Meet a Member: How Luis Valenzuela Jumped on a FAIR Opportunity at Incomm Payments
As Luis Valenzuela, Director, Data Governance and Data Loss Prevention, Incomm Payments, tells the story, he became a FAIR fan seven years ago but, in his role as an IT project manager, never had access to the data or support from management to fully practice cyber risk quantification.
Hear Luis’ FAIR story in this video conversation with FAIR Institute Membership Director Luke Bader.
Then about a year ago, in an expanded role, his boss the CISO said he was interested in getting into cyber risk quantification, and did Luis know anything about that. “Two weeks later, I had a proposal on his desk,” Luis said. The CRQ project turned into a door opener to the data and the cooperation from the organization he needed to implement FAIR with a spreadsheet solution.
“At this point, I have been able to embed risk quantification in a lot of what I do in my data governance and protection team for identification of risk, how we remediate and how we interface with other parts of the business.”
Luis identifies the benefits of his FAIR program as “To have both the satisfaction and the peace of mind from a due diligence standpoint that we made the decision based on the most accurate data that we have”.
“I always mention that risk quantification is not having perfect data to make perfect decisions. It’s about having better data with fewer unknowns than we had before, and even if the decision is not perfect, it’s certainly much better than red/green/yellow” qualitative guesswork.
Luis gives this warning to practitioners about roadblocks to FAIR adoption: “One of the main issues is PR. FAIR has been known as something very geeky that only people who like statistics and math understand…We need to find a way to translate that data to day-to-day business without having to go too deep into the information.”
Bonus. Learn more about Luis’ FAIR work at InComm payments – watch this video featuring his appearance at the 2024 FAIR Conference session Empowering Business Decisions through CRQ Insights from the Practitioner's Perspective.
Join the FAIR Institute - learn cyber risk quantification, meet CRQ practitioners. Get your free Individual Membership.