At the FAIR Inst. booth, left to right: Luke Bader, Membership & Programs Director, Bernadette Dunn, Head of Education, Tony Martin-Vegue, Bay Area Chapter Chair
This year’s Black Hat USA 2025 in Las Vegas brought together tens of thousands of cybersecurity professionals, innovators, and thought leaders—and the FAIR Institute was right in it all.
As the global education, training, and research center for the FAIR™ Model—the international standard for quantitative analysis of cyber and operational risk— we came to Black Hat with one mission: to show the benefits of cyber risk management and the power of informed, data-driven risk decisions.
Spotlight on Operationalizing FAIR™
One clear takeaway from the conference: deploying and automating FAIR is on everyone’s mind. Risk and InfoSec leaders, CISOs, and analysts alike stopped by our booth to explore how to integrate FAIR into daily decision-making—moving beyond one-off analyses to embedding quantitative risk management into enterprise workflows, governance, and strategy.
Expanding the FAIR Universe: FAIR-CAM™ & FAIR-MAM™
A major draw this year was the growing interest in FAIR model extensions:
- FAIR-CAM™ (Controls Analytics Model) – for measuring and optimizing the performance of risk controls.
- FAIR-MAM™ (Materiality Assessment Model) – for translating cyber events into defensible business impact assessments.
Attendees and booth visitors were excited to see how these extensions open new possibilities for accuracy, defensibility, and business alignment in risk analysis. We had multiple in-depth conversations about how the different and expanding parts of the model can work together.
Managing GenAI Risk with FAIR
One of the most forward-looking conversations we had was about managing Generative AI (GenAI) risk.
Attendees wanted to know:
- How can FAIR measure and help manage the risks of deploying GenAI in critical business processes?
- How to select which controls are most effective for mitigating potential cyber issues at a specific organization?
- How do we weigh innovation against potential exposure?
It’s clear that GenAI isn’t just a technology conversation—it’s a risk conversation, and FAIR provides a defensible way to model and communicate those risks to business leaders. We will be discussing this topic specifically at FAIRCON25 with our event theme being “Resetting Cyber Risk in the Age of AI.”
Education, Membership & Community
We fielded a steady stream of questions about:
- FAIR Training & Continuing Education – from beginner courses to advanced certifications.
- FAIR Institute Membership Benefits – including access to resources, research, tools, and a global peer community.
- Upcoming Events – especially FAIRCON25, the premier conference for quantitative risk management.
It was energizing to connect with so many professionals eager to grow their skills, join the FAIR community, and advance their organizations’ risk programs.
See You at FAIRCON25!
If we met you at Black Hat—thank you for stopping by! If we missed you, we’d still love to connect. Join the FAIR Institute to access member-exclusive content, network with risk leaders worldwide, and stay ahead on the latest developments in the FAIR ecosystem.
Mark your calendars for FAIRCON25—where we’ll dive even deeper into FAIR, FAIR-CAM, and FAIR-MAM, share real-world case studies, and continue building a global movement for effective risk management.
