I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily: What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us,Continue reading “ICYMI: Risk Management and the Paradox of Common Sense”
I was inspired to write this article by a change in the speed limit that happened on a local Interstate. It was a good jumping off point to illustrate the parallels between speed limits and risk appetite and what it takes to change each. You can read the article on the FAIR Institute website here.
I had a great time writing this post for the FAIR Institute. I was inspired by post-doc David Levari of the Harvard Business School’s article in The Conversation called Why Your Brain Never Runs out of Problems to Find. In it he talks about how our brains have a sliding scale of what “badness” is overContinue reading “ICYMI: Concept Creep: Why Cyber Risk Problems Never Get Solved”
I wrote a piece for RiskLens* recently that talks about how to utilize FAIR for building and justifying an information security budget and strategic initiatives. Its an interesting problem space as there is a need to have the appropriate level of abstraction (program level versus technology level) but its also a very solvable problem toContinue reading “Using Risk to Justify Security Strategy and Spending”
I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel isContinue reading “ICYMI: Cyber Risk Sentinels”
I was very honored to have had the chance to share my quantitative cyber risk journey with the broader security community last week at the RSA Conference. My session had over 100 people in attendance (quite a feat at 8AM on a Wednesday!) and the questions and followups were so good they lasted until weContinue reading “RSAC18 Wrap up”
Awarded ISACA Global Achievement Award for work on CRISC certification
I recently accepted a position with RiskLens as a professional advisor. I’m looking forward to working with Jack Jones again as well the great team they have assembled there. My immediate project there will be advising on the product roadmap and assist them with taking their amazing quantitative risk platform to the next level. OfficialContinue reading “Joined RiskLens as Professional Advisor”
Jack & Jack @RiskDotNet‘s #CyberRiskNA in action! “There isn’t a single part of our problem space that can’t be quantified.” –@JonesFAIRiq Did you catch these two during this morning’s live panel? Let us know what you thought. pic.twitter.com/NiC6FD6rm7 — RiskLens (@RiskLens) March 20, 2018 I had a great time this week at Risk.Net’s Cyber RiskContinue reading “Jack and Jack talk Risk Modeling at Cyber Risk NA”
I was recently interviewed by the FAIR Institute on the recently released guidance for firms to disclose material cyber risk.