Risk quantification pioneers come to FAIR™ from all different directions but Alex Rogozhin, Sr. Manager, Cybersecurity Intelligence Team, at banking company Truist had one of the more unusual journeys. He came to FAIR as a first-line-of-defense guy with no official risk title, no budget and no direction from senior management.
But his team was tasked with reporting upward on the state of the organization’s cybersecurity. And as he tried to consolidate metrics from different siloed teams he found “different groups doing different things which are seemingly similar in their goals, but create quite different inputs and information. Then you can’t really cross compare.”
Trying to solve the problem, Alex came across FAIR -- it made sense intuitively to him, coming from a financial background, and he liked the fact that FAIR had a community centered around the Institute.
Meet more FAIR Institute members like Alex – and join 7,500-plus of your peers. Become a FAIR Institute member (it’s free to security and risk professionals).
He took a “bottom up” tactic, starting with a small validation project with bank data, then expanded into use cases (with assistance from the RiskLens Professional Services team), then submitted FAIR to the bank’s model risk management team.
“Along the way, we found proponents for the framework, we found sponsors from the executive side, we got our CISO on board, so it’s been a partnership across many individuals internally.”
“The cross benefit was that teams started reaching out across the aisles. When those silos start working together, a lot of ideas and collaboration happens. Now, we have inputs from the fraud team, governance team, the legal team, the consumer side. So, the quality of our risk assessment has become better overall.”
Listen to Alex’s conversation with Luke Bader, FAIR Institute Director of Memberships and Programs in this podcast.
And watch the video of Alex’s presentation for the Use Case Panorama at the 2019 FAIR Conference for more details on introducing FAIR at Truist.