Boards and executives want clear answers about cyber risk: how much exists, and how much less will remain if investments are made. Yet too often, conversations get bogged down in compliance checklists and control maturity scores that fail to capture true risk exposure.
At FAIRCON25, multiple sessions will explore how CISOs are shifting board and ERM discussions from compliance to risk. You’ll gain insights on quantifying cyber loss exposure in financial terms, integrating with enterprise risk reporting, and creating business-focused narratives that enable smarter decisions and stronger board alignment.
FAIRCON25
Theme: Resetting Cyber Risk in the Age of AI
Training Days: Nov. 2-3
Conference Sessions: Nov. 4-5
Venue: The Glasshouse, 660 12th Ave., New York City
What Are the Board-Related Events at FAIRCON25?
CISO Roundtable: "Translating Cyber Risk for the Business and the Board: Integrating ERM and Cyber Risk Management" (Nov 4, 3:35 PM - 4:20 PM)
–James Lam, Independent Board Member and Risk Committee Chair, Author
–Mary Elizabeth Faulkner, CISO, Thrivent Financial
Session: "Bridging the Gap: Bringing Cyber Risk Quantification to the Boardroom" (Nov 5, 2:30 PM - 3:15 PM)
–Tapan Ghosh, Executive Director, Information Security Office, Mizuho Americas
Session: "Governing the Perils and Promises of AI - The Board's Perspective" (Nov 5, 9:00 AM - 9:40 AM)
–Michael Montoya, COO, BlueVoyant, F5 Board Member
–Larry Clinton, President, Internet Security Alliance
What Are the Key Issues to Be Discussed?
- Aligning Cybersecurity with Business Strategy
- Providing Effective Oversight of Cyber Risks
- Staying Ahead of Regulatory Compliance
- Managing Fiduciary Liability
- Maintaining a Risk-Aware Culture in the AI Transition
Who Should Attend?
- Board Members seeking to enhance their understanding of cyber risk.
- CISOs and Other Senior Executives addressing cyber risks in their strategic decisions.
- Audit Committees evaluating cybersecurity reports
Presenter Focus
James Lam – FAIR Institute Board Member, literally wrote the book on enterprise risk: his Implementing Enterprise Risk Management is the standard textbook in the field. He’s widely acknowledged as the inventor of the Chief Risk Officer role, and has served on many boards. His irreverent take on boards and the executives who report to them has been a highlight of FAIRCONs - watch his Critical Do’s and Don’ts of Cyber Risk Board Reporting from 2022: first rule “don’t do stupid” by presenting an unquantified heat map.
Michael Montoya - comes at cyber risk from both sides, as a Chief Operating Officer at Blue Voyant, a cloud-native cyber defense platform, and Board member for F5, the converged application delivery and security platform. He previously served as Chief Information Security Officer at Equinix, one of the most advanced organizations for FAIR cyber risk management.
Don’t miss out on the conference at the leading edge of cyber risk management - Register now for FAIRCON25
