Using Risk to Justify Security Strategy and Spending

I wrote a piece for RiskLens* recently that talks about how to utilize FAIR for building and justifying an information security budget and strategic initiatives. Its an interesting problem space as there is a need to have the appropriate level of abstraction (program level versus technology level) but its also a very solvable problem toContinue reading “Using Risk to Justify Security Strategy and Spending”

ICYMI: Cyber Risk Sentinels

I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel isContinue reading “ICYMI: Cyber Risk Sentinels”

Joined RiskLens as Professional Advisor

I recently accepted a position with RiskLens as a professional advisor. I’m looking forward to working with Jack Jones again as well the great team they have assembled there. My immediate project there will be advising on the product roadmap and assist them with taking their amazing quantitative risk platform to the next level. OfficialContinue reading “Joined RiskLens as Professional Advisor”

Jack and Jack talk Risk Modeling at Cyber Risk NA

Jack & Jack @RiskDotNet‘s #CyberRiskNA in action! “There isn’t a single part of our problem space that can’t be quantified.” –@JonesFAIRiq Did you catch these two during this morning’s live panel? Let us know what you thought. pic.twitter.com/NiC6FD6rm7 — RiskLens (@RiskLens) March 20, 2018 I had a great time this week at Risk.Net’s Cyber RiskContinue reading “Jack and Jack talk Risk Modeling at Cyber Risk NA”

Cyber Risk Cassandras

I wrote this latest bit for the @ISACA column after reading Richard Clarke’s book and trying to rationalize how it applies to cyber risk. It’s overly easy to predict failures and impending doom at a macro level, its much harder to do it at the micro level, which is infinitely more interesting and useful. YouContinue reading “Cyber Risk Cassandras”