[mbgaxyz]

Perhaps this is it?

https://researchoutput.csu.edu.au/en/publications/the-quanti...

Wright, C. (2017). The quantification of information systems risk: A look at quantitative responses to information security issues Australia: Charles Sturt University

Doctor of Philosophy

[dagw]

Well if he submitted his thesis in 2017, he probably didn't have a PhD in 2015. Also there are several steps between submitting your thesis and getting your degree.

I suspect he may very well have considered himself 'basically done' with his PhD several years ago and just started using the title. He wouldn't be the first

[moyix]

Yep, that looks like it. And you can go from there to his advisor's home page and see he's listed as one of his PhD students:

http://csusap.csu.edu.au/~tzia/research.htm

[cornchips]

Acknowledgments include supervisors/advisers.

A few weeks before bitcoin's release: https://archive.is/Ao7DQ