Advanced thinkers on risk management, expert practitioners in quantitative risk analysis for decision support, friendly coaches with useful tips on getting started with Factor Analysis of Information Risk (FAIR™), the 2022 FAIR Conference offers a full lineup of all that in more than two dozen sessions – plus plenty of time to talk to experts and peers in the breaks. Here are some of the people you’ll meet.
Register for the FAIR Conference
Zach Cossairt, Information Risk Program Manager, at Equinix
Zach approaches FAIR with a keen appreciation of the cultural side of implementing a quantitative risk management program. While introducing FAIR to the security planning and prioritization process at Equinix, the data center company, he is also working on his Master of Arts in Behavioral Economics at The Chicago School of Professional Psychology. Zach honed his critical thinking skills as an intelligence data analyst in the US Navy Submarine Force.
Zach will lead the FAIRCON session Case Study: Harnessing the Voltage Effect to Scale our FAIR Risk Programs, 2:15-3:00 PM on Tuesday, September 27.
Read a Meet a Member interview with Zach
Read a blog post by Zach: Human Nature in Our FAIR Risk Programs: Work With It, Not Against It
James Lam, Enterprise Risk Management and Corporate Governance Pioneer
James Lam literally wrote the book on ERM -- Enterprise Risk Management (Wiley, 2003; second edition, 2014), a standard university text and Amazon best seller – and invented the role of Chief Risk Officer as the world’s first CRO at GE Capital and later at Fidelity Investments. He’s also a much-recognized thought leader on boards and corporate governance, named to the National Association of Corporate Directors (NACD) Directorship 100. He recently served on the board of E*TRADE and currently is a member of the FAIR Institute’s board.
James will speak in the panel discussion Communicating Cyber Risk to the Board and the Business: How Is It Changing?, 9:45-10:45 AM, on Wednesday, September 28.
Watch a video: James Lam on Do’s and Don’ts of Reporting on Cyber Risk to the Board
Mona Harrington, Acting Assistant Director, National Risk Management Center, CISA, and Former CISO, U.S. Elections Assistance Commission
The hot seat would describe Mona Harrington’s role overseeing the enormous technical and political issue of elections cybersecurity, first at the Elections Assistance Commission and now at the National Risk Management Center that includes CISA’s elections unit. Also in her purview: 5G wireless networks, supply chains and critical infrastructure. Can the federal government pull up its cyber risk management game from the compliance-checklist mentality that has so long dominated? We’re eager to hear the answer from Mona’s talk, Prioritizing Risk in Government, Monday, September 27, 1:00-1:45 PM.
For background, watch a video: Maturing A Quantitative Risk Management Program in the Federal Government, a presentation by Ignatius Liberto, Director, Cybersecurity Compliance and Oversight (IM-32), Office of the CIO, U. S. Department of Energy, at the spring session of the FAIR Institute’s conference series.
Mary Elizabeth Faulkner, CISO, Thrivent
One of the longest tenured FAIR practitioners and advocates – Mary learned FAIR directly from creator Jack Jones when they worked together at Nationwide Insurance – and one of the most generous with advice. Mary started in IT and audit with Ernst & Young, and held important roles at Caterpillar and Bose Corp. She also serves on the Board of Directors for the FAIR Institute. Mary says, “Information security always struggles at being a cost center and being able to show return on investment. FAIR is bridging the gap on ROI and that takes us much closer to speaking in the same language as our board of directors and business stakeholders.”
Mary will speak at the panel discussion Driving Culture Change - From a Compliance to a Risk-based Approach to Cybersecurity, Tuesday, September 27, 10:00-10:45 AM.
Watch a Meet a Member Video with Mary Elizabeth Faulkner
Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix
F
or a quick course in scaling a FAIR quantitative risk management program, the theme of the 2022 FAIR Conference, take a look at the presentation Tony Martin-Vegue gave at FAIRCON20, How Netflix Rethinks Cyber Risk Analysis with FAIR (FAIRCON2020) – Tony describes how the entertainment company applies FAIR at three tiers, strategic, tactical and operational. One of the most experienced FAIR hands around, Tony founded the San Francisco chapter of the FAIR Institute back in 2016. At this year’s conference, he’s joined by Prashanthi Koutha, Senior Risk Engineer, Netflix, to offering coaching on getting a program off the ground.
Case Study: Five Objections to FAIR and How to Overcome Them, Tuesday, September 27, 2:15-3:00 PM.
Register for the FAIR Conference
