James Eaton-Lee

Work with me

I work with organisations facing difficult technology, security, privacy, and data problems- particularly where stakes are high, the path is unclear, and decisions carry real consequences.

My focus- and the value I’m most proud to add – is not just on understanding risk, but on helping teams move forward with clarity and judgement.

Most of my work sits at the intersection of security, privacy, and technology leadership, often in environments where tech trust, safety, and operational reality are tightly coupled.

My Background

I’ve worked across technology, security, privacy, and risk in both consulting and leadership roles.

I started out building and breaking systems – engineering, security architecture, and red teaming – and spent nearly a decade as a consultant working with organisations ranging from large technology companies to government. That work covered everything from incident response and due diligence to product security, research, and complex advisory work.

Since then, I’ve combined leadership, consulting, and hands-on roles -building teams and functions, running programmes, and advising organisations operating in complex or high-risk environments. I’ve done work on funding, grantmaking, policy, and investigative & research work.

This includes recent work on dual use technology; AI and Machine Learning adoption, governance and safety; open source and digital public goods; critical infrastructure and various emerging technologies.

Across that work, a few threads are consistent:

– helping organisations translate intent into workable strategy, governance, and delivery
– supporting teams operating under real constraints – time, funding, complexity, or risk
– working on problems that are adversarial, ambiguous, or difficult to structure cleanly
– bridging between technical, organisational, and policy worlds

For more, see about me or visit my linkedin.

How I work

I approach problems pragmatically, grounded in how organisations actually function and what they can realistically do, rather than how they are supposed to.

Security, privacy, and governance are not abstract exercises; they are lived systems shaped by incentives, constraints, and trade-offs.

My work almost always starts with understanding this context – what matters, what is stuck, and what “good” looks like in practice – and aligning on it with you.

My aim is then to help you make decisions under uncertainty, and balance risk, speed, and opportunity in a way that is proportionate, defensible, empowering, and workable.

That often means simplifying where things have become over-engineered, adding structure where things are too loose, or finding a different path when existing approaches are not working.

Where I help

I tend to be most useful in areas such as:

  • Technology & Security strategy and leadership
    Clarifying direction, setting priorities, and translating intent into executable programmes – or helping to assess what’s there now – as well as what is and isn’t working.
  • Privacy, governance, and compliance
    Designing approaches that meet regulatory and ethical requirements without paralysing delivery – or which build data governance designed to support innovation, work on AI, or tech transformation.
  • Organisational design and operating models
    Helping teams structure how technology, security and risk work actually gets done across product, engineering, business teams, and leadership.
  • Complex, novel or sensitive risk problems
    Supporting decisions involving high-risk data, adversarial threat environments, complex stakeholder environments, or public scrutiny – particularly with knotty problems which elude simple attempts to ‘comply with relevant regulations’ or ‘adopt good commercial practice’.
  • Emerging technology and AI governance
    Shaping responsible approaches to new technologies where norms, controls, and expectations are still evolving and ‘good’ is a complex function of risk, trust, harm, reputation, and impact.

Typical engagements

My work is often advisory in nature, but can be grounded in practical delivery. Examples include:

  • Working with leadership teams to draft, define or reset strategy and jumpstart implementation
  • Supporting product and engineering teams to navigate difficult risk or design decisions
  • Helping organisations prepare for growth, external scrutiny, or regulatory engagement
  • Providing structured assessment, thinking and challenge on new or high-risk initiatives
  • Short term support to hold or deliver specific capabilities, practices, or outcomes
  • Capacity building – coaching or supporting teams, individuals, or leaders during transition
  • Crisis support – as a ‘breach coach’, critical friend, or advisor during incidents or crises
  • Acting as a trusted sounding board for senior leaders dealing with complex trade-offs

Engagements can be short and focused, or develop into ongoing advisory relationships depending on need.

Who I work with

I typically work directly with thematic leads, risk leaders, founders and senior or engineering leaders, as well as with program, product and engineering teams responsible for building and operating systems.

Organisations I support are often handling sensitive data, operating in complex environments, scaling rapidly or working on problems where mistakes carry real cost – whether technical, organisational, or societal.

I’m particularly interested in novel tech and risk challenges in innovation pathways, complex environments with difficult resourcing and governance needs or maturity challenges, and civil society and international organisations subject to ongoing and sophisticated physical & digital attack.

Work tends to go best where there is openness to challenge, a willingness to engage with trade-offs, and a desire to make progress rather than defer decisions – although sometimes where we’re honest none of those enablers exist and we’re trying to build them but well-aligned on it!

Ways of working

I take on a small number of engagements at a time, in a way that allows for focus and continuity, and dependent on my broader workload.

The exact shape depends on the problem. In most cases, the goal is to provide enough structure and momentum that the organisation can continue effectively without ongoing dependency.

I’m also happy to work together pro bono if the problem and your budget warrant it; I’ve sat on various governance, advisory and research ethics boards and am happy to chat to you about this if you feel I may give your project or team value.

Contact

If this resonates, feel free to get in touch with a short note on what you’re working on – I will be happy to have a no commitment chat about your challenge if it seems like we might be a fit!

You can reach me at work-together@jeremiad.org or see my contact me page for other options.