My name’s James. I do tech stuff, these days for NGOs and vulnerable groups in society. In my day job I am the Director of Information Security at Human Rights Watch, where I work with an incredible team to manage and understand problems and risks at the intersection of infosec, privacy, information resilience, human rights research, society and technology.

I am profoundly lucky to be able to do a job I enjoy with people I care about and where – for my dayjob – I basically get to devote my time to thinking about interesting things and supporting important work.

In past lives, I….

….setup the Digital and Information Security Consulting Team at Open Briefing. My excellent friends at Open Briefing run a nonprofit which supports ‘at-risk’ human rights defenders, journalists, lawyers, and others who experience harm or oppression as a result of social change, research, advocacy, and human rights work.

I sat on the leadership team at OB, refreshed its DIS strategy and impact work, recruited some incredible technologists and activists; and worked on problems as wide-ranging as organisational risk governance, resilience against spyware and surveillance, infosec review, and crisis management & incident response during targeted adversarial threats.

….was the first CISO at NetHope and ran its ‘Digital Protection Program‘ for its first ~two years. NetHope is a consortium of around 60 of the world’s largest Development and Humanitarian INGOs, and was setup in partnership with the tech sector to work on digital problems affecting global nonprofit work.

My grant-funded program / work included operationalising a vCISO service for members; partnerships with folks like the SANS Institute and Center for Internet Security to deliver training and do research on nonprofit cybersecurity (as well as with funders like Cisco, Okta, and USAID); work on Threat Intelligence sharing; carrying out out the research work, design and operational work for the GH-ISAC and developing funding relationships; making grants to NGOs to fund ‘public good’ cybersecurity and privacy projects and a bunch of other things.

I even built an expansion pack for the TTX game ‘backdoors and breaches‘ (and ran it at various conferences with friends from Cisco and NGO-ISAC) with cards enshrining my and others’ past trauma in a reusable resource for humanitarian and nonprofit technologists building their incident response and crisis management muscle which you can find on my github.

….built a cybersecurity + privacy team at Oxfam and ran it for a few years. I was probably Oxfam’s first Data Protection Officer. If you want the full picture you should look at my LinkedIn, but I’m particularly proud of some of the great humans I hired, the work I did on biometrics & identity, and the structured work we did integrating cyber + privacy.

At Oxfam, I worked on, researched, and investigated problems at the intersection of ethics, the humanitarian principle of ‘Do No Harm’, the law, and tech & tech policy issues in dozens of countries – including remote work on humanitarian and safety challenges in Myanmar, in North-West Syria, Ethiopia, Tanzania and dozens of other countries – and fieldwork in Rwanda, Jordan, and Bangladesh as part of the Rohingya Response.

…worked for a non-profit biometric tech startup (Simprints) as Director of Privacy, Responsible Data, and Risk – where I also built a cybersecurity & privacy program and worked on digital risk + innovation challenges with partners on 3 continents.

I’m proud of my small role in this great bunch of humans’ continuing journey on data responsibility. Things I found particularly fun include: kickstarting an innovation partnership with ICRC (youtube) which led to a novel open source library for protecting biometric data in humanitarian settings (paper / code), drafting a Simprints strategy on ethical open source biometrics more broadly, and authoring a handbook on humanitarian biometric safety.

…did a lot of cybersecurity consulting, security research & red teaming. I worked for NGSSoftware, an eccentric and high-end British security research & consulting firm acquired by NCC Group. In my consulting life I helped customers from government to tech to media figure out how broken (or not) their tech was, and how to build and operate it safely and wisely, through a mixture of adversarial techniques, research, and commercial consulting.

When I left I estimated that I’d worked on around around 300 consulting engagements. If you’ve used the internet, setup a cloud computing platform, used a smartphone, accessed online banking, used government services in the UK, accessed healthcare or watched the TV chances are reasonably good you’ve used hardware or software I was involved in ripping apart or building safely.

Outside my work life, I….

…was one of the freenode staff team for longer than I really care to remember (and was part of the team that managed some of the ensuing crisis and setup libera.chat when freenode all went a bit weird). Libera.chat is an intentionally non-hierarchical project, but I was proud to have been its inaugural board chair / cat herder / consensus shepherd.

For a significant proportion of my adult life, I am more broadly wildly proud to have been part of an eclectic and ever-changing bunch of nerds holding together communications infrastructure most people have (thankfully) never heard of, and contributing to truly international and pluralist collaboration on some of the most important parts of modern information society.

Some of the best work I think I did at freenode included work with youth communities experiencing unfiltered internet for the first time during the Arab Spring, the resolution of uncountable inter-group forks and feuds in Open Source and Free Software projects, as well as the lifeboat we built when it became suddenly apparent the mothership had sprung a leak.

…have a fairly standard issue nerd range of hobbies which include SF, philosophy, amateur radio, martial arts, and calligraphy. If you’re in Oxford, you might know me from our bike coop, Broken Spoke where I occasionally volunteer as a mechanic & was once a trustee / board chair.

…work with civil society groups and at-risk communities in an attempt to use tech to make the world better, safer, faster, nicer. If you think we should be working together on this, please be in touch!

And most importantly – live in a loving home with my partner and young family; generally surrounded by friends, warmth, and the smell of coffee and homemade Indian food.

If you’re here, probably you know me from my work life – but maybe somewhere else! This site has pointers to some other places you can find me online, as well as some ephemera..