First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01).  This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to the room to begin analyzing their risk management program and assessing its maturity.

Also:

• I did a short podcast on the NIST CSF FAIR integration
• Here’s another short podcast I did on risk associated with AI
• I was pleased to see that the book I coauthored on FAIR was listed here in the Resources for Measuring Cybersecurity (#2!!)
• I wrote this piece for Dark Reading about the unreasonableness of control frameworks
• RiskLens wrote about my DarkReading piece here
• Lastly, here is video from the panel discussion I led at FAIRcon19 this year covering integrating FAIR with HITRUST and NIST CSF