Apex Threat Agents, More HITRUST, Quant/Qual Showdown, and Iran

Time for another roundup! Below are some works I’ve recently done on Apex Threat Agents, HITRUST, my time at the Gartner Summit, and some thoughts on Iranian attacks.

How to Model Risk in an Apex Predator Cyber-World

Enhancing HITRUST Risk Assessments with Cyber Risk Quantification (CRQ)

Gartner 2019 Debate: Quantitative vs. Qualitative Cyber Risk Analysis

Podcast: Jack Freund on How to Prepare for an Iranian Cybersecurity Threat

 

RSAC 2019 Virtual Pen Testing Slides Available

With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that in organizations that have data sets about their assets covering control strengths, threats, and losses, there is valid application of ABM to provide some attacker forecasting.

The presentation slides have been posted here. The slides are static and don’t show the video of the model, however the presentation was recorded and the video has been posted on RSAC onDemand for those that attended. When it’s opened to the rest of the world, I will post that.

 

Presenting on Agent Based Risk Modeling at RSA Conference Next Week

RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data.

This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011.

I also served on the program committee this year for the GRC track and I can report that this year’s risk and metrics presentations will be insanely good! You are all in for a treat. If you will be in SF next week for the conference, be sure and look me up.

 

Accepted at RSA 2019 – Virtual Pen Testing

I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait to share what we developed with you in March!

Here are the details of the session; please be sure to save it to your agenda!

RSA 2018 Presentation Video

RSA posted my presentation from this year’s conference, Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study. You can hear me explain the organizational environment and requirements and the automated risk assessment solutions I put in place to satisfy them.

The slides are still available here.

FAIR Conference ’18 Panel – Getting Buy-In for a Quantitative Risk Management Program

I’m looking forward to participating on this panel discussion at the upcoming FAIR Conference. This is a topic that really speaks to me and I’m looking forward to sharing what I’ve experienced and hearing from the co-panelists about how they’ve accomplished the same.

Here’s the full agenda and if you haven’t registered yet you can do so here.