Pandemic Lessons and Record Count

I was asked to write a piece for ISACA about cyber risk in the Pandemic. I used some popular memes as a bouncing off point to talk about how to manage risk in these crazy times. You can read this here. I also had my article about why using record counts as your risk appetiteContinue reading “Pandemic Lessons and Record Count”

Positive Risk, ISACA Journal, and more NIST

ISACA asked me to write a short piece on my Journal article about risk communication. They published that here. I also wrote a blog post for the @ISACA newsletter about the trouble with positive risk. Lastly, NIST released an update to their ERM-Cyber integration standard and my friends at the FAIR Institute asked me toContinue reading “Positive Risk, ISACA Journal, and more NIST”

85.7% COVID-19 Free March Update!

RSA Roundup Updates on the Monday all-day FAIR session I did with Jack Jones, Chad Weinman, and Rachel Slabotsky, as well as my Thursday session on maturing your risk management practice. RSAC 2020 Report – Big Turnout for 2 FAIR Seminars, Breakfast Advice on Starting a FAIR Program from Jack Jones and Fannie Mae, AscenaContinue reading “85.7% COVID-19 Free March Update!”

Speaking at the Cyber Future Dialogue in Davos during the World Economic Forum (WEF)

I’m very excited to announce that I will be speaking at the Cyber Future Dialogue in two weeks in Davos, Switzerland during the World Economic Forum. This is going to be an amazing opportunity to converse with distinguished leadership from around the world on the necessity of and practical means to operationalize cyber risk quantificationContinue reading “Speaking at the Cyber Future Dialogue in Davos during the World Economic Forum (WEF)”

Welcome to 2020! Cyber Risk Prospectuses and a “Manifesto”

Welcome to 2020! I kept busy last month, even with the holidays. Here are some updates: I wrote a piece for ISACA about how much spending is being done in aggregate for cyber security and how we need to rationalize the controls we are spending on. The FAIR Institute called this my manifesto here :-)Continue reading “Welcome to 2020! Cyber Risk Prospectuses and a “Manifesto””

RSA 2020, NIST CSF, and Dark Reading

First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01).  This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to theContinue reading “RSA 2020, NIST CSF, and Dark Reading”

NIST CSF, Vendor Risk, and Threat Intel

ICYMI for September! A large whitepaper I wrote for ISACA on vendor risk was published here A piece I wrote for ISACA about this is posted here The FAIR Institute blogged about it here I wrote an article for the ISSA Journal about integrating threat intelligence and risk intelligence (pay-walled, but available here) The FAIR InstituteContinue reading “NIST CSF, Vendor Risk, and Threat Intel”