Upcoming Seminars

(ISC)2 Security World Congress

October 30, 2019 at 1:45 PM

Orlando, FL

Risk exposure is a perpetual challenge to model and communicate; especially to stakeholders outside of the risk management discipline. Gamification has proven to be a useful mechanism to get teams aligned with a shared objective. Come play a game with us as we unleash a terrible "what-if" doomsday machine—in the form of a card game. We will explore potentially thousands of cyber-loss scenarios—from insider threats to malware meltdowns—and gamify the impact on organizations. This model has been taught to hundreds of students at the Carnegie Mellon University Executive CISO Program, where the model is changing the risk conversation at many forward-leaning organizations

January 14-16, 2020

How do we manage risk in a world of unknowns?

As business leaders and cybersecurity executives, we are expected to know how to see both the forest and the trees. We are expected to have the expertise to know what needs to be done, the experience to make the right decisions, the foresight to know where we will be at the end of the journey, and the consequences if we don’t get there.

The role of the CISO is more than a technologist – it is a strategist, a business leader, a compliance expert, and a governance guru. Today’s top CISOs are risk management experts first, and use all their expertise to solve the most pressing enterprise cybersecurity challenges.

The Robert S. Strauss Center for International Security and Law (date TBD)

Intensive short course covering cybersecurity strategy and risk management

Past Seminars

October 2, 2019 at 1:40PM

Austin, TX

How do you lead teams to solve complex problems? Sometimes stupid is smart, and we can learn a lot from an ant. This talk provides an overview of the power of emergence, then we apply this method to an interactive team exercise for cybersecurity threat modeling.

Thursday, Mar 07, 2019 | 02:00 P.M. - 04:00 P.M.

San Francisco, CA

Join us as we unleash a terrible “what-if” doomsday machine—in the form of a card game—and explore 4,000 potential cyber-loss scenarios. This model is changing the risk conversation at many forward-leaning organizations. Come early to get a free card deck to bring back and expand visibility into your own risk universe.

(ISC)2 Security World Congress

October 9, 2018 at 10:30AM

New Orleans, LA

Security and risk executives are sometimes expected to see into the future. A seasoned practitioner has an innate intuition, yet needs to communicate emerging risks, priorities and impact to non-technical risk officers, CEOs or executive boards.The presenter walks through the security executive's journey—a model for the evolution of the CISO from tactician (and sometimes scapegoat) to trusted risk advisor and oracle of the coming storm.

This talk is based on executive leadership content from the Carnegie Mellon CISO program and will be a guide for executives at all levels to lead their organization through a risk maturation and transformation program.

  • September 10-12, 2019
  • October 18, 2018

How do we manage risk in a world of unknowns?

As business leaders and cybersecurity executives, we are expected to know how to see both the forest and the trees. We are expected to have the expertise to know what needs to be done, the experience to make the right decisions, the foresight to know where we will be at the end of the journey, and the consequences if we don’t get there.

The role of the CISO is more than a technologist – it is a strategist, a business leader, a compliance expert, and a governance guru. Today’s top CISOs are risk management experts first, and use all their expertise to solve the most pressing enterprise cybersecurity challenges.