I have been an Information Security professional for more than 30 years. Over that time I have built a reputation for providing innovative ideas and solutions, and for being able to tackle new and unfamiliar security needs. I started out working for a large British bank and established their first technical IT security team. I then moved into consultancy, specialised in application and cryptographic security, and led technical teams for a small number of UK and USA boutique security consultancies. Over the years, my clients have included FTSE 100 companies, civil government, and many household names in the financial, technology, retail, insurance and accountancy sectors.
In November 2002, I established JLIS and became an independent consultant. This gave me the freedom to tackle the cyber security challenges that interest me today. I have a scientific background (to Ph.D. level) and know we can achieve so much more in the information/cyber security space when we approach security from a scientific and analytical perspective.
In the past 17 years, I have undertaken a large number of projects for clients. I have helped numerous clients by building threat models and risk dashboards. I helped a major security service provider show in pounds and pence the security added-benefit their customers get by taking their service. I helped an IT services provider demonstrate objectively and robustly the greater security strength of their service compared to that from their main competitor. And I have designed over 40 security risk metrics for one of the largest banks in the world, giving them direct measurements of the various risk-relevant activities taking place at various points within their IT estate so they could identify their weaknesses and deal with them.
I have delivered numerous training courses and workshops for clients, and presented at public conferences on a wide variety of subjects. I was an active member of the Management Committee for the Information Assurance Advisory Council (www.iaac.org.uk) from May 2002 through March 2011, and led IAAC’s widely-acclaimed research programme from mid 2006 through to June 2011. I am also a member of the International Board of Referees for Computers and Security and have peer reviewed well over 30 articles submitted for publication across a wide range of subjects.