Featured on CISO Series – Hacking Cyber Risk Quantification

I had the pleasure of doing a live session on David Spark and Spark Media’s CISO Series with Nick Esponosa. Things got wacky but we also had a good time discussing with CRQ is and how it can help companies make better decisions. You can check out the highlights reel here and the full videoContinue reading “Featured on CISO Series – Hacking Cyber Risk Quantification”

ISACA CRQ Whitepaper, a Webinar, and More CRQ

A whitepaper I recently wrote for ISACA was published. You can access it here. In this paper I wanted to write about how cyber risk quantification worked broadly, not just in a FAIR context. I hope it gives you a good primer to this topic. I’m also doing an ISACA webinar with my good friendContinue reading “ISACA CRQ Whitepaper, a Webinar, and More CRQ”

CRQ, Zero Trust, NACD, and Risk Treatment Options

Here is a mega update on several items I’ve been working on lately. First, I did a podcast with ThreatConnect talking about CRQ. We did a bit of a retrospective on the FAIR book as well which was nice. Next is a piece I wrote for ISACA about how to not over-respond to current workContinue reading “CRQ, Zero Trust, NACD, and Risk Treatment Options”

Apex Threat Agents, More HITRUST, Quant/Qual Showdown, and Iran

Time for another roundup! Below are some works I’ve recently done on Apex Threat Agents, HITRUST, my time at the Gartner Summit, and some thoughts on Iranian attacks. How to Model Risk in an Apex Predator Cyber-World Enhancing HITRUST Risk Assessments with Cyber Risk Quantification (CRQ) Gartner 2019 Debate: Quantitative vs. Qualitative Cyber Risk AnalysisContinue reading “Apex Threat Agents, More HITRUST, Quant/Qual Showdown, and Iran”