Both of the awards, Business Innovator and FAIR Champion aim to showcase the most forward-thinking and active members of the FAIR Institute community. The winners of the awards will be announced at the 2018 FAIR Conference at Carnegie Mellon University in Pittsburgh.
Congratulations to our 2018 FAIR Awards Finalists!
Business innovation and technology innovation are often connected. Innovative risk officers are disrupting the status quo by leveraging new analytic capabilities and by enabling the communication and management of information risk from the business perspective. This award recognizes those risk professionals who have successfully applied FAIR principles to drive innovation.
Finalists
His interest in risk analysis is anchored by his strong belief that information security problems are rooted in human psychology, communication, conflict management, and other decision-making capacity problems and that the world only gets better and safer when we work together. Jack is involved with helping to host North Carolina Chapter Meetings for the FAIR Institute and has presented on his organization’s FAIR efforts to the Congressional Cybersecurity Caucus, White House/O.M.B. and U.S. Treasury Department. Jack is being nominated for the Business Innovator Award for his efforts to organizationally elevate FAIR from Risk Analysis tool to a Risk Management Support function.
Omar is being nominated for the Business Innovator Award for leading the charge in transitioning from a controls-centric to a risk-centric approach to cybersecurity at Highmark. Omar has been spearheading an enterprise-wide effort to change the way the organization thinks, communicates and manages cyber risk through the adoption of the FAIR taxonomy and analysis model. As they are upgrading their risk governance practices, Omar methodically got his team as well as the executives trained on FAIR principles and reinforcing their application through hands-on exercises. Omar will be supporting the Institute this year by presenting and participating on panel at FAIRCON18.
Mark is being nominated for the Business Innovator Award for creating the risk management organization at Ascena and built it on FAIR. He created a team, brought in consultants to help ramp up both his team and his program quickly and has since maintained that momentum of FAIR-based risk analysis to enable conversations and make decisions. Under Mark's leadership, risk management has transitioned the organization away from a compliance-based only strategy and towards risk-aligned, cost-effective decision making and security budgeting.
Attend the 2018 FAIR Conference. Register Now.
Transitioning to a business-aligned and data-driven culture within information risk requires leadership: intellect to envision and explain, understanding to address fear, evangelism to motivate, and courage to manage through unknowns. This award recognizes leaders at the forefront of their organization’s FAIR initiative who get data owners on board, stakeholders to help improve analysis, and decision-makers to adopt the resulting analytics as an integral part of their strategies, decision-making processes and operating rhythms.
Finalists
Jack is being nominated for the FAIR Champion Award for developing the quantitative cyber risk assessment program at TIAA starting in 2012. He designed and implemented an automated quantitative cyber risk engine that delivers asset-level quantitative risk ratings. Jack supports the FAIR Institute community by regularly contributing to the FAIR Blog and he will be participating on a panel session at FAIRCON18.
Drew is nominated for the FAIR Champion Award as he continues his leadership and drive of FAIR within HPE. The GRC group has re-organized under Drew's leadership to help business units identify top risks that will feed into risk management and FAIR analyses. Drew is also Co-Chair of the Dallas-Fort Worth Chapter of the FAIR Institute and has participated in FAIRCON panels.
She is a published author, with her book Surviving Security having two editions and used at multiple universities around the world as the textbook for foundational information security courses. She teaches a graduate level Information Risk Management course for UMass Amherst in the College of Information and Computer Sciences. Mandy has a JD from Western New England University, a Master’s in Management Information Systems from Texas A&M University, and a B.B.A in Accounting from Texas A&M University. Mandy is a CISSP, CPA, and member of the Texas Bar.
Mandy is nominated for the FAIR Champion Award for her leadership in establishing a quantitative risk management program at MassMutual, for her continued work in spreading FAIR within multiple organizations and for teaching FAIR to students in Information Risk Management at UMass Amherst.
Related: