Bruce Hallas is a specialist in the human side of cybersecurity, championing the gains that can be made by reducing the guesswork of security and creating an environment in which users can make positive security choices. With over 20 years of experience in the industry, he combines insights from awareness, behavior and culture with best practice to create a more demonstrably mature approach to managing the human factors of information security
How did you get into the information security industry?
To cut a long story short, I went for a job and I discovered my interviewer was a keen windsurfer as he had a picture in his office from the same windsurfing magazine that I read. We spent quite a lot of time talking about our shared interest in the sport and other interests we had. We spent a lot less time talking about the job, but by then we had the seeds of a great working relationship. I was invited back to meet the MD and asked to deliver a presentation as part of the interview process. I turned up with a copy of their brochure and asked the MD if he’d signed off the content. He said “Yes.” I then went through all the values they espoused as being important to them and told him how, if I was chosen, I would support him to achieve these. They offered me the role before I left the building.
What’s the best thing about your job?
Right now, the best thing is seeing the ‘Aha!’ moment in people’s eyes or the metaphorical light bulb turning on when I sit down to talk with them about re-thinking the ‘human factor’ of security. However, what means the most is when people take that away with them and they become champions for change, whether within their organization or across the industry.
What’s the most interesting thing about security behaviors?
The interplay between awareness, behavior and culture fascinates me. When you come to understand how judgement and decisions are made, you start to make sense of a lot of the behaviors which confound us as security professionals.
Who would be in your dream project team?
It would have to be:
- John Kotter
- Richard Thaler
- Jonah Burger
- David C Evans
- Edgar Schein
- Geert Jan Hofstede
- Susan Weinschenk
- Yana Weinstein
Quick-fire Q&A
What’s your guilty pleasure?
Books. Lots of books! Also, a bottle of Margaux.
What’s your favorite film?
Not sure I should say, as it’s a standard ‘security question.’
What’s your biggest regret?
Not learning another language, but I’m currently working on that - I’m learning French!
What did you want to be when you were growing up?
Taller!
BIO @BruceHallas
Bruce Hallas is the author and host of Re-thinking the Human Factor (book and podcast). He is an advocate, consultant, trainer and speaker in the field of information security awareness, behavior and culture, with knowledge of governance, risk and compliance.