February 2023 SV-ISSA Chapter Meeting - The Need to Understand Cyber Risk Quantification (CRQ) to Prioritize Risk

Date: 
Tuesday, February 21, 2023 - 5:00pm
Topic: 

Cyber Risk Quantification (CRQ) and benefits of prioritizing risk for business decision-making.

Gartner says it best: “Faced with increasing board scrutiny and executive demand for cybersecurity
services, security and risk management (SRM) leaders are turning to cyber-risk quantification (CRQ) to
communicate risk, aid enterprise decision making and prioritize cybersecurity risks with greater
precision.”

Cyber Risk Quantification (CRQ) is a far more advanced way to measure and prioritize risk exposure
across the organization, and then be able to translate and communicate that risk in financial terms to
the board, key stakeholders and third parties like insurers.

CRQ also gives security and risk managers the ability to simulate threat scenarios based on a multitude
of inputs to assign dollar figures to the areas of risk in order to quantify likelihood of both financial and
operational impact.

The threat simulation outcomes enable you to compare options for addressing the risk, measure the
acceptability of each outcome, and find the solution with the highest ROI to manage cyber risk. This is
the starting point for the ability to make cybersecurity decisions not in a vacuum but as part of overall
business decisions.

The Business Benefits of a Cyber Risk Quantification (CRQ) Solution

  • Maintain Brand Reputation
  • Prioritize Security Budget
  • Communicate Risk Posture to the Board, Stakeholders and Third Parties
  • Lower Cyber Insurance Premiums with accurate risk calculation
  • Measure the ROI and effectiveness of your cybersecurity program

Event Timeline
5 pm Networking
5:45 pm ISSA Announcements
6 pm Presentation
7 pm - 9 pm Dinner & Drinks
 
Speaker: 

Bret Laughlin is the CEO and Co-founder of Ostrich Cyber-Risk, the unified cyber risk management company.  Bret is a visionary founder and CEO, with an extensive portfolio of cybersecurity and startup leadership experience. He has a deep understanding of the cybersecurity space that guides him to develop technology to close the common security gaps.  

 Prior to Ostrich Cyber-Risk, Bret was the CEO and Co-founder of Braintrace, a Network Detection and Response (NDR) technology, acquired by Sophos in 2021. Braintrace’s NDR technology provides Sophos with deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption, to improve threat detection, threat hunting and response to suspicious activity. 

Prior to Braintrace, he was the Founder and CEO of Orange Legal Technologies, a leading provider of electronic discovery litigation, audit, and investigation services for law firms and corporations. 

Bret is a thought leader in intelligent cybersecurity, cyber risk management and Cyber Risk Quantification (CRQ), speaking at cybersecurity events nationwide. 

 

Greg Spicer is the Co-Founder of Ostrich Cyber-Risk.  Greg has several years of experience in cybersecurity, working with organizations to provide solutions to their cybersecurity challenges.  He has worked in many sectors, including Legal, Finance, Insurance, Manufacturing, and Healthcare.  He was most recently CRO of Braintrace, a Salt Lake City MDR provider, before their successful sale to Sophos in July 2021.  

Greg is a thought leader in the Cyber Risk Management and Cyber Risk Quantification (CRQ) spaces, speaking and moderating panels for ISSA, ISACA, ILTA and other cybersecurity events nationwide.

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying, and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. Learn more at https://www.ostrichcyber-risk.com/.  

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying, and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. Learn more at https://www.ostrichcyber-risk.com/.   

Location: 

Microsoft Silicon Valley Campus

1045 La Avenida St