I have been an Information Security professional for more than 30 years. Over that time I have built a reputation for providing innovative ideas and solutions, and for being able to tackle new and unfamiliar security needs. I started out working for one of the large British Banks and established their first technical IT security team. I then moved into consultancy, specialised in application and cryptographic security, and led technical teams for several UK and USA boutique security consultancies. Over the years, my clients have included FTSE 100 companies, civil government, and many household names in the financial, technology, retail, insurance and accountancy sectors.
In 2002, I established JLIS and became an independent consultant. This gave me the freedom to tackle the cyber security challenges that interest me today. I have a scientific background (to Ph.D. level) and am convinced we can achieve so much more in the information/cyber security space by approaching security from a scientific and analytical perspective.
In the past 15 years, I have undertaken a large number of projects for my clients that have been built around my ability to apply an analytical approach. I have helped many clients by building threat models and risk dashboards for them. I helped a major security service provider show in pounds and pence the security benefit their customers get by taking their service. I helped an IT services provider demonstrate objectively and robustly the security strength of their service compared to that from their main competitor. And I have designed over 40 security risk metrics for one of the largest banks in the world, giving them direct measurements of the various risk-relevant activities taking place at various points within their IT estate.
I have delivered numerous training courses and workshops for clients, and presented at public conferences on a wide variety of subjects. I was an active member of the Management Committee for the Information Assurance Advisory Council (www.iaac.org.uk) from May 2002 through March 2011, and led IAAC’s widely-acclaimed research programme from mid 2006 through to June 2011. I am also a member of the International Board of Referees for Computers and Security and a peer reviewer for IEEE Security and Privacy
Please see my CV below for my qualifications, some of the clients I have worked for, and a list of some of the projects I have undertaken.