What people say


Nigel Jones

Formerly the Director for the UK CyberSecurity KTN and now Senior Fellow at Cranfield University and the Defence Academy.

“As the Director for the UK’s Cyber Security KTN, a government/private sector collaboration funded by the UK Technology Strategy Board, I  met and worked with Bruce. He showed a thorough understanding of the implications of information security not only within the context of organisational challenges and opportunities but also the broader relationship with national policy. This led to an agreement to fund some work into his IRISS (Integrated Information Security Strategy). Bruce was also active in championing SMEs needs in adopting security best practice and the economic arguments for adopting information security. I admire Bruce for his drive and strategic thinking in the security domain.”


John Sharp ( former CEO of the Business Continuity Institute)

Formerly Chief Executive of the Business Continuity Institute, Associate Course Director at the UK Government Emergency Planning College, Honorary Fellow of the Business Continuity Institue,  BCM Technical Expert for the UK Accreditation Service and  author upon BCM.

“I have known Bruce Hallas of the Marmalade Box for the past three years.  His knowledge and understanding of the issues surrounding organisation resilience and, in particular, information security is outstanding.  His approach to raising the issues involved in these topics is innovative and his enthusiasm is infectious.

I have no hesitation in recommending Bruce Hallas to any person or organisation”


James Marston

Head of Security at the HMRC Aspire Project.

I have known Bruce for seven years and met him when I joined his team as a security consultant at ISC Networks.  I joined ISC after meeting Bruce and experiencing his passion for Information Security.  Bruce had at this time a visionary approach to security recognising that it needed board level understanding and sponsorship if it was to be successful and more than a product based answer.

He identified that a business driven engagement was needed with board level engagement.  Previously, I had seen security driven into organisations by system integrators as a series of disparate product based solutions sold into the IT department, never engaging within a risk based discussion with board level stakeholders.

Whilst at ISC Bruce also created a proposition of a BS7799 service offering which aimed to support SME’s to implement BS7799. His motivation was to address the barriers to the implementation of security best practice amongst small and medium sized businesses.  He and others within the team worked to secure clients who saw both the regulatory need and the business advantage which could be gained from having assurance that their information assets where being given appropriate and proportionate protection.

Since leaving ISC and starting up his own information security practice Bruce has continued to focus upon the application of security within business.  His passion and commitment to this has been steadfast throughout, never wavering from his core values.  This passion is to inform the business or individual, who is accountable for managing risk, by providing relevant facts and evidence applicable to the audience.  He is professional and has absolute integrity, sometimes at the cost of a sale.  If the client does not see the need for information security and the protection of their business assets, Bruce will leave them to operate.

I would recommend Bruce as a true Information Security professional and one whom I would happily work with or for again.


Prof. David Pym

HP Research Laboratories

I find Bruce’s contributions to our development of our understanding of issues in information security and stewardship to be well-informed, well-articulated, and most valuable.

Mark Harrison

Information Security Manager Southern Water

“Bruce has a clear view on how information & IT security can add value within an organisation based around balancing business risk and impact, to cash flow and profitability, with security threats. This, combined with his ability to quickly grasp stakeholder interests and their relationship with security, enables him to communicate effectively with senior managers and directors. His experience and training outside of IT, especially in law, finance and marketing means that he brings a business perspective to discussions and conducting risk assessments. He understands how security risks could be influenced by factors outside of the IT domain and how IT security incidents can affect the performance and metrics of key business stakeholders. Bruce is a problem solver and is likely to throw new light on current IT security management problems. We discussed improving stakeholder engagement, addressing the internal perception of IT Security as a barrier to productive and effective business and developing and maintaining an effective security presence on a limited budget. On a personal level his enthusiasm for security creates a level of interest and enthusiasm for security which inspires others. He is an active team member, willing to answer questions in a pragmatic manner and provides clear practical advice. Bruce is an asset and I look forward to engaging with him again in the future.” October 10, 2012

Robin Smith

Information Governance Manager

“Bruce provided a forensic analysis of our security issues and risks. He provided a realistic and well defined blueprint for improvement and remained supportive and insightful throughout the implementation phase.”