Book – The Risk Doctor

RSA 2020, NIST CSF, and Dark Reading

First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to the room to begin analyzing their risk management program and assessing its maturity.

Also:

I did a short podcast on the NIST CSF FAIR integration
Here’s another short podcast I did on risk associated with AI
I was pleased to see that the book I coauthored on FAIR was listed here in the Resources for Measuring Cybersecurity (#2!!)
I wrote this piece for Dark Reading about the unreasonableness of control frameworks
RiskLens wrote about my DarkReading piece here
Lastly, here is video from the panel discussion I led at FAIRcon19 this year covering integrating FAIR with HITRUST and NIST CSF

New Book: Fintech Growth and Deregulation

A new book I had the pleasure of editing, along with Diane Maurice and David Fairman, has been recently released. I received my copies today and I’m very happy with the results. This was an interesting project to work on and a problem space that is very modern and moving fast. I was very pleased with the authors I got to work with (Tony Martin-Vegue and Patrick McConnell). They did a great job covering their perspective of the topic (Quantification and Governance).

You can pick up a copy here.

@tdmv

Interviewed for the Cyber Canon

Back in April, when Jack Jones and I were inducted into the Cyber Security Canon we had the pleasure of being interviewed by Rick Howard, CSO of Palo Alto Networks. You can view the video here or watch it below. (They published the interview video back in September and I forgot to post it here.)

It was hot in the studio, so my glasses kept sliding off my face. So please excuse the weird faces I kept making :-)

OpRisk Book Chapter on Cyber Published

I’m pleased to announce that a new book has been published that includes a chapter that I wrote on Cybersecurity and Technology Risk. I was approached by the good folks at Risk Books on contributing some original Cyber content in their new publication on Operational Risk. I choose to address the general risks in the domain and paid special attention on how to define risks (risk syntax) to avoid the problems of defining control deficiencies as risk.

The other chapters in the book are really great too! There are discussions of blockchain, Big Data, Privacy, OpRisk modeling and quantification, and emerging risk.

You can pick up your copy of Operational Risk Perspectives: Cyber, Big Data, and Emerging Risks at the Risk Books website (including eBook).

RedZone Podcast about Risk Forecasting

Bill Murphy‘s interview with me for his RedZone podcast was posted today. I had a great time talking with Bill about risk, FAIR, and forecasting. You can find the podcast here. It was a great discussion, and Bill was a very gracious host. His entire podcast series is worth subscribing to: he interviews some really interesting people who bring a diverse view to risk and security. I enjoyed listening to him interview my friend Jack Jones but I also enjoyed his recent discussions with Zach Schuler. Be sure to check them out.

Inducted into the Cybersecurity Canon

I’m very pleased to announced that the book I coauthored with Jack Jones (Measuring and Managing Information Risk: A FAIR Approach) has been inducted today into the Cybersecurity Canon at the Palo Alto Networks 2016 Ignite Conference.

The Canon includes books both fiction and nonfiction that accurately depict the history, milestones, and culture of the modern cybersecurity industry.

This is a profound honor and I’m very grateful to Palo Alto Networks CSO Rick Howard, Ben Rothke for his nomination, and of course my coauthor Jack Jones.

You can read the full press release here.

Speaking at OpRisk North America 2015

It’s a busy week for me. In addition to the webinar this Friday, next Monday (23 March) I’ll be holding a workshop at 11:00 AM in the Data Quality track of the OpRisk North America conference. I’ll be talking about financial metrics, risk appetite, volatility trends, and scenario analysis. You can’t have quality data without quantification, so that will be a big part of my presentation.