SV ISSA Logo (www.sv-issa.org) 

When

Tuesday, February 21, 2023 from 5:00 PM to 9:00 PM PST
Add to Calendar 

Agenda
5:00 PM Networking
5:45 PM ISSA Announcements
6:00 PM Panel
7 - 9 PM Dinner & Drinks

Where

Microsoft 
1045 La Avenida Street
Mountain View, CA 94043  

Identification and proof of vaccination or a negative COVID-19 test will be required by Microsoft for entry.
 
Driving Directions 

Sponsored by

 

Online hosting by
 

Contact

Michelle Koblas, Board Member, Silicon Valley Chapter of the ISSA 
The Silicon Valley ISSA 
 
communicationsdirector@sv-issa.org 
Join My Mailing List

February 2023 Chapter Meeting

The Need to Understand Cyber Risk Quantification (CRQ) to Prioritize Risk

Intent: To bring clarity to Cyber Risk Quantification (CRQ) and evaluate the benefits of prioritizing riskfor business decision-making.

Gartner says it best: “Faced with increasing board scrutiny and executive demand for cybersecurityservices, security and risk management (SRM) leaders are turning to cyber-risk quantification (CRQ) tocommunicate risk, aid enterprise decision making and prioritize cybersecurity risks with greaterprecision.”

Cyber Risk Quantification (CRQ) is a far more advanced way to measure and prioritize risk exposureacross the organization, and then be able to translate and communicate that risk in financial terms tothe board, key stakeholders and third parties like insurers.

CRQ also gives security and risk managers the ability to simulate threat scenarios based on a multitudeof inputs to assign dollar figures to the areas of risk in order to quantify likelihood of both financial andoperational impact.

The threat simulation outcomes enable you to compare options for addressing the risk, measure theacceptability of each outcome, and find the solution with the highest ROI to manage cyber risk. This isthe starting point for the ability to make cybersecurity decisions not in a vacuum but as part of overallbusiness decisions.

The Business Benefits of a Cyber Risk Quantification (CRQ) Solution

  • Maintain Brand Reputation
  • Prioritize Security Budget
  • Communicate Risk Posture to the Board, Stakeholders and Third Parties
  • Lower Cyber Insurance Premiums with accurate risk calculation
  • Measure the ROI and effectiveness of your cybersecurity program

      

Moderator - Mike Skurko

VP of the Silicon Valley Chapter of the ISSA

 Founder and principal consultant at PRE Consulting Inc. He's an active Board Member and the VP of the Silicon Valley Chapter of the ISSA where he is responsible for bringing in industry speakers and sponsors for the chapter. Mike is an information security professional with over 15 years of experience in early-phase cybersecurity startups. PRE Consulting, Inc. creates sales solutions globally and connects security solutions and practitioners with end-user customers in the SMB up to the Fortune 500. Additionally, he's a mentor and advisor to angel and seed-funded startups in the cybersecurity space. Mike is an active member of the community and has led and participated in panels ranging from CAMP IT in Chicago to FutureCon throughout the Americas, and various security events in the Tokyo Metropolitan region. Mike was raised in Tokyo and continues to pursue "a lifetime of learning and *re-learning* the Japanese language." Beyond language and cyber security, he's on the Board of Directors of the San Francisco Independent Film Festival.

Greg Spicer, Co-Founder, Ostrich

 Greg Spicer is the Co-Founder of Ostrich Cyber-Risk.  Greg has several years of experience in cybersecurity, working with organizations to provide solutions to their cybersecurity challenges.  He has worked in many sectors, including Legal, Finance, Insurance, Manufacturing, and Healthcare.  He was most recently CRO of Braintrace, a Salt Lake City MDR provider, before their successful sale to Sophos in July 2021.  

Greg is a thought leader in the Cyber Risk Management and Cyber Risk Quantification (CRQ) spaces, speaking and moderating panels for ISSA, ISACA, ILTA and other cybersecurity events nationwide.

Kate Kuehn, Chief Trust Officer, Aon

Kate Kuehn has been an active thought leader in Security & Advanced Network Technologies for over 20 years. As the Chief Trust Officer (CTrO) for cyber security at Aon, she aligns global cyber initiatives with internal practice and policy to drive trust, transformation, and risk mitigation internally, with clients, and within the entire cyber community.

Early in her career, she had been given the opportunity to work with and lead some of the most innovative technologies that have shaped our industries. She led some of the industry’s first projects in DDOS, Ethernet as a network (CPA), SaaS and IaaS, and was on the front line with some of the earliest attacks against the financial services markets. Kate has purposely executed multiple roles across her career from CISO, CEO, Board of Director, Advisor, strategic business development / alliances, leading sales and engineering teams, and now as a CTrO (Chief Trust Officer). Before her role at Aon, she has worked for companies including vArmour, Senseon, BT Group plc, and Verizon. The culmination of her experience ensures Kate always brings expertise and a fresh perspective on emerging trends within cybersecurity.

Kate has two main passions in life: bleeding-edge technology that helps secure our world and developing world-class people and companies. Kate is a trusted advisor in the industry and holds positions on several boards including Redshield and Cybermainacs. She is currently an Advisory Board Member for vArmour, Senseon, rThreat, and Net Thunder. She was also recently appointed to the IEEE steering committee for Cyber Security, and collaborates regularly with ISSA, SINET & WSTA.

In addition to professional endeavors, Kate loves to give back to her community. She is active in a number of STEM initiatives including CORNCON, the Docent Group and the University of California, Berkeley. Kate also spends time as a volleyball coach at her children’s school.

 Ira Winkler, Field CISO CYE Security & Author

Ira Winkler, CISSP is the Field CISO for CYE Security and author of You Can Stop Stupid, Security Awareness for Dummies, and Advanced Persistent Security.  He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media.  He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure.  He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs.  Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader. Most recently, Ira was named 2021 Top Cybersecurity Leader by Security Magazine.