Personal Information


Steve Wilson is VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA).

Coverage Areas:

  • Digital Identity frameworks and governance
  • Digital ID rules and regulations
  • Data protection trends and innovation
  • Verifiable Credentials and Digital Wallets
  • Privacy by Design
  • Big Data and “Big Privacy”
  • Confidential Computing
  • FIDO Alliance, Passkeys, biometrics.

Previous experience:

Steve has worked in ICT innovation, research, development and analysis for over 30 years. With double degrees in physics and electrical engineering, the early part of his career saw high achievement in medical software engineering and product development, in Australia and the U.S. He moved into digital identity in 1995, working in R&D management and Principal Consultant roles with Baltimore Technologies (nee Security Domain), KPMG, PwC and SecureNet/CyberTrust. He founded Lockstep Consulting in 2004, where he has forged a unique perspective on identity, privacy and data protection. He has been described as “one of the most original thinkers in Digital Identity in the world today”.

Professional background:

- CSIRO: Experimental Scientist (1986-87)
- Telectronics Pacing Systems: Systems Engineer, Team Leader, Section Head (1987-92)
- Telectronics Pacing Systems (USA): Head of Software Engineering (1992-95)
- Baltimore Technologies (Security Domain): Software Development Manager (1995-97)
- KPMG: Associate Director, Certification Authority (1997-99)
- PwC beTRUSTed: Director of PKI Strategy & Policy (2000-02)
- CyberTrust (SecureNet): Chief Security Advisder & Professional Services Manager (2002-03)
- Lockstep Group: Founder & Principal Consultant  (2004-now)


- Bachelor of Science – physics major (1982)
- Bachelor of Electrical Engineering (Hons) – digital electronics major (1986)


  • System and method for anonymously indexing electronic record systems US 8,347,101; AU 2005220988
  • Authenticating electronic financial transactions US 8,608,065; US 8,286,865; AU 2009238204; NZ 589160
  • Verified anonymous code signing AU 2012101460
  • Decoupling identity from devices in the Internet of Things US 10,164,966

Twitter/X: @Steve_Lockstep



Big Ideas

A bigger vision of Data Protection

“Data Protection” in many parts of the world is synonymous with data privacy; for example, Europe’s famous GDPR regime stands for General Data Protection Regulation. Conventional data privacy centers on setting limits on personal data collection and use. It’s a powerful regulatory posture but inherently conservative.

A more progressive vision of data protection is coming with a focus on the specific factors that make data valuable and protecting those in context.

The things that make data valuable vary, and include its pedigree, origins, authorship, regulatory compliance, permissions to use, warranties and so on. As data sharing becomes more widespread and more critical, new infostructure (coordinated systems of rules and tools) is needed to distribute data quality signals – the story behind the data.

The future of the Cloud is Confidential Computing

Confidential Computing is a new category of protected compute, realising the dream of hardware-based security across a wider range of data processing.

Once confined to proprietary hardware security modules, affordable only by banks and government, Confidential Computing is being brought to market by some of the leading cloud services.

Confidential Computing will be critical infostructure, essential for information to become a true utility, as safe and accessible as clean drinking water.