How to Manage and Communicate Cyber Risk in Business Terms - Association Seminar at RSAC21
Video with Slides
Here is the FAIR Institute's 3-part seminar on the business benefits of cyber risk quantification at RSA Conference 2021. All are welcome to listen into the seminar to be guided through an expert-led series that provides reasons why the industry has evolved toward quantitative methods, as well as the challenges and practical solutions for leveraging these methods. Viewers will be front row for an application session on running a quantitative analysis with FAIR.
Video recording and slide deck available below.
Jack Jones has worked in information security for over 35 years, serving as a CISO with three different companies, including a Fortune 100 company. His work was recognized in 2006 with the ISSA Excellence in the Field of Security Practices award, and in 2012 he received the CSO Compass award. As an Adjunct Professor at Carnegie Mellon University, he teaches in the CRO and CISO executive programs. Jones also created the Factor Analysis of Information Risk(FAIR) model, since adopted as an international standard. Jones is the Chief Risk Scientist at RiskLens and Chairman of the FAIR Institute, an award-winning global non-profit organization. He also co-authored a book entitled Measuring and Managing Information Risk: a FAIR Approach which was inducted into the 2016 Cyber Security Canon.
Sr. Manager, Professional Services
Rebecca works on a team of experienced, critical thinking and customer-focused consultants helping the industry build quantitative risk management programs based on FAIR and RiskLens. She work with customers across industries to educate on FAIR & quantitative risk analysis and design and build risk management programs for the largest companies in the world. Rebecca is a frequent contributor to the risk management industry through blogging, conferences talks, and workshops.
Nicola (Nick) Sanna
Nick is President and Founder of the FAIR Institute and the CEO of RiskLens who is responsible for the definition and the execution of the company strategy. In 2015, Nick championed the creation of the Institute, an expert organization, focused on helping organizations manage information and operational risk from the business perspective. As such, Nick serves as the President of the FAIR Institute to help Risk Officers and CISOs get a seat at the business table by leveraging the FAIR standard.
Vice President and Chief Information Security Officer
Horizon Blue Cross Blue Shield of New Jersey
Damon Becknel is the Chief Information Security Officer for Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) after being promoted from the Director, Information Security Programs for Horizon BCBSNJ. In his former role, he was responsible for Security Risk Management, 3rd Party Risk Assessments, policy governance, coordinating security response for both internal and external audits, awareness, penetration testing, and security portfolio management. Prior to joining Horizon BCBSNJ in 2015, Mr. Becknel spent more than 20 years of active service in the United States Army. While serving his country, he worked in various positions of significant responsibility; leading people and designing, building, maintaining and defending computer systems and networks. Career highlights for Mr. Becknel include leading all efforts to maintain and defend all U.S. Military networks in Southwest Asia in support of Operation Enduring Freedom and Operation Iraqi Freedom, directing all operations for the National Security Agency’s Hunt Division, creating and leading one of the first offensive cyber operations team for the United States Army, leading the Nation’s first military counter-cyber operations team to final operating capability and serving as an Assistant Professor of Computer Science for the United States Military Academy (USMA) in West Point, New York.
Damon graduated from the USMA in West Point, New York where he earned his Bachelor of Science in Computer Engineering and commission as an officer in the United States Army Signal Corps. Mr. Becknel also earned his Master of Science in Electrical and Computer Engineering from Carnegie Mellon University in Pittsburgh, Pennsylvania, where he also interned and conducted research with the Software Engineering Institute’s (SEI) Computer Emergency Response Team (CERT). He maintains the following designations: Certified Information Systems Security Professional (CISSP), GIAC Advanced Penetration Testing (GXPN), GIAC Certified Forensic Analyst (GCFA), and GIAC Certified Incident Handler (GCIH).
Senior Manager – Security & Privacy, Cyber Risk Quantification
George has worked with various organizations in both internal technology leadership roles and consulting, helping drive transformational technology changes to support business objectives and reduce risk through strategic security and privacy program initiatives. He teaches certification review courses for ISACA Chicago and is a board member, as well as President of the FAIR Institute, Chicago Chapter. He is an expert in security & IT, compliance, governance, risk management, controls, network infrastructure, as well as IT and security operations, & CRQ cyber risk quantification using FAIR.
Managing Partner & Vice President, Security Strategy Risk & Compliance Leader, Security Transformation Services
Julian Meyrick is the Managing Partner & Vice President for IBM Security’s worldwide Security Strategy Risk & Compliance practice. Julian helps clients develop their security strategy in the context of the cyber business risk that they face; he has a particular focus on advising boards on the potential business impact of cybersecurity, and on cybersecurity risk quantification in financial terms.
Julian is passionate about attracting talent into the cybersecurity profession and is a member of the UK National Cyber Security Centre’s Industry Advisory Board for their CyberFirst programme. Julian is also IBM’s executive sponsor for the Charter of Trust, a unique initiative by leading global companies to secure the digital world and he is the executive sponsor for IBM’s membership of the Information Security Forum (ISF).
Julian has lectured both at Oxford University's Said Business School and Centre for Doctoral Training on Cybersecurity, and also at Warwick University's MSc Course on CyberSecurity and Management.
Jack began his FAIR journey by spending 4 years building a quantification program at Bank of America. He has recently moved on and is now building his second FAIR Program at Datto. While the two organizations are very different, he is finding commonalities in what works and what doesn’t.
Starting in 2002, his past technical background includes fascinating experiences working in the DHS NCCIC for Idaho National Lab supporting national critical infrastructure incident response, building out a large MSSP SOC, and early open-source security tool development.
Currently on the board of the Society of Information Risk Analysts, he has also helped lead federal public/private partnership efforts to coordinate improved voluntary cyber security in the transportation sector, weighed in on international policy work, and spent several years in the Energy Sector with a non-profit educating utilities on how to best manage information security risk.