Drew Simonis, Deputy CISO at Hewlett Packard Enterprise (HPE), co-chairs the Greater Dallas-Fort Worth chapter of the FAIR Institute (along with Jodi Schmieg, Risk Manager, Cyber Security, at HPE), and is a longtime FAIR practitioner and one of our most thoughtful FAIR™ advocates.
Drew found FAIR when working in the insurance industry as CISO for Willis, and went looking for an actuarial model for cyber risk. “I really enjoyed the logic behind FAIR,” he says, “and have been watching it evolve since.”
In our conversation, Drew shared some insights on introducing the FAIR quantitative way of thinking about cyber risk to business leaders.
“Most people look at cyber risk categorically – like cyber risk is one thing. But cyber risk is a bunch of things.
“If you can boil it down to the specific loss event scenarios that resonate with business leaders, they can understand the disruption of your critical service which is supporting their business goal.
“They can then start to talk about the event in ways that open your eyes as the risk analyst and really give you detail to things you would not have thought of. FAIR is great for that.”
Hear insights from Drew on adjusting to the rapidly change threat landscape, reporting to the board, taking emotion out of the risk discussion and more in this short video: