LEARN MORE AND REGISTER FOR FAIRCON22
 

FAIRCON22 Program

 

Pre-Conference Training - Day 1 - Sunday, September 25

All Times in EDT
(UTC−04:00)

   
8:00 - 9:00 AM

Registration and Breakfast

9:00 AM - 12:00 PM

FAIR Analysis Fundamentals - Day 1

  • Introductions with Course Overview
  • Intro to Risk Analysis and FAIR
  • Basic Risk Concepts
12:00 - 1:00 PM

Lunch

1:00 - 5:00 PM

FAIR Analysis Fundamentals - Day 1

  • Terminology
  • The FAIR Model
  • Measurements

Pre-Conference Training - Day 2 - Monday, September 26

All Times in EDT
(UTC−04:00)

     
7:30 - 9:00 AM

Registration and Breakfast

9:00 - 12:00 AM

FAIR Analysis Fundamentals - Day 2

  • Analysis Process
  • Results Interpretation

Calibrated Probability Assessments for Cybersecurity by Hubbard Decision Research

Part 1 - Personal Calibration Exercises

12:00 - 1:00 PM

Lunch

1:00 - 5:00 PM

FAIR Analysis Fundamentals - Day 2

  • Case Study 1 - As a group
  • Case Study 2 - Small group breakout

 

Calibrated Probability Assessments for Cybersecurityby Hubbard Decision Research

Part 2 - Advanced Calibration

Effectively Reporting and Communication FAIR Results

FAIR Lab Session

Need for Speed

FAIR Lab Session

 

Conference Day 1 - Tuesday, September 27

All Times in EDT
(UTC−04:00)

   
7:30 - 9:00 AM

Registration and Breakfast

9:00 - 10:00 AM

Welcome Remarks and Opening Keynote

How Risk Economics can Help Us Win the Battle in Cyberspace

Larry Clinton, President, ISA

10:00 - 10:45 AM

Panel: Driving Culture Change - From a Compliance to a Risk-based Approach to Cybersecurity

Moderator: Omar Khawaja, CISO, Highmark Health

Mark Tomallo, SVP, CISO, Victoria’s Secret
Mary Elizabeth Faulkner, CISO, Thrivent Financial
Jeff Norem, Deputy CISO, Freddie Mac

10:45 - 11:15 PM

30-Minute Networking and Exhibitor Break

11:15 AM - 12:00 PM

Presentation: Subjective Judgements: Outperforming Your Current Best Experts

Douglas Hubbard, President, Hubbard Decision Research

12:00 - 1:00 PM

Lunch and Exhibitor Break

-- Track 1  Track 2

 

1:00 - 1:45 PM

Case Study: “FAIR: Okay, Now What?” - Steps to Set Up a Quantitative Risk Management Program at Any Organization

Michael Meis, Associate CISO, KU Health

Presentation: How to Scale FAIR Programs with Controls Analytics

Bryan Smith, CTO, RiskLens 

Jack Jones, Chairman FAIR Institute, Chief Risk Scientist RiskLens


 

1:45 - 2:15 PM

30-Minute Networking and Exhibitor Break

 

 Track 1

 Track 2

Track 3

 

2:15 - 3:00 PM

Case Study: Five Objections to FAIR and How to Overcome Them

Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix

Prashanthi Koutha, Senior Risk Engineer, Netflix

Case Study: Harnessing The Voltage Effect to Scale our FAIR Risk Programs

Zach Cossairt, Information Risk Program Manager, Equinix

 

Fireside Chat: A Legislative and Policy Update on Cybersecurity and Risk Management

Moderator: Larry Clinton, President, ISA

Mark Montgomery, Executive Director, CyberSolarium.org

Frank Cilluffo, Distinguished Advisor, CSC 2.0

3:00 - 3:30 PM

30-Minute Networking and Exhibitor Break

 

3:30 - 4:15 PM

Case Study: Embedding CRQ in the Infosec Governance Process of a Fast-Growing Pop Culture Retail Organization

Markus Kaufmann, CISO, Senior Director of Information Security, Funko

Tom Callaghan, Co-Founder, C-Risk

Case Study: Combining Bottom-Up and Top-Down Approach

Cedric de Carvalho, Head of Group Cyber Risk & Advisory, Richemont

Presentation: Trends in Determining Systemic Cyber Risk for the Financial Services Industry

Matthew Tolbert, Senior Cybersecurity Specialist, United States Federal Reserve

4:15 - 5:00 PM

Presentation: Getting Your Money's Worth: Putting Your Controls Inventory to Work

