in the organisations they work in.

I’m often invited to speak on awareness, behaviour and culture at conference and events around the world. This year I have two books coming out on the subject.

Marmalade Box

The Analogies Project

Hallas Institute

Re-Thinking the Human Factor Podcast

I’m drawn to looking at things from different perspectives and in my podcast I do just that. My guests are deliberately chosen from outside of the security industry so that we can learn from their outside perspectives. My guests have included Dan Ariely, the NYC best selling author, XXX Bill Clinton’s speech-writer and XXX the ex-chief of Obama’s Homeland Security Team.
SUBSCRIBE VIA APPLE PODCASTS
SUBSCRIBE VIA RSS
CISO LEAD MAGNET
“I’d recommend the SABC™ workshop to security leaders with responsibility for culture change programmes if they’re interested in learning about new thinking on the topic, and about the scientific, academic and real-world support for those ideas.”
David Rimmer

VP Cyber Security EMEA & Global Education & Awareness, Equifax

Bruce Hallas is an advocate, consultant, trainer and speaker in the field of information security awareness, behaviour and culture, governance, risk and compliance. He is the author of two upcoming books (Cyber Security ABCs: Delivering awareness, behaviours and culture change, commissioned by the British Computing Society, and Re-Thinking the Human Factor) and presents the security awareness, behaviour and culture podcast, Re-thinking the Human Factor.

Bruce has a background as an information security manager and practise manager. More recently he has helped global organisations to create positive change by designing highly effective information security awareness programmes that actually change behaviour and embed into the culture.

He’s also the Chairperson of the Corporate Executives Programme’s, Embedding Information Security Awareness into Business Systems working group, Founder of The Analogies Project. Bruce is the Managing Director at Marmalade Box, creator of SABC, a framework for making a positive change in Security Awareness, Behaviour and Culture.