Never Miss An Episode | Subscribe Now
Shows
ShopAboutWork With Us
Never Miss An Episode | Subscribe Now

May 19, 2021

Measuring Risk w/ Richard Seiersen

by Cyber Ranch

Listen Now

test
Measuring Risk w/ Richard Seiersen

May 19, 2021 Cyber Ranch

00:00:00

Show Notes

Today we talk with Richard Seiersen, co-author of “How to Measure Anything in Cybersecurity Risk”. Richard shared that at his first CISO position, he was challenged with addressing prioritization of risk, which led to his authoring a book with Doug Hubbard. What can cyber learn from older risk disciplines? The life table used broadly to measure time-to-event data goes back 500 years. Businesses keep falling back to the classic 5x5 "likelihood and impact" matrix which is an inconsistent, non-math-based method. Without math it is really just casting spells in the board room. There are no ratios or explanation of differences, for example. CISOs are called upon to make a bet about something. We will use subject matter expert opinions, and can make them measurably better. Consistency is key. Wild guesses can still help constrain the forecast. There are existing models in cyber such as FAIR that provide a more mathematically applied approach. Statistics came about because people needed to make bets with limited data. Dirty data can be worked with. Embracing uncertainty is okay. Executives are actually very used to uncertainty. Cybersecurity as a practice is in its adolescence with a high mortality risk. We need to adopt the grammar of science. Key Takeaways 0:25 Richard is introduced 1:20 Richard talks about his cyber journey and his day job 3:02 Book talk 5:19 What can cyber learn from older style risk tactics 8:04 5x5 risk matrix 10:05 Improving accuracy 17:00 Gathering an accurate view 19:20 Monte Carlo simulations 22:04 The belief 25:17 Board-ready presentations 26:58 What keeps Richard going in cyber security 28:09 Why statistics were invented Links: Learn more about Richard Seiersen on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius
Read more

Recent Episodes

View All

May 31, 2023

1% Leadership with Andy Ellis

by Cyber Ranch

This week's show is exciting because Allan has been waiting for Andy's book on leadership to come out for quite some time.  The book is called “1% Leadership – Master The Small, Daily Improvements That Set Great Leaders Apart”, and it consists of 54 ...

Listen Now
May 24, 2023

Will LLM AI Close The Bad Guys’ Skills Gap? with Adrian Sanabria

by Cyber Ranch

This episode is a bit scary.  Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side. Pre...

Listen Now
May 22, 2023

RSAC 2023 SPECIAL EDITION Campfire Chats - Part 1

by Cyber Ranch

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include: Chris Kennedy, CISO @ Citadel Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group Reet  Kaur, CISO @ Portland C...

Listen Now
May 17, 2023

Two Founder CEOs with Merav Bahat and Mickey Bresman

by Cyber Ranch

Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis. Dazz has completed a Series A investment round.  Semperis a S...

Listen Now
May 10, 2023

Security Chaos Engineering with Kelly Shortridge

by Cyber Ranch

What is security chaos engineering?  You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity.  Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sust...

Listen Now
May 3, 2023

The 9-Layer Cybersecurity Program Cake with Bryan Liebert

by Cyber Ranch

Bryan Liebert is one smart cookie.  Who bakes cybersecurity cakes.  But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity.  His specialty is creating simple to digest (we could not help it, sorr...

Listen Now
April 26, 2023

Four Problems with Cybersecurity with Adrian Wright

by Cyber Ranch

Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong: Cybersecurity viewed as a necessary evil, related to The Twilight Zone Ownership, Authority, Accountability: Invent...

Listen Now
April 24, 2023

The Cloud and the Big Bang of Data with Cecil Pineda and Gene Moore

by Cyber Ranch

Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas! The topic is data security: its challenges and how to overcome them. Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moo...

Listen Now
April 19, 2023

The Blurring of Personal & Corporate Security with Leigh Honeywell

by Cyber Ranch

We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise.  We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys. ...

Listen Now
April 12, 2023

Design Partnerships with Emily Heath

by Cyber Ranch

Emily Heath is a well-known and well-respected figure in cybersecurity.  She has been a CISO three times in a variety of industries, including software and a major airline.  She has been in law enforcement, is a partner at a VC firm, and serves on bo...

Listen Now