The Risk Dr ®

Category: Risk

  • Introducing My New Book: CTRL-ALT-RISK

    I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…

    ·

    , ,

  • New Insights on Cyber Risk Governance: My Latest Article in the ISACA Journal

    I’m pleased to share my latest article in the ISACA Journal, titled “From Measurement to Management: Integrating Cyberrisk Quantification into Risk Governance.” In this piece, I explore how the newly updated NIST Cybersecurity Framework 2.0, with its focus on governance, is driving critical feedback loops between cyber operations and executive decision-making. In particular, I delve…

    ·

    , , , ,

  • Navigating Cyber Governance Post-Chevron Deference Ruling

    I recently wrote an article for the ISSA Journal discussing the significant shifts in U.S. cyber governance after the recent Supreme Court decisions that overturned the 1984 Chevron Deference precedent. These rulings now require courts to interpret legislation more literally, leading to uncertainty about the future of cyber regulations. However, it’s important to understand the…

    ·

    , ,

  • My Take on Cyber-ESG Synergy in the ISACA Journal

    I’m super excited to share my latest article, “Cyber-ESG Synergy: Protecting the 4th Industrial Revolution,” just published in the ISACA Journal! In this piece, I dive into how combining cybersecurity with ESG (Environmental, Social, and Governance) principles can help us build a more secure and sustainable future. Curious about how this all ties together? Check…

    ·

    ,

  • The Risk Sin Eater

    I’m really excited to share this one. The inspiration for this article was courtesy of a good friend who was venting about work. I connected their troubles with something I dug up from my latent interest in folklore. Long story short, the risk department shouldn’t be accepting risk on behalf of the business. I hope…

    ·

    , , , ,

  • Common Sense Risk

    In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security.

    ·

    , , , , , ,

  • Emotional Risk Decision Making

    In the realm of cyber risk quantification, it’s a common belief that emotions should be kept out of the risk assessment and decision-making processes. Certainly, there are valid concerns associated with the influence of emotions, which cannot be overlooked. However, it’s important to recognize that emotions do have a rightful place in risk management. In…

    ·

    , ,

  • 2023 EOY Cyber Risk Wrap Up

    Here is a mega-update of things I meant to post since Sept(!) In the September 2023 ISSA Journal, I worked with my colleague Natalie Jorion to publish this piece about SEC cyber materiality. You can access the article here. I did a webinar with ISS Corporate about the SEC materaility rule. You can watch the…

    ·

    , , ,

  • ICYMI – Mega ISACA Update – Data Breach Costs and Hanlon’s Razor

    I recently coauthored an article for the ISACA Journal with a coworker about imputing the cost of a data breach from record count. We also recorded a podcast based on the article. You can read the article here and listen or watch the podcast. I also authored a piece for the @ISACA newsletter on the…

    ·

    , , , , , , , ,

  • ICYMI – Interviewed on CISO Insiders Podcast

    I had a great time talking with Ben Ben-Aderet on the CISO Insiders Podcast. He asked really interesting questions about not only information security but also caused me to reflect on myself and what I learned during my time in the industry. You can check it out here (he bookmarked different topics so you can…

    ·

    , , ,