Are you a Security Professional?
Even if you’ve been a successful security professional for years, times are changing. Fast. In this line of work, you need to be able to stay one step ahead, because the forces affecting the organisations we’re hired to protect are relentless and test us on every front.
Technology is only part of the picture. The real gains to be made are in reducing the guesswork from the human factor. How can we create a security environment where our colleagues choose to make the positive security choice?
This is my personal site, where you can find out more about information security and how we can demonstrably raise awareness so that we can better influence behaviour and cultivate a security-savvy culture within organisations.
I’ve never been one for fitting into a neat peg. I originally trained in law, finance and marketing but once I’d qualified I decided I wanted something more XXXX. So I did a masters in international law.
My early career involved recruitment, sales and XXX so by the time I landed my first opportunity in security, I had learned to see businesses from all functions. It’s hard to un-know something, and I couldn’t help but approach security from a perspective that acknowledged the various business functions.
When I set up my consultancy practice Marmalade Box in 2009, this holistic view informed our whole approach, and my clients always appreciated my legal training because I could help them to quickly understand the legal implications of security decisions (and they could save on the lawyer fees!)
My legal and commercial approach to security means that I’m often invited by board members to help them get to grips with the security decisions they’re facing.
My ability to see things from other people’s perspectives and communicate it in terms they understand has often led to me being invited to speak to research bodies, co-working groups etc. XXXXX
My “Human Factor” Moment
It all started for me when my parents noticed that their credit card had been used to buy porn online. My brother, who was still living at home, suddenly looked like the obvious culprit. Lots of difficult and embarrassing conversations later, it was clear that their credit card details had been stolen.
This was a very difficult time for the family as we wrestled with trust, honesty and integrity, values that were at the heart of how my parents had raised us. This never left me and it taught me an important lesson: the human element of a data breach.
In my first fifteen years in information security, I always considered my work to be protecting people. They are not “data”; they are human beings with lives.
My focus on the human factor expanded from those whose data we’re protecting to those who support us within the organisation; how can we help them to help us?
I love history and stories and one day I had a light-bulb moment: what if we could use analogies to get the security message across? And what if security professionals everywhere could access a bank of content and stories to help them engage their colleagues in security to improve compliance?
This led to me setting up The Analogies Project, a not-for-profit, open-source collection of information security analogies. This was the first project to come out of the Hallas Institute, an organisation I’ve set up that is dedicated to researching and developing ideas and XX in keeping humans safe.
My obsession with the human factor continued. Through my Hallas Institute, I undertook a vast research project where I brought together findings from leading thinkers and researchers from the worlds of behavioural science,
I realised there was a gap between where we were and where we needed to be in terms of application. This led to the development of my SABC framework, which brings these disciplines together in the context of organisational security.
Marmalade Box is now hired by companies from around the world to help them implement SABC in their organisations. We either do it for
I’m often invited to speak on awareness, behaviour and culture at conference and events around the world. This year I have two books coming out on the subject.
The Analogies Project
Re-Thinking the Human Factor Podcast
Bruce has a background as an information security manager and practise manager. More recently he has helped global organisations to create positive change by designing highly effective information security awareness programmes that actually change behaviour and embed into the culture.
He’s also the Chairperson of the Corporate Executives Programme’s, Embedding Information Security Awareness into Business Systems working group, Founder of The Analogies Project. Bruce is the Managing Director at Marmalade Box, creator of SABC, a framework for making a positive change in Security Awareness, Behaviour and Culture.