February 2023 SV-ISSA Chapter Meeting - Panel: The Need to Understand Cyber Risk Quantification (CRQ) to Prioritize Risk

Tuesday, February 21, 2023 - 5:00pm

Cyber Risk Quantification (CRQ) and benefits of prioritizing risk for business decision-making.

Gartner says it best: “Faced with increasing board scrutiny and executive demand for cybersecurity
services, security and risk management (SRM) leaders are turning to cyber-risk quantification (CRQ) to
communicate risk, aid enterprise decision making and prioritize cybersecurity risks with greater

Cyber Risk Quantification (CRQ) is a far more advanced way to measure and prioritize risk exposure
across the organization, and then be able to translate and communicate that risk in financial terms to
the board, key stakeholders and third parties like insurers.

CRQ also gives security and risk managers the ability to simulate threat scenarios based on a multitude
of inputs to assign dollar figures to the areas of risk in order to quantify likelihood of both financial and
operational impact.

The threat simulation outcomes enable you to compare options for addressing the risk, measure the
acceptability of each outcome, and find the solution with the highest ROI to manage cyber risk. This is
the starting point for the ability to make cybersecurity decisions not in a vacuum but as part of overall
business decisions.

The Business Benefits of a Cyber Risk Quantification (CRQ) Solution

  • Maintain Brand Reputation
  • Prioritize Security Budget
  • Communicate Risk Posture to the Board, Stakeholders and Third Parties
  • Lower Cyber Insurance Premiums with accurate risk calculation
  • Measure the ROI and effectiveness of your cybersecurity program

Event Timeline
5 pm Networking
5:45 pm ISSA Announcements
6 pm Presentation
7 pm - 9 pm Dinner & Drinks


Greg Spicer is the Co-Founder of Ostrich Cyber-Risk.  Greg has several years of experience in cybersecurity, working with organizations to provide solutions to their cybersecurity challenges.  He has worked in many sectors, including Legal, Finance, Insurance, Manufacturing, and Healthcare.  He was most recently CRO of Braintrace, a Salt Lake City MDR provider, before their successful sale to Sophos in July 2021.  

Greg is a thought leader in the Cyber Risk Management and Cyber Risk Quantification (CRQ) spaces, speaking and moderating panels for ISSA, ISACA, ILTA and other cybersecurity events nationwide.

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying, and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. Learn more at https://www.ostrichcyber-risk.com/.  


Ira Winkler, CISSP is the Field CISO for CYE Security and author of You Can Stop Stupid, Security Awareness for Dummies, and Advanced Persistent Security.  He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media.  He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure.  He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs.  Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader. Most recently, Ira was named 2021 Top Cybersecurity Leader by Security Magazine.


Kate Kuehn has been an active thought leader in Security & Advanced Network Technologies for over 20 years. As the Chief Trust Officer (CTrO) for cyber security at Aon, she aligns global cyber initiatives with internal practice and policy to drive trust, transformation, and risk mitigation internally, with clients, and within the entire cyber community.

Early in her career, she had been given the opportunity to work with and lead some of the most innovative technologies that have shaped our industries. She led some of the industry’s first projects in DDOS, Ethernet as a network (CPA), SaaS and IaaS, and was on the front line with some of the earliest attacks against the financial services markets. Kate has purposely executed multiple roles across her career from CISO, CEO, Board of Director, Advisor, strategic business development / alliances, leading sales and engineering teams, and now as a CTrO (Chief Trust Officer). Before her role at Aon, she has worked for companies including vArmour, Senseon, BT Group plc, and Verizon. The culmination of her experience ensures Kate always brings expertise and a fresh perspective on emerging trends within cybersecurity.

Kate has two main passions in life: bleeding-edge technology that helps secure our world and developing world-class people and companies. Kate is a trusted advisor in the industry and holds positions on several boards including Redshield and Cybermainacs. She is currently an Advisory Board Member for vArmour, Senseon, rThreat, and Net Thunder. She was also recently appointed to the IEEE steering committee for Cyber Security, and collaborates regularly with ISSA, SINET & WSTA.

In addition to professional endeavors, Kate loves to give back to her community. She is active in a number of STEM initiatives including CORNCON, the Docent Group and the University of California, Berkeley. Kate also spends time as a volleyball coach at her children’s school.


Discussion Moderator

Moderator - Mike Skurko, VP of the Silicon Valley Chapter of the ISSA

Founder and principal consultant at PRE Consulting Inc. He's an active Board Member and the VP of the Silicon Valley Chapter of the ISSA where he is responsible for bringing in industry speakers and sponsors for the chapter. Mike is an information security professional with over 15 years of experience in early-phase cybersecurity startups. PRE Consulting, Inc. creates sales solutions globally and connects security solutions and practitioners with end-user customers in the SMB up to the Fortune 500. Additionally, he's a mentor and advisor to angel and seed-funded startups in the cybersecurity space. Mike is an active member of the community and has led and participated in panels ranging from CAMP IT in Chicago to FutureCon throughout the Americas, and various security events in the Tokyo Metropolitan region. Mike was raised in Tokyo and continues to pursue "a lifetime of learning and *re-learning* the Japanese language." Beyond language and cyber security, he's on the Board of Directors of the San Francisco Independent Film Festival.





Monaco Risk’s cyber risk management software and services enable security teams to collaborate with business leaders to set cybersecurity budgets, prioritize and justify risk mitigation investments, rationalize compliance with security needs, and establish a mutual understanding of risk appetite and tolerance.

Our Cyber Defense Graph™ software uses causal modeling techniques to simulate attack and control actions. It provides graphical visualizations of control efficacy and critical path weaknesses, and calculates and displays the marginal utility, in dollars, of alternative control enhancements relative to the organization’s cyber threat landscape.


Microsoft Silicon Valley Campus

1045 La Avenida St