FAIR Institute Blog

Meet a Member: Sounil Yu, Creator of the Cyber Defense Matrix and CISO, JupiterOne, on Training Your Organization to Re-think Cyber Risk

[fa icon="calendar"] Jun 2, 2021 8:40:00 AM / by Luke Bader

Luke Bader

Sounil Yu is an advisory board member for the FAIR Institute and CISO and Head of Research for JupiterOne, the cyber asset management platform company, and a former Chief Security Scientist for Bank of America, an early FAIR adopter.

His mission, he says, is “Finding new ways to make security easier and more interestingand not as cumbersome to us practitioners. And that’s why I’m a proponent of FAIR for cyber risk management and risk analysis…FAIR is, at its core, about language and assumptions and being on common ground.” 

Sounil’s latest project to make security easier is the Cyber Defense Matrix, a framework to navigate the crowd of cybersecurity vendors and cut through their competing claims to find the right mix of products. He’s working on a book on the matrix.

In this video, Sounil and I discuss the problems with the cybersecurity marketplace, tips for introducing FAIR and quantitative analysis to your organization from the top down or the bottom up, including setting up a “risk jar” to fine violators who stray from FAIR in speaking about risk – and how he took up curling during the pandemic. 


Learn FAIR through the FAIR Institute with hybrid online courses

Topics: Meet a Member

Luke Bader

Written by Luke Bader

Luke Bader is Director, Membership and Programs for FAIR Institute

Join the FAIR Community

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts