From Booth to Boardroom: How the FAIR Community Showed Up at RSAC

/
RSAC26 FAIR Inst Breakast - Featured

FAIR Institute Breakfast, RSAC 2026


At RSAC this year, something stood out—and it wasn’t another conversation about AI.

It was a message that cut through the noise:

RSAC 2026 FAIR Inst Booth-1“Stop Speaking Technical. Start Speaking Business.”

Positioned on our booth, that statement sparked hundreds of meaningful conversations. Nearly 300 new connections stopped by—not just to learn about FAIR, but because the message resonated. In a sea of technical buzzwords, it reflected something deeper: a shift in how cybersecurity leaders must communicate to drive real decisions.

And that shift is exactly what the FAIR Institute community continues to lead.

A Community That Shows Up—and Lifts Others

What made RSAC truly powerful wasn’t just our presence—it was our people.

FAIR community leaders showed up in a big way:

  • Sharing real-world experiences at the booth
  • Guiding newcomers on how to get started with FAIR
  • Offering practical advice grounded in years of application
  • Generously giving their time to help others accelerate their journey

This is what makes the FAIR Institute different. It’s not just a framework—it’s a community of practitioners committed to advancing how organizations understand and manage cyber risk.

A 4-Hour Deep Dive: The Journey of Cyber Risk Management with FAIR

We brought that community to the stage in a 4-hour seminar featuring five voices representing different points along the FAIR journey.

Bernie Dunn, Director of the FAIR Institute, opened with a clear call to action:
Risk management has always mattered—but in the age of AI-driven disruption, the stakes are higher than ever. Organizations must make faster, more informed decisions, and that requires a common language grounded in business impact.

Anthony Leatherwood, seasoned CISO and critical infrastructure leader, brought it home:
FAIR isn’t theoretical—it’s how he communicates risk to his Board. His message was direct:

CISOs don’t fail because of technical gaps—they fail when they can’t translate risk into business terms.

Abigail Gennaoui delivered one of the most practical sessions of the day:
How do you actually get started?
Her focus on scoping loss event scenarios made FAIR tangible—breaking down the first critical step that transforms abstract risk into something measurable and actionable.

Brandon Bapst, consulting leader and author, zoomed out to the program level:
How do you embed FAIR into an organization?
He shared pragmatic approaches for integrating FAIR into both new and existing cyber risk management programs—bridging strategy with execution.

Tony Martin-Vegue closed with a forward-looking perspective on AI:
Not just the hype—but the reality.
He walked through the benefits, risks, and pitfalls, and most importantly, how to:

  • Use AI responsibly
  • Understand AI-related risk
  • Apply FAIR principles to emerging technologies

He left attendees with something invaluable: a path forward.

Executive Perspective: CISO Wisdom in the Age of AI

We also hosted an intimate and thought-provoking CISO breakfast panel, moderated by Nick Sanna, Founder and President of the FAIR Institute.

Nick set the tone with clarity and conviction:

Cybersecurity doesn’t need more data—it needs better decisions.

And that’s where FAIR comes in.

The discussion with Mathias Bücherl (CISO, Heidelberg Materials AG) and Alexander Antukh (CISO, Aboitiz Power) lent the conversation real-world gravity.

They spoke candidly about:

  • The growing pressure to justify cybersecurity investments at the executive level

  • The limitations of traditional, technical-first reporting

  • The increasing expectation from Boards to quantify risk in financial terms

One theme stood out:

Executives aren’t asking for more dashboards—they’re asking for clarity.

FAIR provides that clarity.

The panel reinforced that, in today’s environment—especially with AI accelerating both opportunities and risks—CISOs must evolve from technical experts to business risk advisors.

Those who can quantify and communicate risk effectively will shape strategy.
Those who can’t will struggle to influence it.

See Nick Sanna’s recap of the FAIR Institute Breakfast.

Momentum That Extends Beyond RSAC

RSAC was not a moment—it was momentum.

Momentum driven by a global community committed to advancing cyber risk management in a world that is becoming more complex by the day.

In the age of AI, this work has never been more important:

  • The speed of decision-making is increasing
  • The scale of risk is expanding
  • The need for a common, business-aligned language is critical

And that’s exactly what the FAIR community continues to build—together.

Stay Connected. Keep Learning. Lead the Change.

If you’re ready to go deeper:

  • Become a FAIR Institute Member
    Join a global network of practitioners and leaders shaping the future of cyber risk management.
  • Advance Your Expertise
    Explore the Certified Cyber Risk Professional (CCRP) curriculum bundle to build the skills needed to quantify and communicate risk with confidence.
  • Join Us for the FAIR Europe Summit
    For our European community, registration for the FAIR Europe Summit 2026 in London on June 4th.
    This is your opportunity to connect with community leaders and learn from some of the best practitioners in the field.

The future of cybersecurity isn’t just technical—it’s business-driven.

And thanks to this community, that future is already taking shape.

Join the FAIR Institute now with an Individual Membership.

 
image 37