FAIRCON22 Agenda

Click here or the image below to view our full FAIRCON22 Program!

Pre-Conference Training - Day 1 - Sunday, September 25

All Times in EDT (UTC−04:00)
8:00 - 9:00 AM	Registration and Breakfast
9:00 AM - 12:00 PM	FAIR Analysis Fundamentals - Day 1 Introductions with Course Overview Intro to Risk Analysis and FAIR Basic Risk Concepts
12:00 - 1:00 PM	Lunch
1:00 - 5:00 PM	FAIR Analysis Fundamentals - Day 1 Terminology The FAIR Model Measurements

Pre-Conference Training - Day 2 - Monday, September 26

All Times in EDT (UTC−04:00)
7:30 - 9:00 AM	Registration and Breakfast
9:00 - 12:00 AM	FAIR Analysis Fundamentals - Day 2 Analysis Process Results Interpretation		Calibrated Probability Assessments for Cybersecurity by Hubbard Decision Research Part 1 - Personal Calibration Exercises
12:00 - 1:00 PM	Lunch
1:00 - 5:00 PM	FAIR Analysis Fundamentals - Day 2 Case Study 1 - As a group Case Study 2 - Small group breakout	Calibrated Probability Assessments for Cybersecurityby Hubbard Decision Research Part 2 - Advanced Calibration	Effectively Reporting and Communication FAIR Results FAIR Lab Session	Need for Speed FAIR Lab Session

Conference Day 1 - Tuesday, September 27

All Times in EDT (UTC−04:00)
7:30 - 9:00 AM	Registration and Breakfast
9:00 - 10:00 AM	Welcome Remarks and Opening Keynote How Risk Economics can Help Us Win the Battle in Cyberspace Larry Clinton, President, ISA
10:00 - 10:45 AM	Panel: Driving Culture Change - From a Compliance to a Risk-based Approach to Cybersecurity Moderator: Omar Khawaja, CISO, Highmark Health Mark Tomallo, SVP, CISO, Victoria’s Secret Mary Elizabeth Faulkner, CISO, Thrivent Financial Jeff Norem, Deputy CISO, Freddie Mac
10:45 - 11:15 PM	*30-Minute Networking and Exhibitor Break*
11:15 AM - 12:00 PM	Presentation: Subjective Judgements: Outperforming Your Current Best Experts Douglas Hubbard, President, Hubbard Decision Research
12:00 - 1:00 PM	*Lunch and Exhibitor Break*
--	Track 1	Track 2
1:00 - 1:45 PM	Case Study: “FAIR: Okay, Now What?” - Steps to Set Up a Quantitative Risk Management Program at Any Organization Michael Meis, Associate CISO, KU Health	Presentation: How to Scale FAIR Programs with Controls Analytics Bryan Smith, CTO, RiskLens Jack Jones, Chairman FAIR Institute, Chief Risk Scientist RiskLens
1:45 - 2:15 PM	*30-Minute Networking and Exhibitor Break*
	Track 1	Track 2	Track 3
2:15 - 3:00 PM	Case Study: Five Objections to FAIR and How to Overcome Them Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix Prashanthi Koutha, Senior Risk Engineer, Netflix	Case Study: Harnessing The Voltage Effect to Scale our FAIR Risk Programs Zach Cossairt, Information Risk Program Manager, Equinix	Fireside Chat: A Legislative and Policy Update on Cybersecurity and Risk Management Moderator: Larry Clinton, President, ISA Mark Montgomery, Executive Director, CyberSolarium.org Frank Cilluffo, Distinguished Advisor, CSC 2.0
3:00 - 3:30 PM	*30-Minute Networking and Exhibitor Break*
3:30 - 4:15 PM	Case Study: Embedding CRQ in the Infosec Governance Process of a Fast-Growing Pop Culture Retail Organization Markus Kaufmann, CISO, Senior Director of Information Security, Funko Tom Callaghan, Co-Founder, C-Risk	Case Study: Scaling FAIR for M&A and Beyond: Combining Bottom-Up and Top-Down Approaches Cedric de Carvalho, Head of Group Cyber Risk & Advisory, Richemont	Presentation: Trends in Determining Systemic Cyber Risk for the Financial Services Industry Matthew Tolbert, Senior Cybersecurity Specialist, United States Federal Reserve
4:15 - 5:00 PM	Presentation: Unveiling the IRIS 2022: Bigger Scale, Greater Depth, and More Data for Your CRQ Program Wade Baker, Partner, Cyentia Institute David Severski, Senior Security Data Scientist, Cyentia Institute		Presentation: Justifying the Value of Cybersecurity to the Business with Highmark Health and the BOSITE Framework Omar Khawaja, CISO, Highmark Health
6:00 - 9:00 PM	Social Event The Grille, at the Wharf 99 Market Square SW, Washington, D.C., DC 20024

