RSA Roundup Updates on the Monday all-day FAIR session I did with Jack Jones, Chad Weinman, and Rachel Slabotsky, as well as my Thursday session on maturing your risk management practice. RSAC 2020 Report – Big Turnout for 2 FAIR Seminars, Breakfast Advice on Starting a FAIR Program from Jack Jones and Fannie Mae, AscenaContinue reading “85.7% COVID-19 Free March Update!”
First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to theContinue reading “RSA 2020, NIST CSF, and Dark Reading”
With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that inContinue reading “RSAC 2019 Virtual Pen Testing Slides Available”
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. IContinue reading “Presenting on Agent Based Risk Modeling at RSA Conference Next Week”
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t waitContinue reading “Accepted at RSA 2019 – Virtual Pen Testing”
RSA posted my presentation from this year’s conference, Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study. You can hear me explain the organizational environment and requirements and the automated risk assessment solutions I put in place to satisfy them. The slides are still available here.
I was very honored to have had the chance to share my quantitative cyber risk journey with the broader security community last week at the RSA Conference. My session had over 100 people in attendance (quite a feat at 8AM on a Wednesday!) and the questions and followups were so good they lasted until weContinue reading “RSAC18 Wrap up”
I’ve been accepted to speak at RSA about Quant Risk implementation