FAIR Institute Blog

Tim Wynkoop

Tim Wynkoop is a Risk Analyst for RiskLens

Recent Posts

So You Want to Be a Cyber Risk Analyst

[fa icon="calendar'] Feb 25, 2021 7:28:00 AM / by Tim Wynkoop posted in FAIR Training

[fa icon="comment"] 0 Comments

Good choice - There are an estimated 3.5 million unfilled jobs in cybersecurity worldwide right now and the position of cyber risk analyst is on the cutting edge of career choices

Read More [fa icon="long-arrow-right"]

5 Steps to Improve Your Quantitative Risk Management Program in 2021

[fa icon="calendar'] Jan 20, 2021 6:54:00 AM / by Tim Wynkoop posted in Risk Management

[fa icon="comment"] 0 Comments

Phew, what a year 2020 was.  Now that the new year has come, you may be thinking about how to start, change or stop doing activities within your FAIR quantitative risk management program.  Let's take a look at five things you can do now for a better 2021.  

Read More [fa icon="long-arrow-right"]

Starting Off on the Right Foot: How to Clearly Define a Risk Scenario Statement for FAIR Analysis

[fa icon="calendar'] Jun 23, 2020 2:41:33 PM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 0 Comments

Whether it is difficulty with data gathering, calibrating estimates, or presenting results, problems that come up in FAIR analysis tend to stem from the same source: a lack of a clearly defined risk scenario statement.

Read More [fa icon="long-arrow-right"]

In Hard Times, Remember the 3 F’s of Quantified Cyber Risk Analysis

[fa icon="calendar'] May 6, 2020 8:41:46 AM / by Tim Wynkoop

[fa icon="comment"] 0 Comments

What is going on right now is definitely a crazy time for those of us who run cyber risk analytics or cybersecurity management – “unprecedented,” everyone says.

Read More [fa icon="long-arrow-right"]

Managing a Cyber Risk Program in an Ever-Evolving Threat Landscape

[fa icon="calendar'] Sep 5, 2019 1:22:18 PM / by Tim Wynkoop posted in Risk Management

[fa icon="comment"] 0 Comments

With the skills and resources of attackers constantly improving, is cyber risk management a hopeless endeavor? Working with CISOs and risk management teams as a FAIR consultant, this is a question I get asked from time to time and, in short, the answer is no, if you follow these three best practices:

Read More [fa icon="long-arrow-right"]

3 Key Metrics in Cyber Risk Analytics

[fa icon="calendar'] Jan 15, 2019 11:50:47 AM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 0 Comments

I have had the privilege or the curse of working with metrics--depending on which side of the fence you are on--through the course of my career.  I have tended to lean towards the latter. 

Read More [fa icon="long-arrow-right"]

Loss Event Frequency Explained in 3 Minutes [Video]

[fa icon="calendar'] Nov 14, 2017 10:18:11 AM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 0 Comments

With large companies under near constant attack from malware, phishing, and hacking attempts, getting an estimate on cybersecurity risk means reaching a clear understanding of how many of the massive number of threats actually turn into losses.

Read More [fa icon="long-arrow-right"]

'Vulnerability' in Risk Analysis, Explained in 2 Minutes [Video]

[fa icon="calendar'] Sep 27, 2017 3:36:37 PM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 3 Comments

Precise definitions of the factors that go into an accurate risk analysis – that may be the bottom line advantage of the FAIR approach.  For a great example, take Vulnerability, loosely defined as "weakness" most often, but FAIR gives it a focussed and more useful meaning: “the probability that a threat event will become a loss event.”  

Read More [fa icon="long-arrow-right"]

What Makes a Good Risk Analyst?

[fa icon="calendar'] Jun 9, 2017 6:13:15 AM / by Tim Wynkoop posted in FAIR, Risk Management

[fa icon="comment"] 3 Comments

If you’re looking to hire a cyber risk analyst – or if you are a risk analyst looking to up your game – I recommend reading Jack Jones’ new eBook An Executive’s Guide to Cyber Risk Economics where you’ll find the definitive checklist of skills required to do reliable risk analysis. 

Read More [fa icon="long-arrow-right"]
LEARN MORE