FAIR Institute Blog

Starting out as a systems programmer for a bank, Jack volunteered to be responsible for protecting the business from computer viruses in an age when viruses were a new development. At the time, information security was not considered an important or glamorous job, and was thought of as the “dark corner of the dungeon” in the IT world. Jack, however, became interested with the uniqueness of this new field and the inherent challenges associated with information security.

The complexity of dealing with computer viruses allowed Jack to exercise the creative part of his mind to deal with new problem-solving challenges. One of his first steps was to actually write a computer virus. This equipped him with a fundamental knowledge of how they operate.

Jack's interest in information security evolved from there, and he found himself working in government intelligence. There, he was always confronted with something new in the technology field. Despite the unique challenges, he was constantly learning something fun and interesting. This sparked other interests and opportunities in the field, and led to a switch from information security to risk management. The change to risk management led Jack Jones to author the FAIR standard. But that is a story for another time.

Since then, Jack has received numerous recognitions for his work, including:

• The ISSA Excellence in the Field of Security Practices award in 2006
• A finalist award for the Information Security Executive of the Year, Central US in 2007
• The CSO Compass Award in 2012 

A sought-after thought leader and speaker at industry conferences, he recently published "Measuring and Managing Information Risk: A FAIR Approach" which has been defined by some as "the CISO's bible" for information security risk.

Tune in next week for the origin of FAIR.