The Risk Dr ®

  • Pure Risk

    My latest @ISACA column was published today and in it, I talk about a concept called “pure risk.” It flies in the face of notions of “positive risk” that are in popular use. Understanding Pure Risk can help dispel any notion that Cyber Risk can be a good thing. You can read it here.

    ·

    ,

  • Interviewed on the Juicebox Podcast

    I was recently interviewed on the JuiceBox Podcast, a production of the Arden’s Day Blog. This is a Diabetes-heavy conversation which I sometimes talk about on my Blog. About halfway through we do have a little discussion about risk when we talk about how I viewed the having a child that has T1D the same as…

    ·

  • Risk and Regulation

    My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what an…

    ·

    , , , , ,

  • Article on Cyber Risk Taxonomy on Risk.Net

    I wrote a piece for risk.net that discusses techniques for integrating a cyber risk taxonomy with an operational risk taxonomy. It’s behind a paywall, so apologies for that up front, but they do have a free trial. Its a great article for those that are struggling with aligning the need for cyber risk granularity with…

    ·

    , , ,

  • In Defense of Verbal Risk Labels

    My latest column for @ISACA was published today. In it I talk about the benefits of using verbal risk labels (things like high, medium, and low) and give some examples where this is helpful in the treatment of Type 1 Diabetes. This is an important concept for those like myself that are dedicated to quantitative…

    ·

    , , ,

  • Named IAPP Fellow

    Today I was notified that I was named as an IAPP Fellow of Information Privacy. I’m honored and humbled to be a part of this organization’s inaugural class of Fellows. You can read more about this designation here. The list of IAPP Fellows is here.  

    ·

    , ,

  • Interviewed for the Cyber Canon

    Back in April, when Jack Jones and I were inducted into the Cyber Security Canon we had the pleasure of being interviewed by Rick Howard, CSO of Palo Alto Networks. You can view the video here or watch it below. (They published the interview video back in September and I forgot to post it here.) It was hot…

    ·

    ,

  • OpRisk Book Chapter on Cyber Published

    I’m pleased to announce that a new book has been published that includes a chapter that I wrote on Cybersecurity and Technology Risk. I was approached by the good folks at Risk Books on contributing some original Cyber content in their new publication on Operational Risk. I choose to address the general risks in the…

    ·

    , ,

  • Practicing Aikido with Type 1

    This isn’t cybersecurity related but I wanted to share anyways. I recently published a piece on the discipline required to practice Aikido when you have Type 1 Diabetes. It’s published here at the United States Aikido Federation (USAF) site.

    ·

  • Speaking at SIRAcon 2016

    My fall conference calendar keeps filling up! I’ll be a panelist at SIRAcon this year alongside Jim Hietala from the OpenGroup and a couple surprise guests on Thursday 13  Oct at 9:00 AM. We will be speaking on the Risk Analyst Profession: Training and Certification Requirements.

    ·

    , ,