Reston, VA, Oct. 8, 2020 – The FAIR Institute, an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information, cybersecurity and operational risk management practices based on the Factor Analysis of Information Risk (FAIR™) model, has recognized three risk management leaders with FAIR Institute Excellence Awards.
The awards were announced and presented at the 2020 FAIR Conference (FAIRCON2020) held online this week. FAIRCON2020 was attended by a record 2,000 registrants – another milestone for the FAIR Institute, which this year passed the 10,000-member mark.
The FAIR Institute congratulates the 2020 FAIR Institute Excellence Awards winners:
- Emery Csulak, Principal Deputy Chief Information Officer, U.S. Department of Energy (DOE), winner of the Business Innovator Award
- Harold Marcenaro, Digital Risk Officer, Banco de Crédito del Perú (BCP), winner of the FAIR Champion Award
- Tony Martin-Vegue, Senior Risk Engineer at Netflix, winner of the FAIR Ambassador Award
The FAIR Institute Excellence Awards honor risk management leaders for their initiative, ingenuity and contributions to information/cybersecurity and operational risk management through their use and advocacy of FAIR, the international standard for quantifying risk in financial terms. The awards recognize the deep impact that these professionals have on their organizations in enabling operational excellence and effective decision-making and in balancing the need to protect their organizations while running the business.
“Emery, Harold and Tony represent what our profession should be aiming for in terms of risk management vision, depth of understanding, and commitment to excellence,” said FAIR Institute Chairman Jack Jones. “We are proud to honor their exceptional efforts to advance the profession and promote the adoption of the FAIR Standard.”
The FAIR Business Innovator Award recognizes innovative risk officers who successfully apply FAIR principles to disrupt the status quo by leveraging new risk analytic capabilities. Emery Csulak has built an innovative cyber risk management methodology at the DOE that integrates FAIR and quantitative risk assessment practices with federally mandated controls and risk management frameworks such as NIST Cybersecurity Framework (CSF), the NIST Framework for Improving Critical Infrastructure Cybersecurity, the Federal Information Security Modernization Act (FISMA) Risk Management Framework (RMF) and the Department’s approach to executing NIST Special Publication 800-37. Emery is also known as a strong promoter for innovation in the federal government, having shared the new DOE methodology with other agencies, as well as the Federal CISO Council at OMB. Emery has also been crucial in influencing the development of a government-specific FAIR Fundamentals training course. Emery is a key contributor to the discussion on how to leverage FAIR principles in the US Federal government through attendance and participation in the DC and Federal Government Local Chapters as well as at the annual FAIR Conferences.
The other finalists for the Business Innovator Award are:
- Steve Pearson, Chief Information Security Officer at Cambia Health, who has elevated Cambia’s HIPAA compliance and risk management through the use of FAIR so that compliance doesn't have to be managed at the expense of risk.
- Rob Labbe, Director, Information Security, at Teck Resources Limited, who is applying FAIR analyses to assess new digital risks, such as those associated with operating driverless trucks in mining.
The FAIR Champion Award recognizes leaders at the forefront of their organization’s FAIR initiative who get data owners on board, stakeholders to help improve analysis, and decision-makers to adopt the resulting analytics as an integral part of their strategies, decision-making processes and operating rhythms. Harold Marcenaro leads the digital risk management team at Banco de Crédito del Perú – also known as BCP, the largest bank in the country – on a mission to empower the organization to identify, quantify, prioritize, treat and communicate cyber risk to enable well-informed decisions and cost-effective resource prioritization. As the bank engaged in strategic digital transformation with the launch of new online banking services, Harold championed the use of FAIR to make sure that critical cybersecurity risk would be identified and treated, and that the board of directors gets full visibility into those risks and the associated security strategies and better exercises its oversight responsibilities. Harold is currently championing the expansion of the use of FAIR beyond the analysis of cybersecurity risk, to other areas of operational risk within the bank. He was a presenter this year at FAIRCON2020 on the topic of managing digital risk in times of crisis.
The other finalists for the FAIR Champion Award are:
- La’Treall Maddox, Strategy Risk Manager, Cisco, who has been leading the FAIR cyber risk quantification program at Cisco.
- Christopher Porter, Chief Information Security Officer, Fannie Mae, who has led the transformation of the cybersecurity risk culture and related decision-making practices at Fannie Mae.
The FAIR Ambassador Award recognizes a specific member’s work in bringing FAIR knowledge and the FAIR Institute to the wider community. Tony Martin-Vegue, who currently leads the risk program at Netflix, has been a tireless advocate of FAIR for years, even before it was fashionable, and can be rightfully considered one of the pioneering animators of the FAIR community. An early adopter of FAIR, he founded the San Francisco Bay Area Chapter of which he currently is the co-chair, and generously shared his experience with this fast-growing FAIR community with inspiring and practical applications of FAIR, encouraging many risk professionals to follow his lead. Tony continues to share his FAIR knowledge and experience at events like FAIRCON or SIRACon. He also has been embracing a digital presence for years through social media, on webinars, and by maintaining his own website with quantitative risk resources, www.tonym-v.com.
About the FAIR Institute
The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on Factor Analysis of Information Risk (FAIR), the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. Institute membership has now passed 10,000 and includes members from about 35% of Fortune 1000 companies. This year has seen record attendance at FAIRCON2020 – follow news of the conference on Twitter at #FAIRCON2020. To learn more and get involved visit: www.fairinstitute.org.
Director, Memberships and Programs