The FAIR Institute Blog

FAIRCON25: Learn Best Practices to Report on Risk to the Board and C-Suite

Written by Jeff B. Copeland | Oct 15, 2025 2:14:59 PM

Boards and executives want clear answers about cyber risk: how much exists, and how much less will remain if investments are made. Yet too often, conversations get bogged down in compliance checklists and control maturity scores that fail to capture true risk exposure.

At FAIRCON25, multiple sessions will explore how CISOs are shifting board and ERM discussions from compliance to risk. You’ll gain insights on quantifying cyber loss exposure in financial terms, integrating with enterprise risk reporting, and creating business-focused narratives that enable smarter decisions and stronger board alignment.

FAIRCON25

Theme: Resetting Cyber Risk in the Age of AI

Training Days: Nov. 2-3

Conference Sessions: Nov. 4-5

Venue: The Glasshouse, 660 12th Ave., New York City

Register now for FAIRCON25

 

What Are the Board-Related Events at FAIRCON25?

CISO Roundtable: "Translating Cyber Risk for the Business and the Board: Integrating ERM and Cyber Risk Management" (Nov 4, 3:35 PM - 4:20 PM)

–James Lam, Independent Board Member and Risk Committee Chair, Author

–Mary Elizabeth Faulkner, CISO, Thrivent Financial

Session: "Bridging the Gap: Bringing Cyber Risk Quantification to the Boardroom" (Nov 5, 2:30 PM - 3:15 PM)

–Tapan Ghosh, Executive Director, Information Security Office, Mizuho Americas

Session: "Governing the Perils and Promises of AI - The Board's Perspective" (Nov 5, 9:00 AM - 9:40 AM)

–Michael Montoya, COO, BlueVoyant, F5 Board Member

–Larry Clinton, President, Internet Security Alliance

 

What Are the Key Issues to Be Discussed?

  • Aligning Cybersecurity with Business Strategy
  • Providing Effective Oversight of Cyber Risks
  • Staying Ahead of Regulatory Compliance
  • Managing Fiduciary Liability
  • Maintaining a Risk-Aware Culture in the AI Transition 

 

Who Should Attend?

  • Board Members seeking to enhance their understanding of cyber risk.
  • CISOs and Other Senior Executives addressing cyber risks in their strategic decisions.
  • Audit Committees evaluating cybersecurity reports

 

Presenter Focus

James Lam – FAIR Institute Board Member,  literally wrote the book on enterprise risk: his Implementing Enterprise Risk Management is the standard textbook in the field. He’s widely acknowledged as the inventor of the Chief Risk Officer role, and has served on many boards. His irreverent take on boards and the executives who report to them has been a highlight of FAIRCONs - watch his  Critical Do’s and Don’ts of Cyber Risk Board Reporting from 2022: first rule “don’t do stupid” by presenting  an unquantified heat map. 

Michael Montoya - comes at cyber risk from both sides, as a Chief Operating Officer at Blue Voyant, a cloud-native cyber defense platform, and Board member for F5, the converged application delivery and security platform. He previously served as Chief Information Security Officer at Equinix, one of the most advanced organizations for FAIR cyber risk management. 

Don’t miss out on the conference at the leading edge of cyber risk management - Register now for FAIRCON25
View full post