Why we need to re-think the human factor in security, with Bruce Hallas

Bruce Hallas sits in the hot seat for a change as Alexia from Marmalade Box grills him, for this: Episode 31 of the Re-Thinking the Human Factor Podcast.

We’ve received a lot of emails asking us for more information about Bruce Hallas, the host of this podcast. So Alexia from Marmalade Box, agreed to put Bruce through some viewer-lead questioning in the hopes of delving deeper into his background and expertise, so that you can better understand your host.

Having trained in accounting and law, Bruce started his work life in business development, outside the realms of tech, and found himself passionate about security awareness and human behaviour. Via a series of questioning, 7 years ago Bruce was lead to his groundbreaking research that lead to his book ‘Rethinking The Human Factor’. Apart from his work as a researcher and author, he also runs Marmalade Box, a company dedicated to helping organisations cultivate and design a positive security awareness by raising awareness and influencing behaviours.

Bruce is an expert in reducing risk and helping companies to design security processes that reduce the guesswork from the human factor. We know you will enjoy listening to how and why Bruce is so passionate about his chosen occupation and how you can benefit from his vast understanding.

Why we need to re-think the human factor in security, with Bruce Hallas

by Bruce Hallas | Re-thinking the Human Factor Podcast


  • The questions Bruce asked himself when he started his research journey:
    • How effective were standard procedures towards security and could they be improved ?
    • Why is security information important?
    • What does it even mean to be human?
    • Could risk be reduced via understanding human behaviour and culture within the work space?
  • How understanding the human factor allows for better engagement.
    • Convincing people to take part. Managing expectations.
    • Understanding physiology and human behaviour to get greater results.
    • Marketing lessons applied to security awareness and culture to reap greater rewards.
  • Breaking down the entire system within information security to better the process.
    • Repeating the same thing over and over again and expecting a different result is insanity. Changing the paradigm to see growth.
    • Turning the tide of influence. Instead of the vendors giving you the options, equipping people fully to tackle their own needs.
    • Empowering people with a strategy and a vision to put them in the driving seat.
  • The Analogies Project and how analogies help in shaping culture and behaviour.
  • Who benefits the most from the Rethinking The Human Factor research?
    • CISOs and Security professionals.
    • Education and awareness managers and data protection officers.
    • Human Resources, internal coms and in general anyone who has to work with humans.
  • Designing with the human in mind.
    • The importance of understanding the unconscious human processes.
    • How cyber criminals design attacks with human behaviour in mind. To counteract such attacks one must also consider the human factor.
    • How a shortage of time and resources limits people’s ability to make change and rethink things.
  • Does evidence point to the validity of the frame work created from the research done in Rethinking The Human Factor?
    • Big brands and how they are using the human factor frame work within their companies successfully.
    • Derren Brown noticed how human behaviour can be manipulated with subtle changes within an environment towards a desired outcome.
    • Recorded increase within user outcome and how it drives compliance and reduces risk.
  • The importance of establishing a cohesive vision as an anchor.
    • Getting people emotionally involved and invested in new processes enables greater success when implementing them.
    • Shifts within culture need to be nurtured from the bottom up, sides in and top down.
  • How personal values influence culture.
    • Simplicity is your good friend when trying to influencing culture.
    • Nobody wants to be told a task will be a lot of hard work. This can be a turn off towards engagement.
  • What can my organisation do to benefit from this?
    • Workshops with internal and external options.
    • Benchmark exercises can be revealing and helpful.
    • The thinking behind your security protocol needs to be measurable and executable for success and compliance with regulations.
    • It’s never too late to lower risk and position yourself for security and awareness success.Resilience over prevention is the most realistic standpoint.

Why we need to re-think the human factor in security, with Bruce Hallas

by Bruce Hallas | Re-thinking the Human Factor Podcast



Bruce Hallas on LinkedIn

Marmalade Box

The Analogies Project


Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.

Thanks for listening and sharing.

Bruce & The Re-thinking the Human Factor Podcast Team