When writing this blog post for ISACA it occurred to me that to be an effective cybersecurity leader requires that you understand the dynamic of risk communication and becoming comfortable with the decisions of well-informed business leaders.
You can read the article here.
With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that in organizations that have data sets about their assets covering control strengths, threats, and losses, there is valid application of ABM to provide some attacker forecasting.
The presentation slides have been posted here. The slides are static and don’t show the video of the model, however the presentation was recorded and the video has been posted on RSAC onDemand for those that attended. When it’s opened to the rest of the world, I will post that.
For this months @ISACA Tips column, I wrote about the conundrum of defining and assessing emerging risk. Its an interesting space to assess; technologies and trends so cutting edge that they sorta defy precision assessments, yet also so important as to require them.
You can check it out here.
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR.
You can listen to the interview here.
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data.
This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011.
I also served on the program committee this year for the GRC track and I can report that this year’s risk and metrics presentations will be insanely good! You are all in for a treat. If you will be in SF next week for the conference, be sure and look me up.
“There is a certain uselessness in saying an organization does not want to accept high risk.”
My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips on how to do that in the full article here.
On November 7th I was honored by my alma mater, Nova Southeastern University, as the 2018 Distinguished Alumni from the College of Engineering and Computing. It was an amazing event and the alumni association treated us all very well. I was humbled by the caliber of people alongside which I was named. They recited all the accolades of each honoree and it was truly amazing to hear the accomplishments of everyone and I was proud to be called their peer.