Completely new to FAIR™ (Factor Analysis of Information Risk) or already onboarded a quantitative risk management program and wondering “what now?” The 2022 FAIR Conference will arm you with insights and inspiration. First, you’ll be in a hall filled with experienced FAIR practitioners who are generous with their advice (and the agenda has plenty of networking time built in).
The FAIR Conference (FAIRCON22) takes place in-person in Washington, DC, at the Mandarin Oriental Hotel and online. Training sessions are Sunday and Monday, 25 & 26, and conference sessions Tuesday and Wednesday, September 27 & 28. Get information and register now.
Here are some of our recommendations for a beginner to get the most out of the conference. See the complete agenda.
FAIR Conference Sessions and Training for Beginners
FAIR Fundamentals Training
Sunday & Monday, September 25 & 26, 9:00 AM – 5:00 PM (at the conference hotel)
Any beginner should start here, with the two-day introductory course to the Open FAIR™ methodology for risk analysis, including basic risk concepts and quantitative risk measurement techniques. Learners walk out prepared for the Open FAIR certification exam. Sign up for the Fundamentals course when you register for the conference.
Panel: Driving Culture Change - From a Compliance to a Risk-based Approach to Cybersecurity
>>Omar Khawaja, CISO, Highmark Health
>>Mark Tomallo, SVP, CISO, Victoria’s Secret
>>Mary Elizabeth Faulkner, CISO, Thrivent Financial
>>Jeff Norem, Deputy CISO, Freddie Mac
Any experienced FAIR hand will tell you that introducing this standard for risk quantification comes with a challenge in managing change and adaptation with your team and your stakeholders. This morning session with FAIR CISOs will give you the big picture to set your own strategy.
Case Study: “FAIR: Okay, Now What?” - Steps to Set Up a Quantitative Risk Management Program at Any Organization
Tuesday, September 27, 1:00 PM - 1:45 PM
>>Michael Meis, Associate CISO, KU Health
Michael is well along in a FAIR program launch at a major healthcare institution. You’ll want to hear this report from the front lines, with some step-by-step advice on your first moves.
Case Study: Five Objections to FAIR and How to Overcome Them
Tuesday, September 27, 2:15 PM - 3:00 PM
>>Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix
>>Prashanthi Koutha, Senior Risk Engineer, Netflix
Tony and Prashanthi are veterans of multiple FAIR program launches – and guarantee you will hear these objections. They have the answers.
Case Study: Building a Strong Foundation for Your Quantitative Risk Management Program
Wednesday, September 28, 1:45 PM - 2:00 PM
>>Tim Wynkoop, Sr. Information Security Risk Engineer, Equinix
Before Equinix, Tim led a long list of FAIR program launches as a consultant. In this talk, he will outline techniques crucial to success in introducing risk quantification and share some of the planning documentation he uses.
Case Study: Embedding CRQ in the Infosec Governance Process of a Fast-Growing Pop Culture Retail Organization
Wednesday, September 28, 3:30 PM - 4:15 PM
>>Markus Kaufmann, CISO, Senior Director of Information Security, Funko
>>Tom Callaghan, Co-Founder, C-Risk
One consistent bit of advice we hear from successful FAIR leaders: Start your program by filling a need for quantitative risk analysis within ongoing processes. Markus, from toy company Funko, and Tom, a Paris-based FAIR consultant, will present a detailed case study.