Dr John Leach


I have been an Information Risk and Security professional for more than 25 years.  I have held senior positions in the security teams of a number of organisations, including NatWest Bank, and have led the security teams of a number of technically-specialised security consultancies.  In December 2002, I formed my own company, JLIS, to enable me to provide my unique brand of Information Security consultancy services independently.  This also allowed me to pursue research into a number of areas of special interest.  Most notable amongst these is my ground-breaking research into analytic techniques for modelling security risk, which led to the development of TBSE in 2003/04.

I specialise in creating innovative solutions to difficult problems, bringing together my academic training and my long experience working with Blue Chip national and international organisations in the security field.  I also specialise in helping clients in their use of security data to create meaningful results and to improve their risk management decision making.  Much of my work has been on strategic projects that require the high levels of expertise, skill and reliability I bring.

I have worked for clients across the public and private sectors, and in the UK, Europe, USA and Asia.  I have delivered numerous training courses and workshops for clients, and presented at public conferences on a wide variety of subjects.  I was an active member of the Management Committee for IAAC, the Information Assurance Advisory Council, from May 2002 to March 2011, and led IAAC's widely-acclaimed research programme from mid 2006 through June 2011.  (For copies of the reports I have developed for IAAC, please go to Articles and Papers.)  I am also a member of the International Board of Referees for Computers and Security and a peer reviewer for IEEE Security and Privacy.

To download a pdf version of my biography, please click here.

Return to Credentials.