At the annual RSA conference in San Francisco, I facilitated a Peer2Peer session titled Getting Started with a Quantitative Cyber-Risk Program. Peer2Peer sessions are sessions designed for like-minded people to come together and discuss common problems and develop solutions in a friendly environment. I had a great time hosting this year. Below is a recap of the session.Read More
I’m thrilled to announce that my talk, “Incentivizing Better Risk Decisions: Lessons from Rogue Actuaries” has been accepted at the Society of Information Risk Analysis (SIRA) annual conference (SIRAcon 2019).
If you are interested in learning about or advancing risk management techniques, I highly recommend joining SIRA and attending the conference. It’s one of two quant-focused risk conferences (the other being (FAIRcon) in the information/technology/cyber spaces. SIRAcon is vendor neutral and model-neutral - you will find many different points of view and ways of modeling risk.Read More
Woot, my Peer2Peer proposal was accepted at RSA 2019. Peer2Peer sessions are not presentations, but rather facilitated discussions among a small group of participants. I think these are a great way to spark interesting discussion in a friendly atmosphere. I always learn just as much from participants as they learn from me.
Getting Started with a Quantitative Cyber-Risk Program
Join a discussion on implementing a quantitative cyber-risk program, such as Factor Analysis of Information Risk (FAIR), at your company. This discussion will address common questions, such as, where to get data, obtaining management support and the nuts and bolts of performing an analysis.Read More
From April 15–20 2018, the city of San Francisco hosts several simultaneous security conferences. The sub-field of quant, data driven cyber / information security / technology risk and metrics is very small, so I’ve started to compile a list of talks and events that week. To make it on this list, the talk should be about the sub-field described above OR presented by/hosted by someone who is active in that sub-field.Read More
Word clouds are a great way to visualize text, especially on platforms like Twitter where a great amount of people can be talking about one subject. I recently spent the last 6 days at two San Francisco information security conferences: BSides San Francisco and RSA.
BSides this year was February 28–29 and RSA was February 29-March 4. There’s some overlap in attendees, but the talks and the feeling you get from being at the cons couldn’t be more different. BSides is community driven and the talks are mostly by security practitioners; RSA has a trade-show feel and most talks are conducted by people that work for security vendors.
I was curious about what words showed up most in tweets with the hashtags #BSidesSF and #RSAC and see how different or alike they were. I used the twitteR and wordcloud packages in R to generate these images.
and here’s #RSAC:
People were definitely tweeting about different things; BSides attendees generally had more positive language and tweeted about presenters. RSA attendees tweeted about keynote speakers (like Sean Penn) and contained a lot of retweets mentions. I am also not surprised the word “booth” was a top keyword in #RSAC, from vendors tweeting out “Come to our booth and get a free pen!”
It was interesting to see the similarities and differences. Let me know what you think.
Have you ever wanted to get in a time machine and go back to when security industry visionaries were just starting out? Imagine meeting Martin Roesch when he was writing the first version of Snort or Bruce Schneier as he was just putting his ideas down for Applied Cryptography. I don’t have a DeLorean, but I can do the next best thing. I can take you to a place where tomorrow’s thinkers are forming their ideas and honing presentation skills, today.Read More
One of the world’s largest security conferences, RSA 2015, is right around the corner. Beginning April 19, it’s bookended by two other great, but smaller, events: BSides and the Yahoo Privacy Unconference. Security professionals from all over the world will be in San Francisco that week, and this will arguably be the single best chance all year for those of us in the industry to network.Read More