With a Bachelor of Science in Linguistics, James originally set out to be an educator in remote global locations that did not have access to the resources enjoyed by most of the first world. He spent time in South America, Africa, and Europe, eventually returned to the States. Knowing he was born to teach, he turned his attention to his boyhood hobby of computers by educating technology students in the classroom of a trade school on databases, servers, security and more, as well as business leaders in the board room through consulting primarily with a large hospital system. Over time, James eventually deciding to focus solely on cybersecurity risk. It was during this time that he was introduced to the SANS Institute and was given the opportunity to continue to educate through their forums. During his journey with SANS, he met his wife Kelli, who has ever since been his partner at SANS, in security research, and in consulting through Enclave.
Having spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, James often performs independent security audits and assists internal audit groups in developing their internal audit programs. Given this experience, combined with his natural propensity as an auditor, James views the cybersecurity space not as wizardry, but as a disciplined problem that can be solved. While there’s no one silver bullet, James believes there’s a formula that anyone can follow to take the mystery out of the chaos.
James is driven by a good challenge. Since the cybersecurity industry is ever evolving and requires constant attention to stay relevant, James thrives in this space. He wants his classroom to be an opportunity for mentoring and conversations, where students can ask questions, express concerns, and learn from and teach each other along the way – providing far more value than a YouTube video. James feels the biggest challenge his students face is simply focus. There are so many distractions in the field that it's easy for practitioners to over-engage the trends. So much of information security is being disciplined and “eating your vegetables”. James wants to help students remember what is important and stay focused on the things that make a difference.
James holds a master’s certificate in Information Assurance from the University of Maryland along with a Master’s in Information Security Engineering from The SANS Technology Institute. Additionally, James holds numerous professional certifications including 14 GIAC certifications, GSE, CISSP, CISA, and PMP. Since 2008, James has been an author, reviewer, and supporter of the Center for Internet Security’s Critical Security Controls.
When not in front of a computer, James enjoys being outdoors, especially in his home state of Florida. Whenever they can, James and Kelli enjoy being on the water, boating, paddle boarding, or simply exploring the natural environment – even when it feels like 100 degrees outside.
Listen to James in his latest webcast "How to Present Cyber Security Risk to Senior Leadership".
ADDITIONAL CONTRIBUTIONS BY JAMES TARALA:
- Cybersecurity Standards Scorecard (2022 Edition), Nov 2022
- Cybersecurity Standards Scorecard (2021 Edition), Nov 2021
- Measuring Risk Using the Open, Collective Risk Model (CRM), Aug 202
- Understanding CMMC Compliance for DOD Contractors, July 2021
- Rekt Casino Hack Assessment Operational Series – Putting It All Together, March 2021
- Rekt Casino Hack Assessment Operational Series – What?! There are Critical Security Controls We Should Follow?, March 2021
- How to Present Cyber Security Risk to Senior Leadership, July 2020
- Understanding the 2018 Updates to the CIS Critical Security Controls, June 2018
- Cyber-Hygiene and Standards of Care: Practical Defenses for Healthcare, Aug 2016
- Using the Critical Security Controls to Prevent Ransomware in Healthcare, May 2016
- The CIS Critical Security Controls: The International Standard for Defense, Dec 2015
- Security Best Practices for Implementing Network Segmentation in a Healthcare Environment, Oct 2015
- Using an Open Source Threat Model for Implementing the Critical Controls, May 2015
- The Center for Internet Security Critical Security Controls
- Multiple CIS Critical Security Controls Practice Aids
- The Open Threat Taxonomy