As a part of my new role with RiskLens, I’ve been publishing several articles. Included here is a recap of my work over the past month: The ZombieLoad speculative execution bug raised the specter of a possible 40% hit in performance. I gave a plan to evaluate this new bug in the context of riskContinue reading “ZombieLoad, Business Acumen, HITRUST, and DHS Directive”
Author Archives: Jack Freund
Security Leadership is Risk Leadership
Security leadership is risk leadership
RSAC 2019 Virtual Pen Testing Slides Available
With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that inContinue reading “RSAC 2019 Virtual Pen Testing Slides Available”
Emerging Risk
For this months @ISACA Tips column, I wrote about the conundrum of defining and assessing emerging risk. Its an interesting space to assess; technologies and trends so cutting edge that they sorta defy precision assessments, yet also so important as to require them. You can check it out here.
ICYMI: Interviewed by the FAIR Institute
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR. You can listen to the interview here.
Presenting on Agent Based Risk Modeling at RSA Conference Next Week
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. IContinue reading “Presenting on Agent Based Risk Modeling at RSA Conference Next Week”
Applied Risk Appetite
“There is a certain uselessness in saying an organization does not want to accept high risk.” My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips onContinue reading “Applied Risk Appetite”
Named NSU Distinguished Alumni
On November 7th I was honored by my alma mater, Nova Southeastern University, as the 2018 Distinguished Alumni from the College of Engineering and Computing. It was an amazing event and the alumni association treated us all very well. I was humbled by the caliber of people alongside which I was named. They recited allContinue reading “Named NSU Distinguished Alumni”
Accepted at RSA 2019 – Virtual Pen Testing
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t waitContinue reading “Accepted at RSA 2019 – Virtual Pen Testing”
ISSA Journal – The Future of ITRM will be Quantified
The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinalContinue reading “ISSA Journal – The Future of ITRM will be Quantified”
