James Tarala

James Tarala is a managing partner with Cyverity based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author of the brand new LDR419: Performing a Cybersecurity Risk Assessment, as well a number of previous SANS courses.

More About James


With a Bachelor of Science in Linguistics, James originally set out to be an educator in remote global locations that did not have access to the resources enjoyed by most of the first world. He spent time in South America, Africa, and Europe, and eventually returned to the States. Knowing he was born to teach, he turned his attention to his boyhood hobby of computers by educating technology students on databases, servers, security and more, as well as business leaders in the board room through consulting. Over time, James decided to focus solely on cybersecurity risk. It was during this time that he was introduced to the SANS Institute and was given the opportunity to continue to educate through their forums. 

Having spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, James often performs independent security audits and assists internal audit groups in developing their internal audit programs. This experience, combined with his natural propensity as an auditor, James views the cybersecurity space not as wizardry, but as a disciplined problem that can be solved. While there’s no one silver bullet, James believes there’s a formula that anyone can follow to take the mystery out of the chaos. 

James is driven by a good challenge. Since the cybersecurity industry is ever evolving and requires constant attention to stay relevant, he thrives in this space. He wants his classroom to be an opportunity for mentoring and conversations, where students can ask questions, express concerns, and learn from and teach each other along the way – providing far more value than a YouTube video. James feels the biggest challenge his students face is simply focus. There are so many distractions in the field that it's easy for practitioners to over-engage the trends. So much of information security is about being disciplined and “eating your vegetables.” James wants to help students remember what is important and stay focused on the things that make a difference. 

James is a Managing Partner at Cyverity, an information security consulting firm specializing in performing risk assessments, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations perform security assessments and communicating enterprise risk to senior leadership teams. 

James holds a master’s certificate in Information Assurance from the University of Maryland along with a Master’s in Information Security Engineering from The SANS Technology Institute, where he is now a faculty member. Additionally, James holds numerous professional certifications including 14 GIAC certifications, GSE, CISSP, CISA, and PMP. Between 2008-2020, James has been an author, reviewer, and supporter of the Center for Internet Security’s Critical Security Controls. He is also one of the founders and contributors to the research at the Cybersecurity Risk Foundation. 

When not in front of a computer, James enjoys being outdoors, especially in his home state of Florida. Whenever he can, James enjoys being on the water, boating, paddle boarding, or simply exploring the natural environment – even when it feels like 100 degrees outside.

Listen to James in his latest webcast "How to Present Cyber Security Risk to Senior Leadership".