Presenting on Agent Based Risk Modeling at RSA Conference Next Week

RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. IContinue reading “Presenting on Agent Based Risk Modeling at RSA Conference Next Week”

Accepted at RSA 2019 – Virtual Pen Testing

I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t waitContinue reading “Accepted at RSA 2019 – Virtual Pen Testing”

ICYMI: Cyber Risk Sentinels

I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel isContinue reading “ICYMI: Cyber Risk Sentinels”

Cyber Risk Cassandras

I wrote this latest bit for the @ISACA column after reading Richard Clarke’s book and trying to rationalize how it applies to cyber risk. It’s overly easy to predict failures and impending doom at a macro level, its much harder to do it at the micro level, which is infinitely more interesting and useful. YouContinue reading “Cyber Risk Cassandras”

RedZone Podcast about Risk Forecasting

Bill Murphy‘s interview with me for his RedZone podcast was posted today. I had a great time talking with Bill about risk, FAIR, and forecasting. You can find the podcast here. It was a great discussion, and Bill was a very gracious host. His entire podcast series is worth subscribing to: he interviews some reallyContinue reading “RedZone Podcast about Risk Forecasting”

Risk Forecast Accuracy at Cyber Risk NA

I’m pleased to announce that I have been asked to present at the Cyber Risk North America conference on 15-16 March in NY. Its offered in conjunction with OpRisk North America where I presented last year. I will be presenting on the theme of assessing quality using Risk Forecast Accuracy (a topic that was theContinue reading “Risk Forecast Accuracy at Cyber Risk NA”