I speak on a variety of topics, but my focus areas are: cyber, information and technology risk management; quantitative risk analysis; Factor Analysis of Information Risk (FAIR) and the intersection of economics and security. I'm interested in opportunities to speak at your conference, event, at your company or be on your podcast. Please contact me if you want to discuss an opportunity.
Upcoming talks
Risk Quantification Panel | Chartered Institute of Information Security (CIISEC), Innovation Webinar - August 23, 2021
ISACA/FAIR/SIRA Risk Quantification Roundtable @ ISACA Cyber Virtual Summit - September 22, 2021
FAIR Institute webinar, TBD (September 2021)
Risk Awareness Week - October 11-15, 2021
Past talks
Baby Steps: Easing Your Company Into a Quantitative Risk Program | August 4, 2021 | SIRAcon 2021
Rethinking Risk Response | July 29, 2021 | ISACA Webinar Series
Risk Quantification Panel | July 29, 2021 | Chartered Institute of Information Security (CIISEC), Innovation Webinar
Practical Implications of Managing Cyber Risk in Financial Terms | June 7, 2020 | PRMIA Cyber Risk Forum | Virtual
Building and Running a Quantitative Risk Management Program: Lessons from the Field | May 24, 2021 | ISSA 2021 Central Ohio InfoSec Summit
Incentivizing Better Risk Decisions: Lessons from Rogue Actuaries | February 25, 2021 | Ohio FAIR Institute Chapter | Virtual
Navigating Cyber Risk Quantification | February 24, 2021 | GRC Leadership Series | Virtual
Scaling a FAIR-Based Cyber Risk Management Program at Netflix | September 16, 2020 | RiskLens Webinar Series | Virtual
Breach Impacts – How to Estimate Costs More Accurately | April 2, 2020 | Advisen/Cyentia Webinar | Virtual
How FAIR Analyses Support Decision-Making at Netflix | October 6, 2020 | FAIRcon 2020 | Virtual
Expert Estimation for Risk Analysis: A Debate | August 26, 2020 | SIRAcon 2020 | Virtual
Incentivizing Better Risk Decisions: Lessons from Rogue Actuaries | May 1, 2019 - SIRAcon 2019 | Cincinnati, OH
Getting Started with a Quantitative Cyber-Risk Program | March 8, 2019 | RSA 2019 | San Francisco, CA
How to Lie with Statistics, Information Security Edition | June 2, 2018 | CircleCityCon 5.0 | Indianapolis, IN
Issues of Quantifying Risk around Identity and Access Management | April 18, 2018 | RSA 2018 | San Francisco, CA
Becoming a security bookie: Improving your estimations with calibration | April 18, 2018 | Peerlyst Live | San Francisco, CA
Cybersecurity Aspects of Blockchain and Cryptocurrency | April 11, 2018 | PRMIA 2018 Risk Management and Regulatory Compliance Round Table | San Francisco CA
Crowdsourced Probability Estimates: A Field Guide | February 7, 2018 | SIRAcon 2018 | Seattle, WA
Should I Pay or Should I Go? Game Theory and Ransomware | February 12, 2017 | Security BSides | San Francisco, CA
Ransomware & Game Theory: To Pay, or Not to Pay? | December 03, 2016 | NBTcon | San Francisco, CA
Measuring DDoS Risk with FAIR | October 14, 2016 | FAIRcon 2016 | Charlotte, NC
Can Cyber Extortion Happen to You? Practical Tools for Assessing the Threat | February 20, 2016 | Security BSides | Seattle, WA
How to Lie with Statistics, Information Security Edition | April 20, 2015 | Security BSides | San Francisco, CA
Case Study: eGift Card Fraud | January 29, 2015 | U.S. Secret Service Electronic Crimes Task Force Quarterly Meeting | San Francisco, CA
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling | October 15, 2014 | SF ISACA Fall Conference | San Francisco, CA