ICYMI: Risk Management and the Paradox of Common Sense

I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily: What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us,Continue reading “ICYMI: Risk Management and the Paradox of Common Sense”

ICYMI: Organizational Signals for Changing Risk Appetite

I was inspired to write this article by a change in the speed limit that happened on a local Interstate. It was a good jumping off point to illustrate the parallels between speed limits and risk appetite and what it takes to change each. You can read the article on the FAIR Institute website here.

ICYMI: Concept Creep: Why Cyber Risk Problems Never Get Solved

I had a great time writing this post for the FAIR Institute. I was inspired by post-doc David Levari of the Harvard Business School’s article in The Conversation called Why Your Brain Never Runs out of Problems to Find. In it he talks about how our brains have a sliding scale of what “badness” is overContinue reading “ICYMI: Concept Creep: Why Cyber Risk Problems Never Get Solved”

Using Risk to Justify Security Strategy and Spending

I wrote a piece for RiskLens* recently that talks about how to utilize FAIR for building and justifying an information security budget and strategic initiatives. Its an interesting problem space as there is a need to have the appropriate level of abstraction (program level versus technology level) but its also a very solvable problem toContinue reading “Using Risk to Justify Security Strategy and Spending”

ICYMI: Cyber Risk Sentinels

I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel isContinue reading “ICYMI: Cyber Risk Sentinels”

Joined RiskLens as Professional Advisor

I recently accepted a position with RiskLens as a professional advisor. I’m looking forward to working with Jack Jones again as well the great team they have assembled there. My immediate project there will be advising on the product roadmap and assist them with taking their amazing quantitative risk platform to the next level. OfficialContinue reading “Joined RiskLens as Professional Advisor”

Jack and Jack talk Risk Modeling at Cyber Risk NA

Jack & Jack @RiskDotNet‘s #CyberRiskNA in action! “There isn’t a single part of our problem space that can’t be quantified.” –@JonesFAIRiq Did you catch these two during this morning’s live panel? Let us know what you thought. pic.twitter.com/NiC6FD6rm7 — RiskLens (@RiskLens) March 20, 2018 I had a great time this week at Risk.Net’s Cyber RiskContinue reading “Jack and Jack talk Risk Modeling at Cyber Risk NA”