Sounil Yu is an advisory board member for the FAIR Institute and CISO and Head of Research for JupiterOne, the cyber asset management platform company, and a former Chief Security Scientist for Bank of America, an early FAIR adopter.
His mission, he says, is “Finding new ways to make security easier and more interestingand not as cumbersome to us practitioners. And that’s why I’m a proponent of FAIR for cyber risk management and risk analysis…FAIR is, at its core, about language and assumptions and being on common ground.”
Sounil’s latest project to make security easier is the Cyber Defense Matrix, a framework to navigate the crowd of cybersecurity vendors and cut through their competing claims to find the right mix of products. He’s working on a book on the matrix.
In this video, Sounil and I discuss the problems with the cybersecurity marketplace, tips for introducing FAIR and quantitative analysis to your organization from the top down or the bottom up, including setting up a “risk jar” to fine violators who stray from FAIR in speaking about risk – and how he took up curling during the pandemic.