Pre-Conference Training - Day 1 - Sunday, October 15

All Times in EDT

8:00 - 9:00 AM

Registration and Breakfast

9:00 AM - 12:00 PM

FAIR Analysis Fundamentals - Day 1

  • Introductions with Course Overview
  • Intro to Risk Analysis and FAIR™
  • Basic Risk Concepts
12:00 - 1:00 PM


1:00 - 5:00 PM

FAIR Analysis Fundamentals - Day 1

  • Terminology
  • The FAIR™ Model
  • Measurements

Pre-Conference Training - Day 2 - Monday, October 16

All Times in EDT

7:30 - 9:00 AM

Registration and Breakfast

9:00 - 12:00 AM

FAIR Analysis Fundamentals - Day 2

  • Analysis Process
  • Results Interpretation

Calibrated Probability Assessments for Cybersecurity by Hubbard Decision Research

Part 1 - Personal Calibration Exercises


 Analyzing AI Risk with FAIR™

FAIR Institute Lab Session

*Begins at 8 AM


12:00 - 1:00 PM


1:00 - 5:00 PM

FAIR Analysis Fundamentals - Day 2

  • Case Study 1 - As a group
  • Case Study 2 - Small group breakout


Calibrated Probability Assessments for Cybersecurity by Hubbard Decision Research

Part 2 - Advanced Calibration

Communicating FAIR™ Results to Non-technical Stakeholders

FAIR Institute Lab Session

Through the FAIR-CAM™ Looking Glass -
4 hr Workshop

Jack Jones, Chairman, FAIR Institute

6:00 - 8:00 PM

Welcome Reception
Fairmont Hotel

CISO Dinner (by invitation only)
Four Seasons Hotel


Conference Day 1 - Tuesday, October 17

All Times in EDT

7:30 - 9:00 AM

Registration and Breakfast

9:00 - 10:00 AM

Welcome Remarks & Main Insights form the New Annual Cyber Risk Report 

Nick Sanna, Founder, FAIR Institute & David Burg, Cybersecurity Leader, EY

Keynote Address

Navigating the Confluence of Cybersecurity and AI: Mitigating Risks for the Future

Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA

10:00 - 10:45 AM

Panel: What Models Do We Need to Improve Risk Management in the 21st Century?

Moderator: Robert Rodriquez, Chairman and Founder, SINET

Jennifer Buckner, SVP Technology Risk Management, Mastercard

10:45 - 11:15 PM

30-Minute Networking and Exhibitor Break

11:15 AM - 12:00 PM

Presentation: Connecting Cyber Risk Assessment to Integrated Decision Management

Douglas Hubbard, President, Hubbard Decision Research

Sponsor Session: Case Study on Leveraging Risk Quantification to Build An Integrated Risk Management Program 

Damian Apone, Director, Global Director, Governance, Risk & Compliance, Genuine Parts Company

Chris Correia, Associate Partner, IBM

Presentation: Managing the Opportunities and the Risk of AI at Capital One

Pablo Salazar, Managing Vice President, Technology Risk Management, Capital One

12:00 - 1:00 PM

Lunch and Exhibitor Break

-- Track 1
Track 2
Track 3
CISO/C-Level Only


1:00 - 1:45 PM

Presentation: Winning Over The Doubters - Cutting Through Complexity to Exceed Stakeholder Expectations

Robert Moore, Vice President, Technology Risk, Mastercard

Tom Callaghan, Co-Founder, C-Risk

Presentation: Is It Raining Risk? What Data says about Cyber Risk in the Cloud 

Wade Baker, Partner, Cyentia Institute

Panel and Roundtable: The Evolving Role of the CISO as a Business Leader

Moderator: Christopher Porter, CISO, Fannie Mae

Vikrant Arora, CISO, HSS (Hospital for Special Surgery)

Mary Elizabeth Faulkner, CISO, Thrivent

Mark Tomallo, CISO, Victoria's Secret

1:45 - 2:15 PM

30-Minute Networking and Exhibitor Break


2:15 - 3:00 PM

Presentation: The Annual Cyber Risk Report

Presentation & Panel: How to Re-think Third-Party Risk with FAIR-TAM™?

Moderator: Pankaj Goyal, Director, Standards & Research, FAIR Institute

Sarah Sullivan, Director IS&T Security Performance, Thomas Jefferson University Hospitals

Workshop: Managing Generative AI Risk

Facilitator: Omar Khawaja, Field CISO Databricks, Board Member, Faculty Carnegie Mellon University

3:00 - 3:30 PM

30-Minute Networking and Exhibitor Break


3:30 - 4:15 PM

Presentation: The CRQ Program Development Lifecycle

Zach Cossairt, Integrated Risk Program Senior Manager, Equinix

Jon Oppenhuis, Director, Risk Strategy and Success, Safe Security

Sponsor Session: Using Cyber Risk Intelligence to Scale FAIR Assessments

John Feezell,
Assoc. Director, Security Counseling, Kyndryl

Bob Maley,
Chief Security Officer, Black Kite

Workshop: Managing Generative AI Risk (Cont'd)

Facilitator: Omar Khawaja, Field CISO Databricks, Board Member, Faculty Carnegie Mellon University

4:15 - 5:00 PM

Sponsor Session: Scenario Planning for Effect - A Case Study

Aaron McKay, Cybersecurity Engineer, SCRAM Systems

Jack Whitsitt, Director of CRQ, Ostrich Cyber

Case Study: Measuring real life Cyber Attacks on Enterprise Networks

Christian Ellerhold, Lead Principle Engineer, Cyber Risk Management, Infineon Technologies

6:00 - 9:00 PM

Social Event - Awards Gala Reception



Conference Day 2 - Wednesday, October 18

All Times in EDT (UTC−04:00)        

7:30 - 9:00 AM

Registration and Breakfast




9:00 - 9:45 AM

Keynote: The Future of Risk Analysis in an AI and Automation World

Jack Jones, Chairman, FAIR Institute




 9:45 - 10:45 AM

Roundtable Discussion: How to Get Ready for the New SEC Rule on Cybersecurity

Moderator: Cody Scott, Security & Risk, Forrester Research

David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC

Suja Chandrasekaran, Board Member, Cardinal Health

Kurt John, Chief Security Officer, Expedia Group

Richard Borden, Cybersecurity and Privacy Partner, Frankfurt, Kurnit, Klein, & Selz




10:45 - 11:15 AM

30-Minute Networking and Exhibitor Break




11:15 AM - 12:00 PM

Panel: How is the Discussion About Cyber Risk Changing at the Board Level?

Moderator: Larry Clinton, President, Internet Security Alliance (ISA)

Elias Oxendine IV, CISO, Yum! Brands

Kevin McCarty, CISO - US Healthcare, Cigna

Kris Lovejoy, Board Member, Dominion Energy; SVP, Global Practice Leader, Security & Resilience, Kyndryl

David Burg, Americas Cybersecurity Leader, EY

Case Study: Modeling the Risk of Ransomware using FAIR™ and MITRE ATT&CK

Jon Baker, Co-founder and Director, Center for Threat-Informed Defense

Vidit Baxi, CISO, Safe Security

Presentation: Improving Cyber Visibility and Decision-Making at Maersk

Neil Davis, Head of Cyber Risk Management, Maersk




12:00 - 1:00 PM

Networking Lunch and Exhibitor Break

-- Track 1
Track 2
FAIR Model Extensions
Track 3
1:00 - 1:45 PM

Presentation: Quantifying Multi-Product Security and Privacy AI Risk with FAIR and NIST AI RMF

Tyler Britton, Security Engineer, Dropbox

Taylor Maze, Risk & Governance Manager, Dropbox

Presentation: Introducing FAIR-MAM™ - A Comprehensive Approach to Loss Modeling in FAIR™

Tom Macphee, Cyber Risk Senior Manager, Cigna

Filippo Curti, Financial Economist, Federal Reserve Board of Richmond

Erica Eager, Senior Director, Risk Quantification, Safe Security

Panel: Challenges and Opportunities of Moving to Quantitative Risk Management in ERM

Moderator: Evan Wheeler, Senior Director, Technology Risk Management, Capital One

Ted Webster, Chief Security and Privacy Officer, Centene

Ramesh Sepehrrad, Head of Cyber and Technology Risk, Navy Federal Credit Union

Evan Sekeris, Head of Non-Financial Risk - Americas, MUFG

Monica Khurana, CTO, Dodge & Cox

1:45 - 2:30 PM

Presentation: Latest Research on AI Risk Modeling

Brandon Sloane, AI Governance, Meta

Pankaj Goyal, Director, Standards & Research, FAIR Institute

Case Study: Patch Prioritization with FAIR-CAM™

Denny Wan, Chair, Sydney Chapter, FAIR-CAM Workgroup, FAIR Institute

John Linford, Forum Director, The Open Group

Sasha Romanosky, Senior Policy Researcher, RAND

Panel: To Cyber Insure or Self Insure? That is the Question

Moderator: Monica Shokrai, Head of Actuarial. Analytics and Systems, Alphabet Business Risk and Insurance

Tom Srail, EVP Cyber Risk, Willis Tower Watson

Brandon Pinzon, SVP, Chief Security Officer, Argo Group Insurance

Arturo Perez-Reyes, Strategist, SVP, Cyber and Technology, Newfront

Mayur Patel, VP, Senior Cyber Underwriter, Munich Re

2:30 - 3:00 PM

30-Minute Networking and Exhibitor Break

3:00 - 3:45 PM

Case StudyUsing the FAIR Model for AI Risk-Based Accountability

Luis Enriquez, Professor at Université de Lille (France), and Universidad Andina Simón Bolivar (Ecuador)

Presentation: Measuring Controls Effectiveness and Risk with FAIR-CAM™

Tyler Britton, Security Engineer, Dropbox

Bryan Smith, VP Product Management, Safe Security

Presentation: The State of the CRQ Market Planning for Effect - A Case Study

Cody Scott, Sr. Analyst, Security & Risk, Forrester Research 

3:45 - 4:30 PM

Case Study: Deriving Probability Distributions with Pairwise Relative Comparisons

Ernest Forman, Professor, George Washington University


Panel: The Rising Ambition of Cyber Risk Management Programs

Meena Martin, VP, Cyber Risk and Assurance, GSK

Daniel Phillips, Security Risk Management Lead, Meta

4:30 - 5:00 PM

Closing Remarks 


Safe Security Customer Day - Thursday, October 19

FAIR Institute Technical Advisor is hosting a half-day event post-FAIRCON22 for their customers to discuss advancements in technologies and share success stories.  

This event is by invitation only.  Please reach out to your Customer Success representative for more information and to secure a space at the event. 

The half day event will run from 9 AM - 1 PM ET, Thursday, October 19. Breakfast and lunch will be included. There is no additional cost for the event outside of your regular FAIRCON22 ticket. 

Any questions, please reach out to Luke Bader,