Hi, I'm James Turner and I'm the founder of CISO Lens.
CISO Lens was created in January 2015 at a roundtable of five of the top cyber security executives in Australia. I brought that group together, partially to say thank you for all the time and insights they'd shared with me, but also to ask how I could support them. I'd been working as an industry analyst since 2005 with a focus on security, and that small group of CISOs had helped educate me and, thereby, made an inordinate difference to my clients who were predominantly CIOs.
From 2007 to 2018, I had the privilege of working at IBRS as an Advisor, covering the security industry. The relentless research agenda of IBRS, and the mentoring of legendary analysts like Dr Kevin McIsaac and Dr Joseph Sweeney, helped me author over 100 advisory notes. (One a month, every month, for eleven years.)
IBRS is a demand-side analyst firm, so through my time with them I conducted thousands of interviews with CIOs, CISOs, IT Security Managers, penetration testers, incident responders, consultants, identity specialists, network and enterprise architects, you name it. Being an industry analyst also meant attending a regular cadence of vendor briefings.
I still collaborate with IBRS by facilitating gatherings of the CIO Cyber and Risk Network, also known as Cyrin. I created Cyrin when I was at IBRS in 2017, and the CIOs in that group are awesome: they are accountable for the entire technical enablement of a business, and security is just one issue on their plate, but these CIOs get security and are eager to collaborate. Naturally, I'm quite biased.
As you can see, my time at IBRS forged me as an analyst. Now, I use that training and experience to support the security executive community of CISO Lens, through:
Researching issues of importance and delivering concise opinions on these,
Writing reports which reveal new ways of looking at data, systems, situations, or vendor solutions,
Present ideas, information and a fresh perspective at executive roundtables to stimulate thought and discussion,
Facilitate discussions and introductions which result in new contacts, new perspectives, new opportunities and new knowledge,
All of the above means that my work now is essentially about supporting executives to make evidence based decisions around cyber risk management. I'm an industry analyst working within a specific community of executives that carry big accountabilities. So, I gather information, distill it, analyse it, and disseminate it.
The reason we publish the annual CISO Lens Benchmark is to support the wider community; because the vast majority of organisations could only dream of having a dedicated CISO on staff - someone with skin in the game - who continually translates technical issues into business impact and recommends pragmatic responses.
The goal is to facilitate informed decisions. That's at the heart of what CISO Lens is about.