I have been an Information Security professional for more than 30 years, and over that time have built a reputation as a provider of innovative ideas and solutions, able to tackle new as well as familiar security needs. I started out working for one of the large British Banks, and established their first technical IT security team. I then moved into consultancy, specialised in application and cryptographic security, and led technical teams for several UK and USA boutique security consultancies. Over the years, my clients have included FTSE 100 companies, civil government, and many household names in the financial, technology, retail, insurance and accountancy sectors.
In 2002, I established JLIS and became an independent consultant. This gave me the freedom to tackle the Cyber Security challenges that interest me today. I have a scientific background (to Ph.D. level) and am convinced we can achieve so much more in the InfoSec space by approaching security from a scientific and analytical perspective.
In the past 15 years, I have undertaken a growing number of projects for clients that draw on that type of approach. I have helped many clients by building threat models and risk dashboards for them. I have helped a major security service provider show in pounds and pence the security benefit their customers get from their service. I have helped an IT services provider demonstrate objectively and robustly the security strength of their service compared to that from their main competitor. And I have designed over 40 security risk metrics for one of the largest banks in the world, giving them direct measurements of the risk-relevant activity taking place at various points within their IT estate.
I have delivered numerous training courses and workshops for clients, and presented at public conferences on a wide variety of subjects. I was an active member of the Management Committee for the Information Assurance Advisory Council (www.iaac.org.uk) from May 2002 through March 2011, and led IAAC’s widely-acclaimed research programme from mid 2006 through to June 2011. I am also a member of the International Board of Referees for Computers and Security and a peer reviewer for IEEE Security and Privacy