Accepted at RSA 2019 – Virtual Pen Testing

I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait to share what we developed with you in March!

Here are the details of the session; please be sure to save it to your agenda!

ISSA Journal – The Future of ITRM will be Quantified

The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal scale, verbal risk labels and project out on where things will go. I cover regulatory, insurance, and customer pressures to quantify as well as outline a path forward where risk quantification can be used as a competitive advantage.

Check it out in your mailbox or read it online now.

ICYMI: Digital Transformation

I wrote an article to help ISACA introduce its Digital Transformation research in the Financial Services industry.

There are some interesting findings in here about AI, IOT, Cryptocurrency, and Blockchain.

 

My article in Bankingexchange.com is here

ISACA’s Digital Transformation Barometer research is here

FAIR Institute Champion Award

I was humbled this week when I was awarded the FAIR Champion award from the FAIR Institute at their annual conference last week at Carnegie Mellon in Pittsburgh, PA.

Jack Jones has created this extraordinary thing in FAIR and it is and will continue to do nothing less than revolutionize our industry. That he decided to share even a little bit of that with me by coauthoring the FAIR book is so incredibly humbling. It’s a gift that I will treasure for the rest of my life.

That I have been good in any way in building risk programs is due entirely to his teachings and mentoring early in my life and I am so incredibly grateful.

One of the best things about the FAIR Institute is the culture of giving back and during my acceptance I offered to anyone that I’d be happy to help them through their journey to risk quantification. I’ll do that again here: if you need support, tips, or just a sympathetic ear while building your risk program, please do reach out. I’d be happy to help :-)

RSA 2018 Presentation Video

RSA posted my presentation from this year’s conference, Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study. You can hear me explain the organizational environment and requirements and the automated risk assessment solutions I put in place to satisfy them.

The slides are still available here.

FAIR Conference ’18 Panel – Getting Buy-In for a Quantitative Risk Management Program

I’m looking forward to participating on this panel discussion at the upcoming FAIR Conference. This is a topic that really speaks to me and I’m looking forward to sharing what I’ve experienced and hearing from the co-panelists about how they’ve accomplished the same.

Here’s the full agenda and if you haven’t registered yet you can do so here.

ICYMI: Risk Management and the Paradox of Common Sense

I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily:

What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us, common sense explanations give us the confidence to navigate from day to day and relieve us of the burden of worrying about whether what we think we know is really true, or is just something we happen to believe.

Questioning our perception of reality is pretty heavy and you can spend a lot of time working through that. But in my article I use this idea to break out of the crutch of using common sense to manage risk.

You can read the full article on the @ISACA Newsletter site here.