Pooya Alai, a Senior Cybersecurity Risk Manager for Maersk, the global shipping giant and integrator of logistics, came to FAIR™ (Factor Analysis of Information Risk) from a background in enterprise risk management (ERM), not IT, and his first reaction was “I can make something much more complicated than this.” Then he realized that FAIR “delivers that quote from Einstein, everything should be as simple as possible but not more than that.”
Pooya Alai and his colleague Rebekka Kurland will give a presentation on the FAIR program at Maersk at the FAIR Institute Europe Summit in London, March 16, 2023. Reserve your place now!
Coming from ERM, he also realized FAIR’s value as a cross-corporate-silo communication tool with its capability to quantify risk in the financial terms that all stakeholders can understand. “It’s focusing on the ‘so-what’ rather than the ‘what’,” as he puts it. “What’s the impact at the end of the day.”
What’s more, quantitative risk analysis “can unblock decisions” which are typically more nuanced than if-then propositions. “Very often they are if-then-but propositions” where decision-makers must also weigh the residual risk from any course of action.
He says he knew that FAIR was catching on at Maersk when one stakeholder thanked him for a “scientific answer to a very longstanding debate”.
Hear more of Pooya’s insights into applying FAIR -- including his theory on “what all corporate failures stem from” -- in this conversation with FAIR Institute Director Luke Bader: