FAIR Institute Seminar at RSAC25

Tuesday, April 29 | Moscone South 312
Two Sessions: 8:30-10:25 AM & 10:35 AM-12:30 PM PT 

This seminar offers a comprehensive exploration of modern cyber risk management, providing industry professionals with critical insights into quantitative risk analysis and management strategies. In Part 1 led by experts Jack Jones, author of the FAIR™ Model and Tony Martin-Vegue, Technology Risk Management, Netflix, this seminar delves into the Factor Analysis of Information Risk (FAIR™) framework, showcasing its transformative potential in understanding and mitigating cyber risks.

In Part 2, expand on the theoretical foundations and learn from real-world case studies where you will gain a deep understanding of how organizations like are operationalizing advanced cyber risk quantification and management approaches. With presentations by Michelle Griffith, VP, Security GRC, IHG and Mark Tomallo, CISO, Victoria’s Secret.

Managing Cyber Risk at the Speed of the Business

Wednesday, April 30 | Westin St. Francis San Francisco | 8:00 - 9:30 AM PM

Attending RSAC25 and looking to build a cyber risk management program that can help you measure and manage cyber risk from the business perspective, in financial terms?

Join us at the FAIR Institute Breakfast Meeting, sponsored by Technical Advisor, Safe Security, to hear how many of the world largest organizations developed quantitative cyber risk management programs that actually work.

This event will showcase how FAIR™ programs are revolutionizing cyber risk business decisions by providing clear bottom-line impact analysis and cost-effectiveness metrics. Attendees will be able to:

• Gain deep insights into emerging best practices for business-centric cyber risk management
• Discover and explore cutting-edge tools and solutions
• Connect and Network with leading FAIR™ solution providers and implementers

Meet and Greet with Jack Jones, Author of the FAIR Model and FAIR-CAM; Chairman Emeritus, FAIR Institute 

Wednesday, April 30 | Moscone South Booth #2167 | 11:30 AM PT

Following the Institute's Breakfast Meeting, head back to the Moscone Center South Hall, Booth 2167 to meet and chat with Jack Jones! 

Bring your FAIR Book to get it autographed by the author himself and get a picture for LinkedIn.

Institute Staff will be onsite to answer any questions you have about membership, education, events, and research and standards.

Together, we will continue our quest to help better manage cyber risk!

FAIR TPRM Specialization Training Course 

Dates: May 19–23, 2025
Time: 11:00 AM – 1:00 PM EDT (Daily, Virtual via FAIR Academy)

This five-day virtual course is designed for professionals who support or manage Third-Party Risk Management (TPRM) programs and want to shift from a traditional compliance-based approach to a risk-based strategy using the FAIR™ (Factor Analysis of Information Risk) methodology.

Through instructor-led training, real-world examples, and hands-on scenario practice, students will learn how to quantify third-party cyber risk using FAIR’s principles of probable loss frequency and magnitude. The course focuses on embedding FAIR into the TPRM lifecycle—from vendor intake to assessment and risk treatment—helping organizations make more informed, value-driven decisions about their vendors.

Managing Cyber Risk at the Speed of the Business

Thursday, June 5 | Leonardo Royal Hotel London City | London, UK

In today’s fast-paced digital landscape, cybersecurity and risk leaders must keep up with the speed of business. The 2025 European FAIR Institute Summit brings together CISOs, CIOs, and cyber risk experts for a focused, one-day event on managing cyber risk with business-aligned precision.

Through expert-led panels, case studies, and how-to sessions, attendees will explore applying the FAIR (Factor Analysis of Information Risk) Cyber Risk Management framework to strengthen decision-making, optimize security investments, and effectively communicate risk in financial terms.

Key topics will include:

• Aligning cybersecurity investments to business risk
• Managing AI risk and using AI to manage risk
• Ensuring cyber resilience and managing third-party risk
• Cyber risk management as a scalable system