Meet the SiRAcon Speakers

Below are all of the confirmed speakers, their talk title and on the back of the card is their bio.

SiRAcon 22 Sponsors

With out the generosity of the community, events like this are not possible.

Sponsorship opportunities are still available

Bronze Sponsor

Friend of Sira

SiRAcon 22 Key note Speakers

Graeme Keith

 A Grand Unified Theory of Enterprise Risk Management

Since completing his doctorate in applied mathematics at Cambridge in 2000, Graeme has worked with the practical application of mathematical modelling to risk management and strategy across a wide variety of fields and industries. First as a research associate at Cambridge and later as an engineering consultant based in Copenhagen, Graeme started out developing mathematical models for technical failure investigations, risk management and decision analysis.
After 10 years in technical consultancy, Graeme turned to developing and implementing analytical methods for strategy and portfolio management for capital intensive project portfolios, first as Head of Research at the oil and gas division of DONG E&P and later as Exploration Portfolio Manager at Maersk Oil.
Leveraging the close relationship between strategy and risk management in the highly volatile oil and gas market, Graeme moved into twin roles as Strategy Advisor and Head of Enterprise Risk Management at Maersk, before taking over as Head of Strategy.
Graeme returned to consultancy in 2018, first as an independent advisor, helping companies use quantitative models of uncertainty to support business and strategic decision-making processes and more recently as Practice Lead for Strategic Risk Management at Archer IRM, helping companies and organizations implement enterprise-wide quantitative risk management.
Graeme teaches at Copenhagen University and the Technical University of Denmark. He is a fellow of the UK Institute of Mathematics and its Applications and a Chartered Mathematician. He is a popular writer and 'blogger on quantitative risk management and a much sought-after speaker.
Graeme lives in Copenhagen with his wife Karin, his three children Carl (2006), Theo (2008) and Isobel (2014), his cat Salamis, a growing collection of musical instruments and an even more rapidly growing collection of books.

Lace Padilla

 Visualizing Our Uncertain World

Dr. Lace Padilla is an Assistant Professor in the Cognitive and Information Sciences Department at the University of California Merced and was an NSF Postdoctoral Scholar at Northwestern University. Padilla and collaborators have received multiple grants from NSF and DOE to study uncertainty communication in the context of COVID-19, wildfire risk, and energy grids. In 2021 she received an Early Career Award from APA. In her spare time, she is a strong advocate for minoritized groups in STEM, serving on the Governing Board of Spark Society and the IEEE VIS Inclusivity Committee.

Christian Wagner

Articulating uncertainty-at-source

Christian Wagner completed his BSc in Computer Science and MSc in Robotics and Embedded Systems at the University of Essex, UK in 2004 and 2005 respectively, before being awarded his PhD in Computer Science in 2009. He is a Professor of Computer Science at the University of Nottingham, UK; founding director of the Lab for Uncertainty in Data and Decision Making (LUCID), and currently a visiting professor at the Department of Social and Decision Science, CMU, USA. Christian’s research focuses on modelling and handling of uncertain data arising from heterogeneous data sources such as domain experts and other stakeholders, with a particular emphasis on designing interpretable AI based decision support systems. In 2017, he was recognised as a RISE (Recognising Inspirational Scientists and Engineers) Connector by the UK Engineering and Physical Sciences Research Council. Much of his work straddles disciplines from computer and social sciences to Psychology, with applications of his work range from decision support in cyber security and environmental management to consumer-centric product design and control in manufacturing. Together with his team, he has developed multiple open-source software frameworks, making research accessible both to peer researchers as well as to different research communities beyond computer science.

SiRAcon 22 Session Speakers

Ben Edwards

How to (indirectly) measure things in cyber security

Ben Edwards is a security data scientist working for the Cyentia Institute. His research has synthesized complex systems, data science, and security resulting in contributions to multiple security subfields. Prior to joining Cyentia, Edwards worked for IBM Research where he both assessed the security of machine learning algorithms and used machine learning to solve security problems. He holds a Ph.D. in Computer Science from the University of New Mexico and his work has appeared at leading industry and academic venues.

Kaitlyn Webster

Crisis evolution: Evaluating Risk Across Multiple Phases of a Crisis

Katie Webster, Ph.D., is the Program Manager for Federal Government Services at RS21. She has a PhD and M.A. in Political Science (security, peace, and conflict; quantitative methodology) from Duke University and a B.A. in International Relations from the University of Rochester. After completing her dissertation, she worked as an Assistant Professor of Political Science and Public Administration at UNC-Charlotte, where she published research and taught classes on civil conflicts. Prior to academia, she was an intelligence analyst at the Department of Defense. Katie lives in North Carolina with her husband, two kids, and lab-pitbull rescue.

