Welcome to the web site for John Leach Information Security, JLIS. This is where you can find out about me, John Leach, my consultancy skills and experience and the services I offer. It is also the place to find out about TBSE and the opportunities that a scientific approach to managing security risk can enable.
I am an independent Information Risk and Security expert with over 25 years' experience. I provide a range of bespoke consultancy services, with much of what I do falling into three categories:
♦ Threat and risk modelling - from elementary modelling through to sophisticated mathematical analysis.
♦ Providing strategic advice - helping my clients improve the way they protect their business operations.
♦ Problem solving - building on my research background and analytical skills to develop new and innovative solutions for my clients.
I also support my clients by working with them in a contract capacity.  Whereas my consulting work is usually project-oriented with defined deliverables, contracting enables me to work with a client for a period of time in a defined role, helping them with a broad range of tasks relating to that role.
My clients are most often Blue Chip UK, European or US organisations. I have worked with companies across all sectors but mostly I work with those in Technology or Finance. I led and delivered IAAC's highly regarded research programme for five years and was an active member of IAAC's management committee for nine years. I am also a reviewer of papers for Computers and Security and for IEEE S&P.
This web site will introduce you to me and my work. You can download copies of my biography, my credentials and CV, my services, some of the articles and papers I have written, and more. I also invite you to take a look at my LinkedIn pages as there you will be able to see more about the things that interest me in the field.
In addition, this web site will introduce you to TBSE. TBSE (threat-based security engineering) is a ground-breaking method I have developed for analysing security risk stochastically. Given the nature of the dynamics behind risk, this is, to my scientific frame of mind, the natural way to model most security risks (the exception being the extremely rare events for which standardised data cannot be obtained). If you are unfamiliar with TBSE, this site will explain what TBSE is about. If you would like to know how TBSE could be of use to you, it will provide you with some examples. If you are interested to know more, then please get in touch.
I hope you have a good visit and find what you need. If there is anything you can't find here, or if you have comments and feedback, then please get in touch with me using the contact details below.