May 19, 2021

Measuring Risk w/ Richard Seiersen

by Cyber Ranch

Listen Now

test
Measuring Risk w/ Richard Seiersen

May 19, 2021 Cyber Ranch

00:00:00

Show Notes

Today we talk with Richard Seiersen, co-author of “How to Measure Anything in Cybersecurity Risk”. Richard shared that at his first CISO position, he was challenged with addressing prioritization of risk, which led to his authoring a book with Doug Hubbard. What can cyber learn from older risk disciplines? The life table used broadly to measure time-to-event data goes back 500 years. Businesses keep falling back to the classic 5x5 "likelihood and impact" matrix which is an inconsistent, non-math-based method. Without math it is really just casting spells in the board room. There are no ratios or explanation of differences, for example. CISOs are called upon to make a bet about something. We will use subject matter expert opinions, and can make them measurably better. Consistency is key. Wild guesses can still help constrain the forecast. There are existing models in cyber such as FAIR that provide a more mathematically applied approach. Statistics came about because people needed to make bets with limited data. Dirty data can be worked with. Embracing uncertainty is okay. Executives are actually very used to uncertainty. Cybersecurity as a practice is in its adolescence with a high mortality risk. We need to adopt the grammar of science. Key Takeaways 0:25 Richard is introduced 1:20 Richard talks about his cyber journey and his day job 3:02 Book talk 5:19 What can cyber learn from older style risk tactics 8:04 5x5 risk matrix 10:05 Improving accuracy 17:00 Gathering an accurate view 19:20 Monte Carlo simulations 22:04 The belief 25:17 Board-ready presentations 26:58 What keeps Richard going in cyber security 28:09 Why statistics were invented Links: Learn more about Richard Seiersen on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius
Read more

Recent Episodes

February 1, 2023
by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

January 25, 2023
by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...

January 18, 2023
by Cyber Ranch

This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc.  Another one of Allan's illustrious guests with 25 years in cyber.  (https://www.linkedin.com/in/schawacker/).  The topic started as all that th...

January 11, 2023
by Cyber Ranch

This episode is jam-packed with wisdom that is delivered at a rapid pace.  Some folks will find themselves rewinding and taking notes.  Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to ta...

January 4, 2023
by Cyber Ranch

To celebrate the 100th episode, Allan decided to let the audience participate in the show.  21 people called in and answered a wide variety of questions about cybersecurity.  It is a fantastic show and it is very fun to hear all the different perspec...

December 14, 2022
by Cyber Ranch

This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'?  Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventu...

December 7, 2022
by Cyber Ranch

In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk toleranc...

November 30, 2022
by Cyber Ranch

Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incr...

November 16, 2022
by Cyber Ranch

Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture.  Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-c...

November 9, 2022
by Cyber Ranch

This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes: ...