Day 1 - Tuesday, October 19

All Times in EDT

Session Information
11:00 - 11:30 AM

Welcome Remarks and Opening Keynote
Nick Sanna, 
President, FAIR Institute

Managing Risk and Building Resilience
Mary O'Brien, 
General Manager, IBM Security

11:30 AM - 12:00 PM 30-Minute Break
12:00 - 12:30 PM

C-Level Panel - How Risk Management is Helping Companies Be More Resilient during Digital Transformation

Moderator: Omar Khawaja, CISO, Highmark Health

Betty Elliott, CISO, Freddie Mac

Mary Elizabeth Faulkner, CISO, Thrivent Financial

Harold Marcenaro, Digital Risk Officer, BCP

Presentation - Assessing Cyber Resilience Preparedness

Matt Tolbert, Sr. Cybersecurity Specialist, Supervision and Regulation, Federal Reserve Bank of Cleveland

12:30 - 1:00 PM

Case Study - Using FAIR & Cyber Risk Quantification to Increase Resilience for Your Company

Dan Garcia, Deputy CISO, Datto

Tyanna Smith, Cyber Risk Manager, Datto

Jack Whitsitt, Cyber Risk Manager, Datto

Case Study - Regulatory Considerations for Operational Resilience

Andy Retrum, Managing Director, Global Financial Services Security & Privacy, Protiviti Inc.

1:00 - 1:15 PM 15-Minute Break
-- Beginner Track Advanced Track
1:15 - 1:45 PM

Case Study - Providing Visibility into Operational Risk with FAIR

Seth Mowbray, Senior Risk Analyst
Legal, Risk & Compliance, Government Employees Health Association (GEHA)

Fireside Chat - How To Get a FAIR Program Off the Ground

Moderator: Rachel Slabotsky, Sr. Manager, Professional Services, RiskLens

Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix

Prashanthi Koutha, Senior Risk Engineer at Netflix

1:45 - 2:00 PM 15-Minute Break
2:00 - 2:30 PM

Presentation - Assessing Risk as Part of a CMMC Program

Lars Nielsen, Sr. Project Manager - Cybersecurity, TERMA

Courtney Guss, Senior Global Cybersecurity, IBM Security

Case Study - Adopting FAIR - Transition from Cyber to Operational Risk

Aidan Farren, Global Security Risk & Policy Management, HPE

Aidan Whelan, Cyber Security Risk Analyst, HPE

Jay Reyna, Enterprise Risk Management, HPE


2:30 - 3:00 PM

Presentation - Implementing a CRQ Program in a Global Organization

Gideon Knocke, Fmr. Risk Manager, Fresenius

Tom Callaghan, Co-Founder & Managing Director,
C-Risk, Co-Chair Paris Chapter, FAIR Institute

Case Study - Just Quantify It: Make Better Business Decisions for TPRM

Josh Malnourie, Information Security Advisor at Blue Cross Blue Shield of North Dakota (BCBSND)

Bob Maley, Chief Security Officer, Black Kite



Day 2 - Wednesday, October 20

All Times in EDT (UTC−04:00) Session Information

11:00 - 11:30 AM

Keynote Address - Designing Resiliency and Security at a Time of Uncertainty and Change
John Wheeler, Global Research Leader - Risk Management Technology, Gartner

11:30 AM - 11:45 AM

2021 FAIR Awards Ceremony

11:45 AM - 12:15 PM

Board Panel - Improving Risk Governance and Avoiding Blind Spots, Biases and Bad Incentives

Elizabeth Sheedy,  Author, Risk Governance
Biases, Blind Spots and Bonuses

James Lam, Independent Director, Chair of Risk Oversight Committees, E*TRADE, NACD 100 Honoree

Deb Dunie, NACD Board Leadership Fellow

Presentation - Practitioner Use Case Panorama

Brad Carvellas, CISO, The Guthrie Clinic

Mike Radigan, Global Leader, Cyber Risk Quantification Practice

Cedric De Carvalho, Cyber Risk Manager, Richemont International SA

12:15 - 12:30 15-Minute Break
12:30 - 1:15 PM

Keynote Presentation
Understanding the Value of Controls in Cyber Risk - Unveiling the FAIR Controls Analytics Model (FAIR-CAM)

Jack Jones, Chairman, FAIR Institute

-- Track 1 Track 2 Track 3
1:15 - 1:45 PM

Panel - Mapping FAIR-CAM to Controls Frameworks

  • NIST 800-53
  • CIS
  • ISO 2700

Case Study - Accelerating FAIR Analyses by 10x with Industry Data

Ben Gowan, Data Science Manager, RiskLens

Justin Theriot, Sr. Data Scientist, RiskLens

Presentation - Building Resilience in Cyberspace: Reporting on Progress from the Cyberspace Solarium Commission

Frank Cilluffo, Commissioner, Cyberspace Solarium Commission

Mark Montgomery, Senior Advisor, Cyberspace Solarium Commission

Laura Bate, Senior Director and Task Force Three Lead, Cyberspace Solarium Commission

1:45 - 2:00 PM 15-Minute Break
2:00 - 2:30 PM

Case Study - Closing the MFA Gap - A FAIR-CAM Case Study

Denny Wan, Principal Consultant, Security Express, Chair, Sydney Chapter FAIR Institute

Katrina Macdermid, ITIL Author & Educator

Presentation - Data Science for Practical Risk Management with Cyentia’s IRIS Retina

David Severski, Sr. Data Scientist, Cyentia Institute

Presentation - Ensuring the Resilience of National Critical Functions

Bob Kolasky, Director, National Risk Management Center (NRMC), Department of Homeland Security (DHS)

2:30 - 3:00 PM

Presentation - Rapid Policy Exception Management: Controls Alignment with FAIR-CAM

Robert Immella, Sr. Cybersecurity Quantitative Risk Leader, KeyBank

Case Study - Use of FAIR For Emergency Management Planning and Preparedness

Jonathan Kajeckas, Information Systems Department, County of Sonoma

Chip Block, Chief Solutions Architect, Evolver, LLC

Panel - Experiences from the Field: Reporting Top Risks to the Board

Moderator: Chris Patteson, Executive Director – Risk Transformation Office, Archer

Johann Balaguer, Director, Global Security, Ultimate Kronos Group (UKG)

Michael Moresco, Sr. Security Policy and Risk Manager, ServiceNow


Click on the image below to view last year's agenda!

FAIRCON2020 Program Title Page