Karen Hagar

Introduction to the Field of Superforecasting and Human Predictive Intelligence

Karen has a B.A. Anthropology, minor Religious Studies (Arizona State University 2005), M.S. Criminal Justice/Homeland Security (Tiffin University 2008), MSW Master of Social Work - (Arizona State University, 2012). Her master’s thesis “The Superstructure of the Islamic Extremist Gang (2008), was extolled in national security circles. -------Karen has considerable experience dealing with multicultural dynamics and interpreters and has helped individuals of many cultures, ethnicities and walks of life. She’s worked in crisis response alongside first responders, addressing behavioral health issues and suicide prevention. She has been involved in change in the state of Arizona and has advocated for children while assisting the Department of Child Safety, provided court room testimony, and has met with the children separated from their parents at the AZ/Mexico border. She has been an archaeologist for a Native American Tribe, working on tribal grounds, and is a licensed social worker (LMSW) - providing behavioral health recommendations to doctors and nurses nationwide. -------She began predictive forecasting in 2011 and achieved top accuracy scores during the Aggregative Contingent Estimation (ACE) forecasting competition, sponsored by the U.S. Intelligence Advanced Research Projects Activity (IARPA). Following this, she became one of the original Superforecasters®, consulting for Good Judgment Inc; and Oxford University’s Future of Humanity Institute. She has collaborated on a specialized research project alongside Dr. Philip Tetlock, Dr. Barb Mellers, (University of Pennsylvania), and Dr. Daniel Kahneman, Nobel Laureate, (Princeton University).

Brian Labatte

Introduction to the Field of Superforecasting and Human Predictive Intelligence

(B.A. Mathematics & Economics Brown University, MBA Concordia) is the Director of Business Development and Strategic Marketing at Hitachi Energy. His key responsibilities are establishing and assessing the attainment of sales & marketing targets for the largest business unit. During his career at Hitachi, he has managed sales & marketing operations, engineering groups, the litigation of trade cases and major new product development initiatives. His patent on concurrent engineering, work processes and communication has permitted the Hitachi organization to expand its global footprint. Brian is passionate about forecasting and decision making and is an original member of the Good Judgement Project, a leading political and economic forecast organization.

John Benninghoff

Making R work for you (with automation!)

JOHN BENNINGHOFF is a long-time student and practitioner of managing information risk. He currently leads the Site Reliability Engineering team at Cigna/Express Scripts, applying SRE principles, measurement, and risk quantification to improve organizational performance and make better decisions about risk. His 20-year career in Information Security includes diverse experience in financial services, retail, government, and recently completed a Masters of Science in Managing Risk and Systems Change, with the goal of adapting safety science to the emerging field of resilience engineering.

Serban Pop

Uncertainty Quantification in Cyber Risk Data Modelling using an Exploit-Explore Methodology and Monte Carlo Simulations

Dr. Serban Pop is a Senior Data Scientist at ThreatConnect working within the Risk Department. His work is focused on modelling the financial risks that are associated with cyber attacks. Serban completed his doctoral degree in Applied Mathematics at the University of Kaiserslautern, Germany and ITWM Faunhofer. Prior to joining ThreatConnect built a career in academia, his work focusing on modelling and computer simulations of real-life problems. He collaborated with many companies, and helped train new generations of modelers, having obtained his Postgraduate Certificate of Teaching in Higher Education from Oxford Brooks University in the UK in 2015. The current research work in Cyber Risk Modelling provides for a complex and challenging field that allows Serban to continually extend his knowledge and refine his skills.

Steven Schwartz

The Future of Cyber Insurance

Steven Schwartz is the Vice President of Insurance Strategy & Underwriting at Safe Security, the pioneer in Digital Risk Quantification. Steven is responsible for developing and executing Safe's insurance strategy, underwriting approach and criteria, and insurance policy innovation needed to alleviate the cyber insurance market constraints with trust and transparency. Recognized as an innovation leader in the fields of risk management and cybersecurity, Steven is on the Advisory Board at PACE University's Seidenberg School for Computer Science and Information Security.

Prior to joining Safe Security, Steven was Chief Revenue Officer and Co-Founder of Periculus, a direct-distribution, subscription-based solution for mitigating and transferring digital risk. He previously led Strategy and Insurance at Cytegic, an industry-leading platform for quantifying cyber risk, and played a vital role in the company's successful acquisition by Mastercard in June 2020. Steven spent a large portion of his career as a Senior Managing Consultant and Head of Business Development at one of the largest, global independent risk management and insurance consulting firms, UIC, Inc., where he personally managed and negotiated the risk management & insurance programs for F2000 entities paying in excess of $100M in Annual Premium across 40 countries.

