Dr. Phil Legg is an Associate Professor in Cyber Security and Programme Leader for MSc Cyber Security at the University of the West of England (UWE Bristol), UK.

His research intersects across Cyber Security, looking at how machine learning, visual analytics, and human-computer interaction are adopted within cyber security, to improve interpretability and understanding of risk, and to improve robustness and trust of modern security technologies. His early research addresses the robustness of machine learning and computer vision systems, as well as how such models can be utilised for insider threat detection and cyber situational awareness. More recently, he is interested in how human-machine teaming can help to establish confidence and trust in human-machine agents, and how active learning techniques can be used to interrogate model robustness and identify security vulnerabilities such as adversarial learning cases. At UWE Bristol, he is an active researcher within the Computer Science Research Centre in the Department of Computer Science and Creative Technologies.

He studied at Cardiff University for both his BSc Computer Science and his PhD Computer Science. After completing his PhD in 2010, he went on to post-doctoral research and teaching roles at Swansea University and the University of Oxford, working with a variety of stakeholders in industry and government. He then joined UWE Bristol in 2015. He holds a Postgraduate Certificate in Teaching and Learning for Higher Education (Distinction), and is a Fellow of the Higher Education Academy. He is a professional member of the IEEE and the BCS. He also holds a Security+ professional certification from CompTIA.


My research interests intersect Cyber Security, Machine Learning and Visual Analytics. In particular, I am interested in how we can use Machine Learning for Cyber Security, whilst ensuring that learning algorithms are robust to adversaries (e.g., "insider" threats, or those who can craft adversarial inputs). I'm also interested in how interactive ML can be used with visualisation to better facilitate cyber security analysts, creating a greater collaborative effort between human and machine analysis. Lastly, I have recently been interested in how ML can be used for cyber security defence, including the dynamic generation of deception networks, and the use of federated learning for increased privacy preservation in machine learning across distributed networks. My research has been successfully funded from a variety of external sources including UK Government and UK-based SMEs. Publication details are available on Google Scholar, or you can view my full academic profile.

Selected Research Projects

SCOUT: Fully automated enhanced risk assessment engine

How can machine learning be used to form greater understanding of complex and incomplete data attributes related to cyber crime, anti-money laundering, and counter-terrorism financing?
Collaboration with Synalogik Ltd.
Funded by InnovateUK.
More details

CAVForth Cyber Security

What are the cyber security issues related to connected autonomous vehicles, and how can we mitigate against these in provided a fully-automated public transport service?
Collaboration with Fusion Processing Ltd. and the Bristol Robotics Laboratory.
Funded by Centre for Connected Autonomous Vehicles and InnovateUK.
More details

HASTE: Human-centric active-learning for decision support in threat exploration

How can machine learning help us to understand human decision making processes? How do we incorporate human knowledge with machine learning? How do humans explore and interact with machine learning processes?
Funded by the DSTL Defence and Security Accelerator (DASA).

RicherPicture: Automated network defence through business and threat-led machine learning

How can we better understand, and better protect, our organisational situation awareness through business and threat-led machine learning?
Collaboration with Cyber Security Oxford.
Funded by the Defence Science and Technology Laboratory (DSTL).

ePSA: Enhanced Cyber Security through Personal Situational Awareness

How can we enhance our understanding and control of what information our devices are sharing out, and to whom they may be sharing?
Funded by UWE Vice Chancellor's Early Career Researcher Award

Visualising the Insider Threat

How can visual analytics support and relay human intution back into machine learning detection tools?
Funded by UWE Faculty of Environment and Technology

Research Supervision

I currently supervise 4 PhD students in Machine Learning and Cyber Security, who as part of their research activities work collaboratively with UK-based SMEs.

Andrew McCarthy

Building Trust through Interactive Inspection of Adversarial Machine Learning Attacks.
Collaborative research project with Techmodal Ltd.

Gwyn Wilkinson

Shared Collaborative Project Planning in Secure Federated Learning Environments.
Collaborative research project with Techmodal Ltd.

Yawei Yue

Security and Privacy Behaviour Modelling and Analysing in the Internet of Things (IoT)


I am Programme Leader for the MSc Cyber Security at UWE Bristol, which is fully certified by the National Cyber Security Centre (NCSC). I teach Information Risk Management as part of the MSc Cyber Security. I also teach Security Data Analytics and Visualisation on the undergraduate BSc Cyber Security and Digital Forensics programme. I also supervise a number of undergraduate projects and postgraduate dissertations each year.

I help to organise outreach educational activities with our local communities, involving schools and businesses. At UWE Bristol, we have hosted NCSC CyberFirst competitions and Cyber Security Challenge UK. We have also hosted education events for local school teachers, and we have industry partners that we collaborative with to deliver workshop activities.

I am also a co-founder of CISSEUK (Colloquium on Information Systems Security Education UK), a recent UK initiative with long-standing US history that seeks to develop a collaborative learning and teaching community in Cyber Security, both across the UK and with CISSE USA.

Teaching Resources


March 2020 - Working with colleagues in the Faculty of Business and Law, and with Synalogik, we have successfully attracted InnovateUK funding for developing AI methods in risk analysis and assessment. We have also successfully secured an internship working with the NCSC in the area of malware visualisation. Our UWEcyber outreach work has continued, and three students, Thomas Higgs, Pennie Spruhan, and Avin Karim, have been running Scalectrix hacking events in schools around Bristol.

February 2020 - CISSEUK hosted a one-day workshop on how we teach students about `experience'. As the main barrier to entry for many students, academics consider how best to integrate experience as a skill that students can report on when interviewing for roles. It was a productive and insightful workshop with a number of interesting outcomes reported. We also took our BSc and MSc students on a field trip to Abertay University, to the Securitay Conference. This is a largest student-organised security conference in Europe, and was a fantastic opportunity to offer our students.

January 2020 - I am working with colleagues in the Bristol Robotics Laboratory on the ``CAVForth'' project. This project is exploring the cyber security considerations around Connected and Autonomous Vehicles, to develop a fully autonomous bus for commuting on the Forth bridge in Edinburgh. I also acted as an External PhD Examiner at Cardiff University, reviewing work in the area of malware analysis and propagation via social networks.


Useful resources for teaching, research, and other related activities.


If you are interested in my work please get in touch (Phil.Legg@uwe.ac.uk). I am always keen to discuss new opportunities for collaboration, whether this be for research activity or for teaching and educational engagement.