We will soon be celebrating four years since launching Housemark’s Information Security Forum and started building a community for cyber security and data protection specialists in the housing sector.

When we discussed the original idea with Jane Porter and Jeanette Alfano from Optivo, we had a few requirements:

  • To make it an official WARP for housing, with support from the NCSC
  • To ensure it was more than a talking shop, and that participants learn from one another
  • To make it a space for all organisations in the sector, regardless of size

Getting the NCSC on board was critical and, thanks to the support of Helen P and Cub L, we managed to secure their presence and advice at our meetings. Getting organisations of all sizes involved was also essential, and fortunately this was achieved early on. The requirement to ensure the group enables learning from one another was perhaps the most challenging – sharing best practice and intelligence requires trust amongst members, and that takes time to build. Also, cyber security is a complex topic which at times can be very technical.

Four years on, we have a group with high levels of trust where valuable intelligence is shared at every meeting and there are great learning opportunities for everyone involved. There’s one member of the team who has been driving this over the years: Bruce Thomson.

Figure 1: When asked to share a picture of himself, this is what we got! Clearly a man of mystery

Bruce is one of those rare individuals who is technically proficient and able to express complex topics in a simple way. He is our ‘resident hacker’ and has taken the group through a hands-on journey covering everything from email security to wi-fi and QR code hacking and dark web monitoring.

Figure 2: Bruce showing a t-shirt with a virus embedded in a QR code for testing vulnerabilities in CCTV systems

When looking at email security, Bruce not only explained the importance of things like DMARC and DKIM, but also built a tool that monitored the email setup of forum members, then produced a league table where everyone would challenge each other to improve. Bruce personally helped members of the forum to configure their settings and was always available to troubleshoot issues and do additional research.

One of my favourite sessions was when Bruce demonstrated how to create a fake wireless network to steal credentials. This took place when meetings were in person, and Bruce arrived with a backpack full of cables and gear and proceeded to show us how someone can compromise a wireless network in a public place by creating an ‘evil twin’. Bruce extended this experiment and built a fully mobile set which he carried in a backpack and looked for vulnerable wireless networks around his neighbourhood. These examples show that cyber security is not something that is limited to work, but something that impacts our everyday lives. Bruce would always say: ‘Use your powers for good’, and I think the impact Bruce has had in the information security community in housing is proof that he has successfully followed his own advice.

Figure 3: Some of Bruce’s gear for demonstrating how to create a fake Wi-Fi network or ‘evil twin’

Bruce has decided to reduce his working commitments and will leave our Information Security Forum from October. As someone who is prepared for all eventualities, Bruce has made sure we don’t come back and drag him out of retirement by recommending Campbell Murray to take over as our new friendly ethical hacker. Campbell has a wide experience in cyber security and works regularly with NCSC and across multiple sectors. I am very excited about Campbell’s contribution and continuing with the hands-on learning that members value so much.

As we move into our fifth year, I just wanted to thank Bruce for everything he has done for the cyber security community in housing. The legendary sessions will be fondly remembered, and we will continue using our powers for good.

Housemark’s Information Security Forum next meets online on 12 and 13 October. Contact monika.edwards@housemark.co.uk for more information and to join.