My name’s James. I’m a technologist who cares about helping teams and organisations with complex risk and technology needs make their tools and information systems more resilient, more effective, and less surprising.

I’ve done this as a technology leader, a program director, a solution builder, a risk practitioner, a consultant, an advisor, and a volunteer. Whatever hat, I’ve been truly lucky to have worked with some incredible projects, teams, and organisations trying to tackle difficult problems – often under funding constraints and adversarial pressure.

These days I usually prefer in-house roles — I increasingly like building things that last — but I’ve also done independent consulting and volunteering for implementers, funders, and NGOs on adversarial risk, technology strategy, organisational development, and the messier end of privacy and security innovation – including various pieces of work on & with boards, research ethics committees, and similar structures.

If you think we should work together, please be in touch!

In past lives

I set up the Digital & Information Security consulting team at Open Briefing, a nonprofit supporting at-risk human rights defenders, journalists, lawyers, and others facing targeted harm because of their work. I sat on the leadership team, recruited a wonderful group of technologists and activists, and worked across risk governance, resilience against spyware and surveillance, security reviews, and incident response during targeted threats.

I worked with the team at Human Rights Watch first as a consultant and then as Director of Information Security. During a period of organisational change and a shifting external landscape, we reshaped security operations, strategy, architecture, and governance to support resilience while enabling safe adoption of new tools — including internally built systems, commercial platforms, and emerging AI/LLM capabilities.

I was NetHope’s first CISO and ran its Digital Protection Program for the first two years. NetHope is a consortium of around 60 major development and humanitarian INGOs, set up with the tech sector to tackle shared digital challenges.

My program / work included operationalising a vCISO service for members; partnerships with the SANS Institute and Center for Internet Security to deliver training and do research on nonprofit cybersecurity; early work on the Global Humanitarian ISAC (including the design process for its operating model, the funding model, infrastucture, and Threat Intelligence work).

I even built an expansion pack for the TTX game ‘backdoors and breaches‘ (and ran training sessions with friends from Cisco and NGO-ISAC) which you can find on my github.

I built the cybersecurity + privacy team at Oxfam and ran it for a few years. I was probably Oxfam’s first Data Protection Officer. I’m particularly proud of the people we hired, the work we did on biometrics & identity, and the way we integrated information security and privacy governance to mutually reinforce and drive effective technology and data-centric work across 90 countries.

As well as a lot of crisis-driven work and operational InfoSec, my team’s work at Oxfam often heavily-treated problems at the intersection of the law, ethics, the humanitarian principle of ‘Do No Harm’, and tech policy, across a vibrant community of around 10,000 staff and 50,000 volunteers working on issues as varied as plumbing, cryptocurrency implementation, conflict research, and humanitarian protection.

My team’s work tackled complex tech and risk issues in dozens of countries – including extensive remote work on innovation, humanitarian, and safety challenges in Myanmar, Kenya, in North-West Syria, Ethiopia, and Tanzania; and on-the-ground fieldwork on tech & data challenges in locations as varied as Rwanda, Geneva, Jordan, DC, and Bangladesh (as part of the Rohingya Response).

I was Director of Privacy, Responsible Data, and Risk at Simprints, where I built a cyber + privacy programme and worked with partners across three continents on digital risk and innovation challenges. Highlights included kickstarting an innovation partnership with the ICRC that led to open tooling for protecting biometric data (paper / code); driving strategy on ethical open source biometrics prior to Simprints’ initial open source release of its product code; and authoring a handbook on humanitarian biometric safety.

I did a lot of security consulting at NGSSoftware (later acquired by NCC Group). Over time I worked on a large number of engagements across government, tech, and media – figuring out how systems fail, and how to build and operate them more safely. My NGS/NCC work included complex research-driven engagements, red teaming, code review, and other technical work supporting customers’ resilience, recovery, and risk management.

Outside my day job

I was one of the freenode staff team – supporting a critical mass of the open source ecosystem to collaborate – for nearly 15 years. After it experienced a serious governance failure I came back to help manage the ensuing crisis and was inaugural board chair at Libera.chat, its successor.

I am extremely proud to have been part of the eclectic and ever-changing bunch of nerds holding together communications infrastructure most people have never heard of via freenode and Libera.chat, and to have contributed meaningfully to truly international and pluralist collaboration on some of the most important parts of modern information society.

Some of the best work I think I did at freenode included work with youth communities experiencing unfiltered internet for the first time during the Arab Spring, the resolution of dozens of pieces of conflict within Open Source and Free Software projects, and the lifeboat we built when the mothership sprang a leak.

If you’re in Oxford, you might know me from our bike coop, Broken Spoke where I occasionally volunteer as a mechanic & was once a trustee / board chair.

Most importantly – I live in a loving home with my partner and young family – generally surrounded by friends, the smell of coffee and homemade Indian food, the never-ending laundry produced by a worsening multi-year martial arts addiction, and a library that seems to replicate when left untouched.

If you’re here, probably you know me from my work life – but maybe somewhere else! This site has pointers to some other places you can find me online, as well as some ephemera.