Marta Palanques, Director of Risk Methodologies, Technology Risk Management, Capital One

PresentationUnveiling the IRIS 2022: Bigger Scale, Greater Depth, and More Data for Your CRQ Program

Wade Baker, Partner, Cyentia Institute

David Severski, Senior Security Data Scientist, Cyentia Institute

Presentation: Justifying the Value of Cybersecurity to the Business with Highmark Health and the BOSITE Framework

Omar Khawaja, CISO, Highmark Health

6:00 - 9:00 PM

Social Event

The Grille, at the Wharf
99 Market Square SW, Washington, D.C., DC 20024

 

 

Conference Day 2 - Wednesday, September 28

All Times in EDT (UTC−04:00)  

7:30 - 9:00 AM

Registration and Breakfast

9:00 - 9:45 AM

Welcome and Keynote Address

Trusting Risk-Informed Decisions

Jack Jones, Chairman, FAIR Institute

 9:45 - 10:45 AM

Panel: Communicating Cyber Risk to the Board and the Business: How Is It Changing?

Moderator: Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Services, IBM

James Lam, Board Director & ERM Author
Michael Meis, Associate CISO, KU Health
Evan Wheeler, Sr. Director, Technology Risk Management, Capital One

10:45 AM - 11:15 AM

30-Minute Networking and Exhibitor Break

11:15 AM - 12:00 PM

Presentation: Managing Cyber Risk as a Strategic Enterprise Risk

John Button, Principal Enterprise Risk Advisor, Gartner

12:00 - 1:45 PM

2022 FAIR Awards Ceremony and Luncheon

-- Track 1 Track 2 Track 3
1:45 - 2:30 PM

PresentationExpedia Groups’ Approach to Build an Effective Security Risk Management Program using FAIR

Krishna Sheshabhattar, Director, Security, Risk, and Compliance, Expedia Group

Randy Spusta, Global Competency Leader, Security Strategy Risk & Compliance Practice, IBM Security

Case Study: Quantifying the Control and Risk Landscape Using FAIR-CAM

Tyler Britton, Quantitative Cyber Risk Manager, DropBox

Fireside Chat: What the Revised SEC Guidance on Cyber Risk Disclosures Means for You

David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC

Kristy Littman, Fmr. Chief of Enforcement - Cyber Unit, SEC

 

2:30 - 3:15 PM

Presentation: Scaling FAIR for Third Party Risk Management

Bob Maley, Chief Security Officer, Black Kite

Case Study: Refining the “R” in GRC at Scale

Michael Radigan, Cyber Risk Advisor, Cisco 

Presentation: Risk Quantification for Practitioners

Kyle Burk, CISO, Archer

3:15 - 3:45 PM

30-Minute Networking and Exhibitor Break

3:45 - 4:30 PM

Case StudyBuilding a Strong Foundation for your Quantitative Risk Management Program

Tim Wynkoop, Sr. Information Security Risk Engineer, Equinix

Panel: Scaling a Quantitative Risk Management Program

Andrew Retrum, Managing Director, US Security Program & Strategy Practice Lead, Protiviti

David Severski, Senior Security Data Scientist, Cyentia Institute

Matt Kruse, VP Corporate Programs, FIS Global

Tim Kelly, Senior Manager, Protiviti

Panel: CIS, NIST 800-53, ISO27000 - Mapping Leading Control Frameworks to FAIR-CAM™

Moderator: Jack Jones, Chairman, FAIR Institute

Daniel Stone, Associate Director, Security & Privacy, Protiviti

Erin Macuga, Manager Risk and Information Security, Thrivent Financial

Robert Immella, Global Leader of Cyber Risk Quantification, Caterpillar Inc

Tyler Britton, Quantitative Cyber Risk Manager, DropBox

Drew Brown, Information System Security Developer, FAA

4:30 - 5:00 PM

Closing Remarks with Jack Jones, Chairman, FAIR Institute and Derek Johnson, Senior Reporter, SC Media

LEARN MORE AND REGISTER FOR FAIRCON22


RiskLens Customer Day - Thursday, September 29

FAIR Institute Technical Advisor is hosting a half-day event post-FAIRCON22 for their customers to discuss advancements in technologies and share success stories.  

This event is by invitation only.  Please reach out to your Customer Success representative for more information and to secure a space at the event. 

The half day event will run from 9 AM -12 PM ET, Thursday, September 29. Breakfast and lunch will be included. There is no additional cost for the event outside of your regular FAIRCON22 ticket. 

Any questions, please reach out to Luke Bader, lbader@fairinstitute.org