James Turner

James Turner

James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences. 

Read latest work...

Connect with James

Have a specific question James Turner?

Email

Forensic software firm Nuix has begun a search for a new chief executive with a "global IPO skill set", all but confirming plans to pursue a public listing in 2017 that may deliver the ASX a new $1 billion-plus technology company.

The move comes at the same time as the company has appointed cyber security expert and former US ambassador to Australia, Jeffrey Bleich, to its board, signalling a greater focus on its cyber products.

The company, which was founded in 2000 by a team of computer scientists and last year was instrumental in the Panama Papers investigation by providing the technology that was used to analyse the documents, is expected to be worth more than $1 billion when it lists.

Full Story

Cyber security experts have warned the federal government must put aside budget deficit concerns and invest in upgrading aging computer systems vulnerable to a damaging attack from a foreign state. 

 
Concerns about such an attack intensified after the United States government recently accused Russia of using cyberpower to influence the outcome of the 2016 presidential election by ordering attacks on the Democratic National Committee's computers and those of other political organisations.
 
 
 

Conclusion: Bugcrowd, Hivint, Kasada, and Secure Code Warrior each has a proven capability to address an important aspect of the cyber defences of Australian organisations. The Australian Cyber Security Strategy, launched in April 2016, advocates the promotion of local capabilities where Australia can build globally competitive solutions. These four vendors are already being used by leading local cyber security executives, and their capabilities are acknowledged.


Read more


Related Articles:

"Hot cyber security vendors for your shortlist Part 3 – more Aussies" IBRS, 2018-03-31 07:06:21

"Hot cyber security vendors for your shortlist – Part 1" IBRS, 2016-12-03 02:41:25

Conclusion: In the IBRS Security Leadership capability maturity model, buying more product is level 2: Alienated, and is typified by IT teams that are struggling to take on the challenge of cyber security because they address it as a technical problem. Buying product without a clear understanding of the business risk it is aiming to address is a guarantee for failure. But for organisations that understand that cyber risk is much more than IT, know there is a business risk that comes with cyber capability, and have the organisational will to address it, technology can make a significant difference in automating and accelerating capability. These three vendors, Crowdstrike, CyberArk and Tanium, are well regarded by leading Australian customers.


Read more


Related Articles:

"Hot cyber security vendors for your shortlist Part 2 – Aussie startups" IBRS, 2017-01-01 10:35:40

"Hot cyber security vendors for your shortlist Part 3 – more Aussies" IBRS, 2018-03-31 07:06:21

FireEye has recently struck a deal Microsoft, designed to place the security vendor's iSIGHT Intelligence into Windows Defender, an inbuilt Windows security offering.

Terms of the deal will see FireEye gain access to telemetry from every device running Windows 10, serving up access to almost 22 per cent of the total desktop market, alongside laptops and Windows mobile phones.

Widening the security scope further, Microsoft previously intended to have one billion devices running Windows 10 by 2019.

While the vendor has since backtracked on this statement - stating that the process would take longer than originally predicted - the direction of travel is clear.

Full Story

 

Conclusion: While there is a limit to what organisations can do when criminals misappropriate corporate brands to run phishing campaigns against customers, this does not absolve organisations of all responsibility. Crime on the Internet continues to be an entirely foreseeable risk, so organisations should review their customer engagement processes to ensure they are not training their customers to be easy targets for criminals.


Read more


The Reserve Bank of Australia's top technology executive has said the central bank's networks are being probed by potential hackers every two seconds and that almost 70 per cent of the emails received by RBA addresses are malicious.

In a wide-ranging speech to an annual conference held by technology research giant Gartner in Queensland, RBA chief information officer Sarv Girn highlighted the conflicting challenges involved with running an innovative tech strategy, while also remaining secure.

He said the RBA's tech strategy was a delicate balancing act between the need for resilience and the need to innovate and react to changes being wrought by the numerous disrupters in the booming start-up fintech sector.

"Whilst attaining digital reliability has been a crucial need for many years, the impact and consequence of getting this wrong in today's economy can threaten the very viability of an organisation," Mr Girn said.

Full Story

Commonwealth Bank of Australia's technology chief has led calls for increased cooperation among businesses and public sector agencies regarding cyber attacks, following the release of a government report highlighting increasing threats.

The government's peak cyber security agency the Australian Cyber Security Centre (ACSC), released an annual threat report on Wednesday morning, warning that government agencies were being compromised by hackers and that many businesses were too secretive about the threats they were facing.

While security industry insiders said the report did little to provide new information or practical advice about well-known threats, CBA's chief information officer David Whiteing told The Australian Financial Review he viewed it as an important contribution to a nation-wide effort to uplift the awareness of security teams and the general public

The report provided anecdotes about recent assistance that government departments and private sector organisations had needed from The Australian Signals Directorate (ASD) in tackling cyber attacks

Full Story

Conclusion: This research note sets out and describes the Security Leadership capability maturity model. In using this model, organisations must be honest about their current level before they can even speculate on the benefits of working towards a higher maturity level. Working towards higher levels of maturity has clear benefits for both IT and the business, as well as business alignment of IT. However, a critical part of the journey will be dealing with any resentment from business units about their experience to date. Security Leadership cannot emerge unless prior bad experiences around service delivery are acknowledged and addressed, because it is a commitment to trust and resilience from the organisation as a team.


Read more


  • Gain valuable insights into how security leaders are positioning cyber-security and risk within their organisations
  • Be able to self-assess how your organisation measures up on the IBRS capability maturity model for security leadership
  • Learn how to position cyber-security so that it is aligned to business priorities 

"This Master Advisory Presentation is designed to guide and stimulate discussion between business and technology groups, and point the way for more detailed activity. It also provides links to further reading to support these follow-up activities." James Turner, Author of the Security Leadership MAP.

For a deeper understanding of how security impacts the way business is done, download your copy now. 


Read more


A security leader understands today’s cyber risks, how these apply to their organisation and market, and has management’s confidence to address these risks responsibly. A security leader guides the organisation through the realities of the new business environment, aligning the organisation’s practices and technologies to its risk appetite, and ensures these controls match and support the organisation’s desire for growth and innovation.

This MAP is designed to guide and stimulate discussion between business and technology groups, and point the way for more detailed activity. It also provides links to further reading to support these follow-up activities.


Read more


With the recent issues that the ABS has experienced trying to execute an online census, IBRS is sharing an Advisory Paper by James Turner which reviews a practical framework that helps organisations make better decisions with their information assets and service providers.

Applying the Five Knows of Cyber Security is a must read for organisations that may be exposing themselves to risks through their supply chain.


Read more


IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.


Read more



Business leaders must accept that ransomware attacks are a foreseeable risk. 

Conclusion: Ransomware has proven such a successful cash cow for criminals that it is unlikely they will voluntarily stop their attacks. This means that business leaders must accept that further ransomware attacks are a foreseeable risk. While there are important conversations around the level of appropriate technical controls that an organisation may wish to implement, this conversation can only occur after business leaders have decided whether they want their organisation to help fund organised crime, or not. For organisations with a strong corporate social responsibility ethos, this is a very easy decision to make, but it is imperative that business leaders understand why they are committing to better technical hygiene and accepting tighter technical controls.


Read more