Meet a Member: Rob Moore, VP Technology Risk Management, Mastercard, on Future-Proofing with FAIR (Video)


Rob Moore is VP Technology Risk Management at Mastercard, Chair of the FAIR Institute London Chapter, a multi-times presenter at FAIR Conferences, and soon to be speaker at the 2025 FAIR Institute European Summit in June.
I finally caught up with Rob for an interview for our Meet a Member Series – and if you’re new to FAIR, wondering how to start a FAIR program at your organization, or even a bit intimidated by quantitative cyber risk analysis, you’ll want to watch the short video of our chat.
Some key moments:
Working up to Quantification
“Just trying to put numbers to the risk ensures that you have to think about the risk in the right way. I started my journey with FAIR not doing any quantification at all. We just used the taxonomy to break down risk into its component parts. Once people got used to that, we started with quantification.”
Getting Started with a FAIR Program
“You don’t need huge amounts of maturity to get there. When you start piloting FAIR, go straight into risk/reward for a problem the company already has or an investment decision that already needs to be made. Use the methodology to demonstrate how, by putting a number to the risk, you can better explain the potential benefits of a certain investment.”
Reporting to Stakeholders: Stay Out of the Weeds
“If you can say this will reduce the risk by 30% you don't need to ever tell them what the analysis numbers were - that’s the only information they require. That’s extremely valuable and probably the first they will have received such specifics from a risk management team.”
Facing the Future with FAIR
“FAIR is part of the answer to future-proofing the whole risk management profession. There's a change coming in terms of the ability of computer systems to automate many organizational processes and risk management is right up there on the list. Huge efficiencies will be gained, for instance by eliminating the need to send questionnaires back and forth (to third parties).
The only things left (for risk managers) will be the things that require expert judgment. This is where the FAIR methodology comes in so you are automating against an industry standard that you can point to and explain to executives.”
Meet Rob Moore at the 2025 FAIR Institute European Summit, June 5th in London. Register now!