Upcoming Meetings

February 2023 SV-ISSA Chapter Meeting - The Need to Understand Cyber Risk Quantification (CRQ) to Prioritize Risk

Date: 
Tuesday, February 21, 2023 - 5:00pm
Topic: 

Cyber Risk Quantification (CRQ) and benefits of prioritizing risk for business decision-making.

Gartner says it best: “Faced with increasing board scrutiny and executive demand for cybersecurity
services, security and risk management (SRM) leaders are turning to cyber-risk quantification (CRQ) to
communicate risk, aid enterprise decision making and prioritize cybersecurity risks with greater
precision.”

Cyber Risk Quantification (CRQ) is a far more advanced way to measure and prioritize risk exposure
across the organization, and then be able to translate and communicate that risk in financial terms to
the board, key stakeholders and third parties like insurers.

CRQ also gives security and risk managers the ability to simulate threat scenarios based on a multitude
of inputs to assign dollar figures to the areas of risk in order to quantify likelihood of both financial and
operational impact.

The threat simulation outcomes enable you to compare options for addressing the risk, measure the
acceptability of each outcome, and find the solution with the highest ROI to manage cyber risk. This is
the starting point for the ability to make cybersecurity decisions not in a vacuum but as part of overall
business decisions.

The Business Benefits of a Cyber Risk Quantification (CRQ) Solution

  • Maintain Brand Reputation
  • Prioritize Security Budget
  • Communicate Risk Posture to the Board, Stakeholders and Third Parties
  • Lower Cyber Insurance Premiums with accurate risk calculation
  • Measure the ROI and effectiveness of your cybersecurity program

Event Timeline
5 pm Networking
5:45 pm ISSA Announcements
6 pm Presentation
7 pm - 9 pm Dinner & Drinks
 
Speaker: 

Bret Laughlin is the CEO and Co-founder of Ostrich Cyber-Risk, the unified cyber risk management company.  Bret is a visionary founder and CEO, with an extensive portfolio of cybersecurity and startup leadership experience. He has a deep understanding of the cybersecurity space that guides him to develop technology to close the common security gaps.  

 Prior to Ostrich Cyber-Risk, Bret was the CEO and Co-founder of Braintrace, a Network Detection and Response (NDR) technology, acquired by Sophos in 2021. Braintrace’s NDR technology provides Sophos with deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption, to improve threat detection, threat hunting and response to suspicious activity. 

Prior to Braintrace, he was the Founder and CEO of Orange Legal Technologies, a leading provider of electronic discovery litigation, audit, and investigation services for law firms and corporations. 

Bret is a thought leader in intelligent cybersecurity, cyber risk management and Cyber Risk Quantification (CRQ), speaking at cybersecurity events nationwide. 

 

Greg Spicer is the Co-Founder of Ostrich Cyber-Risk.  Greg has several years of experience in cybersecurity, working with organizations to provide solutions to their cybersecurity challenges.  He has worked in many sectors, including Legal, Finance, Insurance, Manufacturing, and Healthcare.  He was most recently CRO of Braintrace, a Salt Lake City MDR provider, before their successful sale to Sophos in July 2021.  

Greg is a thought leader in the Cyber Risk Management and Cyber Risk Quantification (CRQ) spaces, speaking and moderating panels for ISSA, ISACA, ILTA and other cybersecurity events nationwide.

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying, and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. Learn more at https://www.ostrichcyber-risk.com/.  

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying, and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. Learn more at https://www.ostrichcyber-risk.com/.   

Location: 

Microsoft Silicon Valley Campus

1045 La Avenida St

 

SecOps Maturity: Business Intel for the Boardroom

Date: 
Tuesday, March 21, 2023 - 5:00pm
Topic: 

You can’t improve what you don’t measure. To mature your security operations program, you need to evaluate its effectiveness. But this is a task many organizations still struggle with when it comes to collection, detection, and response. If showing the effectiveness of your security operations is a challenge, it might be time to re-evaluate your KPIs and your ability to measure them in order to communicate to your board the metrics that drive programmatic gains in your secops practices. 

 

Event Timeline

5 pm Networking

5:45 pm ISSA Announcements

6 pm Presentation

7 pm - 9 pm Dinner & Drinks

 

Speaker: 

Greg Genung is the Director of Strategy & Innovation at deepwatch, the Denver, Colorado and Tampa, FL based security services provider powered by its world-class MDR SecOps platform. With over 20+ years of experience across IT, cybersecurity, and startup leadership roles, Genung has a proven track record of providing successful leadership, optimizing security operations, and creating holistic cybersecurity programs. In 2020, Genung was named one of the world’s Top 10 Software Product Executives while heading up Research and Development Product Strategy for deepwatch. Prior to joining deepwatch in 2019, Genung held a leadership role as Senior Manager of Technical Strategy at Rackspace where he was responsible for shaping, building, and executing the long-term Rackspace Managed Security (RMS) product portfolio ($230M), go to market engine, and growth strategies. Genung was also one of the founding members of the Retail-ISAC (R-CISC) as the first employee of the DHS-backed threat intelligence sharing center for the world’s largest retail and hospitality providers. He has held a number of roles at 21CT, Praetorian, and Denim Group as well as currently as an investor in small cybersecurity startups. Ultimately, what drives this industry thought leader is his fascination with building safe and healthy interactions between humans and machines to help companies build a more resilient, secure future.

Location: 

 

Microsoft Silicon Valley Campus

1045 La Avenida St