5 Risk Quantification Case Studies You’ll Hear at the 2022 FAIR Conference

FAIR Inst Member Michael Meis U of Kans Health 2Come to the 2022 FAIR Conference and come away with actionable insights from experienced hands at introducing and running quantitative risk management programs based on Factor Analysis of Information Risk (FAIR™).

Here are five conference sessions that will present case studies that get into the details on scaling FAIR to enterprise level, the theme of our conference. 


FAIR Conference, Sept. 27-28, Washington, DC

FAIRCON22 LogoView the conference agenda

Buy tickets for in-person or virtual attendance


1. Case Study: “FAIR: Okay, Now What?” - Steps to Set Up a Quantitative Risk Management Program at Any Organization

Michael Meis, Associate CISO, The University of Kansas Health System

Michael is still in early stages of introducing FAIR at this large health system (not his first FAIR launch) and he has some fresh insights. A high-level preview: First, understand where the pain points lie in current risk management, and apply FAIR there. Second, meet people where they are in their understanding of risk.

Learn more: Meet a Member Interview with Michael Meis


2. Case Study: Five Objections to FAIR and How to Overcome Them

Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix

Prashanthi Koutha, Senior Risk Engineer, Netflix

Quantitative risk analysis takes too long, the learning curve is too steep, etc., etc., etc. – if you’re trying to socialize FAIR at your organization, you’ve heard the objections. Tony and Prashanthi, two of the best communicators in the FAIR movement, will describe how they turned opposition to support at Netflix.

Learn more: How Netflix Rethinks Cyber Risk Analysis with FAIR (FAIRCON20 Video)

FAIRCON21 Prashanthi Koutha - Tony Martin-Vegue - Netflix

3. Case Study: Refining the “R” in GRC at Scale

Michael Radigan, Cyber Risk Advisor, Cisco 

Mike has a key insight: So much of the struggle over security policy and compliance, and the friction among security, IT, audit, business owners and other teams has a root cause in the failure of the GRC to correctly handle risk. In this talk, he will give step-by-step advice on using FAIR to work through the conflict to scale your program.  


4.  Case Study: Harnessing The Voltage Effect to Scale Our FAIR Risk Programs

Zach Cossairt, Information Risk Program Manager, Equinix

And now for something completely different: Zach is both a FAIR analyst and a grad student in psychology (behavioral economics to be exact) and he’ll share how he is applying the lessons of The Voltage Effect: How to Make Good Ideas Great and Great Ideas Scale by University of Chicago Prof. John A. List to grow a FAIR program at Equinix, the global data centers company,

Learn more: Meet a Member Interview with Zach Cossairt


FAIRCON22 Ad - Email


5. Case Study: Quantifying the Control and Risk Landscape Using FAIR-CAM

Tyler Britton, Quantitative Cyber Risk Manager, DropBox

Any session on FAIR-CAM™ is the hot ticket for this year’s FAIR Conference – the new FAIR Controls Analytics Model extends quantification to controls to assess their value in reducing risk. Hands-on experience with FAIR-CAM is still rare, so expect a full house for this presentation in which Tyler will get into the details on how to rethink your controls stack, combine attack models with FAIR-CAM and many more techniques to greatly improve the efficacy of security operations.

Learn more: Understanding the FAIR Controls Analytics Model (FAIR-CAM) by Jack Jones

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37