Welcome to the web site for John Leach Information Security Limited, JLIS. This is the place to find out about me, John Leach, my consultancy skills and experience and the services I offer. It is also the place to find out about TBSE and the exciting opportunities a scientific approach to understanding and managing risk can bring.
I am an Information Risk and Security consultant with 25 years' experience behind me. I specialise in innovative solutions to difficult problems, combining my science research background with my many years serving the commercial sector. Recent highlights include:
♦ Co-authoring "The Privacy Dividend" articulating the business case for protecting privacy, written for the UK ICO.
♦ Some groundbreaking work calculating (in hard £ and p numbers) the financial worth to customers of the security benefits provided by my client’s managed service.
♦ Speaking at several recent conferences, on privacy, valuing information, modelling risk, and quantifying various aspects of security.
♦ Developing a Guide to IT Security for SMEs, giving SMEs a flexible plan that grows with them.
My speciality is taking a scientific approach to information security. Information Security tends to be practised today as an art built around intuition, subjective estimates and unsubstantiated “best practices” rather than as an engineering science built upon a proper analysis of the dynamics behind risk. This leaves organisations muddling around in the dark. I firmly believe that a scientific approach is a much better approach and is fully achievable today. It takes much of the guesswork and confusion away from the security decisions organisations make. It allows organisations to demonstrate objectively to their stakeholders that the security measures they have in place are appropriate and provide worthwhile returns. One of my goals is to help my clients do all of these things.
I have just presented a live webcast, part of the BrightTALK™ Threat Management Summit that ran on the 14th September 2011. The webcast is now available on-demand. The title is “A Scientific Approach to IT Security” and in it I describe what a scientific approach would look like and give an example of the type of (stochastic) analysis that one does using this approach. For further details, and to access the recording, please click here. Do call or e-mail me with any questions - I would be happy to clarify anything I said in the webcast and to expand on any of the ideas.
Also, take a look at my open LinkedIn discussion group Quantifying Information Security where you can contribute to the debate about what a scientific approach to Information Security has to offer.
My clients are most often Blue Chip UK, European or US organisations. I have worked with companies across all sectors but most often with those in technology or financial sectors. I led and delivered IAAC's highly regarded research programme for five years and was an active member of IAAC's management committee for nine years. I am also a reviewer of papers for Computers and Security and for IEEE S&P.
My main areas of work are: security risk research; privacy protection; risk modelling; metrics and measurements; threat profiling; SME security; risk management strategies and programmes.
This web site will give you everything you might want to know about me and my work. You can download copies of my biography, my credentials and CV, my services (which includes my new security training service), some of the articles and papers I have written, and more.
I have just released a new security training service. The goal of this service is to improve the security of clients' operations by helping them make substantial and lasting improvements to the behaviours of their staff. Please click here for further details.
This web site will also update you on the development of TBSE. TBSE (threat-based security engineering) is a method for analysing security risk stochastically which, given the nature of the dynamics behind risk, is how it needs to be analysed. If you are unfamiliar with TBSE, this site will explain what TBSE is about. If you are wondering how TBSE could benefit you, it will provide you with some examples. If you are interested to know more, then do get in touch.
I hope you have a good visit and find what you need. If there is anything you can't find here, or if you have comments and feedback, then please get in touch using the contact details below.