Mary Faulkner got her education on Factor Analysis of Information Risk (FAIR™) straight from the source, as a co-worker with FAIR creator Jack Jones when he was CISO at Nationwide Insurance in the early 2000s. Mary learned FAIR from Jack in whiteboard sessions, and FAIR resonated with her right away. “It just felt good to have something more data-driven and not so subjective.”
Mary is now CISO at financial firm Thrivent, after an extensive career in infosec and risk management starting in IT and audit with Ernst & Young, and going through important roles at Caterpillar and Bose Corp. She also serves on the Board of Directors for the FAIR Institute, and has been a regular speaker at FAIR Conferences, appearing last year on the panel Helping the Board Exercise Proper Cyber Risk Oversight.
In her off-time, Mary says she does a 180 from cybersecurity. “I love to go off the grid and go camping, not glamping” with her family, next destination the national parks in Utah.
In our conversation, Mary shared tips from her long experience as a FAIR practitioner, including
- How to use quantitative risk analysis to gain support and trust from the business
- How to socialize FAIR with stakeholders before presenting any analysis
- When subjective, qualitative reporting can be good enough
- The importance of loss tables in keeping your analysis results credible
Watch the video now: