Upcoming Seminars

  • September 21, 2021

Cybersecurity risk management is a constant struggle of insufficient resources against almost unlimited attackers. What makes a cybersecurity professional successful is balancing attackers with of the right controls protecting the right assets. This is the “Balanced Attacker Model”.

  • September 30, 2021

How do we manage risk in a world of unknowns?

As business leaders and cybersecurity executives, we are expected to know how to see both the forest and the trees. We are expected to have the expertise to know what needs to be done, the experience to make the right decisions, the foresight to know where we will be at the end of the journey, and the consequences if we don’t get there.

The role of the CISO is more than a technologist – it is a strategist, a business leader, a compliance expert, and a governance guru. Today’s top CISOs are risk management experts first, and use all their expertise to solve the most pressing enterprise cybersecurity challenges.

  • Semester: Spring 2022

  • Course ID: TBD

  • Credit Hours: 1

This course will provide an overview of cyber risk management concepts and techniques, and then provide a tangible deep-dive into real-world examples and scenarios. This will be a collaborative and case-based class over the course of the semester. We will walk through a set of risk identification, risk assessment, and risk management for case studies. Discussions will include an overview of cyber risk management frameworks, relevant regulations, and available tools. We will cover the latest thinking in risk-based assessments, including reporting audit issues, and designing internal controls. We will then cover risk management with governance models including the three lines of defense, and risk management techniques.


  • January 25, 2022

Risk assessments are critical to effective risk management, reporting audit issues, and designing internal controls. Good risk assessment practices are an important component of an effective internal audit function, making sure resources are used in alignment and support of its mission within the organization. This module will discuss the importance of risk assessment to the ERM program and the Chief Risk Officer in risk governance and management.

Past Seminars

  • August 26, 2021

This virtual cybersecurity symposium will bring together key stakeholders to strengthen collaboration on cybersecurity strategies and teach attendees industry best practices while learning about trending cyber-threats through panel discussions and interactive exercises.

October 30, 2019 at 1:45 PM

Orlando, FL

Risk exposure is a perpetual challenge to model and communicate; especially to stakeholders outside of the risk management discipline. Gamification has proven to be a useful mechanism to get teams aligned with a shared objective. Come play a game with us as we unleash a terrible "what-if" doomsday machine—in the form of a card game. We will explore potentially thousands of cyber-loss scenarios—from insider threats to malware meltdowns—and gamify the impact on organizations. This model has been taught to hundreds of students at the Carnegie Mellon University Executive CISO Program, where the model is changing the risk conversation at many forward-leaning organizations

October 2, 2019 at 1:40PM

Austin, TX

How do you lead teams to solve complex problems? Sometimes stupid is smart, and we can learn a lot from an ant. This talk provides an overview of the power of emergence, then we apply this method to an interactive team exercise for cybersecurity threat modeling.

Thursday, Mar 07, 2019 | 02:00 P.M. - 04:00 P.M.

San Francisco, CA

Join us as we unleash a terrible “what-if” doomsday machine—in the form of a card game—and explore 4,000 potential cyber-loss scenarios. This model is changing the risk conversation at many forward-leaning organizations. Come early to get a free card deck to bring back and expand visibility into your own risk universe.

(ISC)2 Security World Congress

October 9, 2018 at 10:30AM

New Orleans, LA

Security and risk executives are sometimes expected to see into the future. A seasoned practitioner has an innate intuition, yet needs to communicate emerging risks, priorities and impact to non-technical risk officers, CEOs or executive boards.The presenter walks through the security executive's journey—a model for the evolution of the CISO from tactician (and sometimes scapegoat) to trusted risk advisor and oracle of the coming storm.

This talk is based on executive leadership content from the Carnegie Mellon CISO program and will be a guide for executives at all levels to lead their organization through a risk maturation and transformation program.

  • January 14-15, 2021

  • September 16, 2020

  • January 14-16, 2020

  • September 10-12, 2019

  • October 18, 2018

How do we manage risk in a world of unknowns?

As business leaders and cybersecurity executives, we are expected to know how to see both the forest and the trees. We are expected to have the expertise to know what needs to be done, the experience to make the right decisions, the foresight to know where we will be at the end of the journey, and the consequences if we don’t get there.

The role of the CISO is more than a technologist – it is a strategist, a business leader, a compliance expert, and a governance guru. Today’s top CISOs are risk management experts first, and use all their expertise to solve the most pressing enterprise cybersecurity challenges.

  • December 15, 2020

  • April 7, 2020

Risk assessments are critical to effective risk management, reporting audit issues, and designing internal controls. Good risk assessment practices are an important component of an effective internal audit function, making sure resources are used in alignment and support of its mission within the organization. This module will discuss the importance of risk assessment to the ERM program and the Chief Risk Officer in risk governance and management.

Short course from 1/27/21 through 3/10/21

Wednesday 9:00 - 10:40 am CT

  • Semester: Spring 2021

  • Course ID: 179P

  • Credit Hours: 1

Class Unique: 29315

This course will be taught entirely online via Zoom.

This course will provide an overview of cyber risk management concepts and techniques, and then provide a tangible deep-dive into real-world examples and scenarios. This will be a collaborative and case-based class over the course of the semester. We will walk through a set of risk identification, risk assessment, and risk management for case studies. Discussions will include an overview of cyber risk management frameworks, relevant regulations, and available tools. We will cover the latest thinking in risk-based assessments, including reporting audit issues, and designing internal controls. We will then cover risk management with governance models including the three lines of defense, and risk management techniques.