I’m very excited to announce that I will be speaking at the Cyber Future Dialogue in two weeks in Davos, Switzerland during the World Economic Forum. This is going to be an amazing opportunity to converse with distinguished leadership from around the world on the necessity of and practical means to operationalize cyber risk quantificationContinue reading “Speaking at the Cyber Future Dialogue in Davos during the World Economic Forum (WEF)”
With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that inContinue reading “RSAC 2019 Virtual Pen Testing Slides Available”
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. IContinue reading “Presenting on Agent Based Risk Modeling at RSA Conference Next Week”
Jack & Jack @RiskDotNet‘s #CyberRiskNA in action! “There isn’t a single part of our problem space that can’t be quantified.” –@JonesFAIRiq Did you catch these two during this morning’s live panel? Let us know what you thought. pic.twitter.com/NiC6FD6rm7 — RiskLens (@RiskLens) March 20, 2018 I had a great time this week at Risk.Net’s Cyber RiskContinue reading “Jack and Jack talk Risk Modeling at Cyber Risk NA”
I wrote this latest bit for the @ISACA column after reading Richard Clarke’s book and trying to rationalize how it applies to cyber risk. It’s overly easy to predict failures and impending doom at a macro level, its much harder to do it at the micro level, which is infinitely more interesting and useful. YouContinue reading “Cyber Risk Cassandras”
I wrote some more on Smart Contracts for the ISACA Now Blog. I tied the concept back to Code = Law as put forth by Lawrence Lessig and talked some more about the scenarios that you’d need to risk model. You can read my thoughts on this here.
I was reading up on cyber deterrence today and ran across this little gem in relation to nuclear deterrence: Because of the value that comes from the ambiguity of what the US may do to an adversary if the acts we seek to deter are carried out, it hurts to portray ourselves as too fullyContinue reading “Cyber Deterrence”
Many information security practitioners labor daily to increase security for the organizations in which they work. The task itself seems beset with obstacles. On the one hand, there is the need to acquire security funding from executives that are distracted from security by the sturm und drang of the daily operation of the business, temperedContinue reading “Using Economics to Diagnose Security Model Failure”