Conference Day 2 - Wednesday, September 28

All Times in EDT (UTC−04:00)
7:30 - 9:00 AM	Registration and Breakfast
9:00 - 9:45 AM	Welcome and Keynote Address Trusting Risk-Informed Decisions Jack Jones, Chairman, FAIR Institute
9:45 - 10:45 AM	Panel: Communicating Cyber Risk to the Board and the Business: How Is It Changing? Moderator: Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Services, IBM James Lam, Board Director & ERM Author Michael Meis, Associate CISO, KU Health Evan Wheeler, Sr. Director, Technology Risk Management, Capital One
10:45 AM - 11:15 AM	*30-Minute Networking and Exhibitor Break*
11:15 AM - 12:00 PM	Presentation: Managing Cyber Risk as a Strategic Enterprise Risk John Button, Principal Enterprise Risk Advisor, Gartner

12:00 - 1:45 PM	2022 FAIR Awards Ceremony and Luncheon
--	Track 1	Track 2	Track 3
1:45 - 2:30 PM	Presentation: Expedia Groups’ Approach to Build an Effective Security Risk Management Program using FAIR Krishna Sheshabhattar, Director, Security, Risk, and Compliance, Expedia Group Randy Spusta, Global Competency Leader, Security Strategy Risk & Compliance Practice, IBM Security	Case Study: Quantifying the Control and Risk Landscape Using FAIR-CAM Tyler Britton, Quantitative Cyber Risk Manager, DropBox	Fireside Chat: What the Revised SEC Guidance on Cyber Risk Disclosures Means for You David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC Kristy Littman, Fmr. Chief of Enforcement - Cyber Unit, SEC
2:30 - 3:15 PM	Presentation: Scaling FAIR for Third Party Risk Management Bob Maley, Chief Security Officer, Black Kite	Case Study: Refining the “R” in GRC at Scale Michael Radigan, Cyber Risk Advisor, Cisco	Presentation: Risk Quantification for Practitioners Kyle Burk, CISO, Archer
3:15 - 3:45 PM	*30-Minute Networking and Exhibitor Break*
3:45 - 4:30 PM	Case Study: Building a Strong Foundation for your Quantitative Risk Management Program Tim Wynkoop, Sr. Information Security Risk Engineer, Equinix	Panel: Scaling a Quantitative Risk Management Program Andrew Retrum, Managing Director, US Security Program & Strategy Practice Lead, Protiviti David Severski, Senior Security Data Scientist, Cyentia Institute Matt Kruse, VP Corporate Programs, FIS Global Tim Kelly, Senior Manager, Protiviti	Panel: CIS, NIST 800-53, ISO27000 - Mapping Leading Control Frameworks to FAIR-CAM™ Moderator: Jack Jones, Chairman, FAIR Institute Daniel Stone, Associate Director, Security & Privacy, Protiviti Erin Macuga, Manager Risk and Information Security, Thrivent Financial Robert Immella, Global Leader of Cyber Risk Quantification, Caterpillar Inc Tyler Britton, Quantitative Cyber Risk Manager, DropBox Drew Brown, Information System Security Developer, FAA
4:30 - 5:00 PM	Closing Remarks with Jack Jones, Chairman, FAIR Institute and Derek Johnson, Senior Reporter, SC Media

RiskLens Customer Day - Thursday, September 29

FAIR Institute Technical Advisor is hosting a half-day event post-FAIRCON22 for their customers to discuss advancements in technologies and share success stories.

This event is by invitation only. Please reach out to your Customer Success representative for more information and to secure a space at the event.

The half day event will run from 9 AM -12 PM ET, Thursday, September 29. Breakfast and lunch will be included. There is no additional cost for the event outside of your regular FAIRCON22 ticket.

Any questions, please reach out to Luke Bader, lbader@fairinstitute.org.