Jason Leuenberger

The Softer Side of Risk: How Knowing People and Culture Can Help You

I'm a certified executive coach with 20+ years of experience in Information Security, Risk Management, GRC, and Privacy. Day-to-day I work with leaders & teams centered around their development goals, clearly identifying obstacles that might be getting in their way, and then working to break free from anything limiting them. I apply my coaching background to work in risk management with people and teams, understanding the most powerful component of managing risk: the human beings involved in making those decisions.

Wade Baker

Risk Insights from another year of data-driven research

Dr. Wade Baker is a Co-Founder of the Cyentia Institute, which focuses on improving cybersecurity knowledge and practice through data-driven research. He’s also a professor in Virginia Tech’s College of Business, teaching courses for the MBA and MS of IT programs to help prepare the next generation of leaders. Prior to this, Wade held positions as the VP of Strategy at ThreatConnect and was the CTO of Security Solutions at Verizon, where he had the great privilege of leading Verizon’s Data Breach Investigations Report (DBIR) research team for 8 years.

Zachery Cossairt

Human Nature in our Risk Programs: Work With it, Not Against It

Zach spent his childhood and teenage years in southern California before entering the United States Navy to serve in the Nation’s Submarine Force. After basic and technical training, he began his tenure onboard the fast attack submarine USS Pasadena as a Fire Control Technician, responsible for collecting and aggregating various forms of intelligence and synthesizing useful data to inform tactical and strategic decision-making of the command and squadron leadership. It was during his time cruising around underwater, building and maintaining models of the submerged and surfaced world, where he developed an instinctive understanding of judgment and decision-making under states of uncertainty and risk. ---After leaving the ship, he embarked on a shore tour where he carried out duties as a training specialist, acquiring knowledge of learning theory and applying it while instructing aspiring Fire Control Technicians on the formal tactics, techniques, and methods necessary to perform optimally at sea. During this time on shore duty, and upon exiting the service, he completed the required coursework and was awarded a Bachelor of Science in Security and Risk Analysis from Pennsylvania State University. He utilized the knowledge and practical skills gained during his undergrad program and applied them to various public and private sector consulting roles before transitioning into his current position as the Information Risk Program Manager at Equinix. ---Zach’s experience directly observing human behavior in hazardous environments, where choices could often result in exceptionally unfavorable outcomes, contributed to his curiosity of the cognitive processes occurring in the mind when making intuitive judgments, evaluating alternatives, and ultimately making decisions in the face of risk and uncertainty. This interest influenced his decision to engage in more formal study of the intersection of psychology and decision-making in the Master of Arts in Behavioral Economics Program at the Chicago School of Professional Psychology. Zach is passionate about applying what he learns to encourage sound decision-making practices in his professional and personal life. He currently resides in Poulsbo, Washington, where he owns a home with his life journey partner Chelsea and three rescue pups Maple, Moose, and Clementine.

Jay Jacobs

Measuring a Risk Concept: Exploitability

Jay is a Co-founder and Chief Data Scientist at Cyentia Institute, a research firm dedicated to advancing the state of information security knowledge and practice through data-driven research. Jay is also the lead researcher on the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS SIG at FIRST. Jay was also a co-founder of the Society for Information Risk Analysts (SIRA) and a co-author of Data-Driven Security, a book covering data analysis and visualizations for information security.

Mike Jerbic

Going Beyond Emphatic Assertion to Assess a Cyber Risk Model’s Fitness for Purpose in a Financial Institution

Mike Jerbic is an expert at solving problems and leading successful programs that interface between law, technology, and markets. He has led technical, business, and legal teams in diagnosing key problems, architecting workable solutions, and leading interdisciplinary teams to accomplish results in activities including the implementation of information security programs, cyber risk analysis and management, and information governance and compliance. ——Mike’s experience includes information security product development engineering and management at Hewlett Packard, information security project management as a consultant at Visa, technical practice consultant director at CBIZ, independent board director service at California Hydronics, Public Safety Commissioner service for the City of Cupertino, and Lecturer at San Jose State University. He leads the continuous improvement of the profession by chairing the Open Group Security Forum and leading its Security and Risk Management Work Group and co-chairing the American Bar Association’s Information Governance Working Group.

Bob Mark

Going Beyond Emphatic Assertion to Assess a Cyber Risk Model’s Fitness for Purpose in a Financial Institution

Dr. Bob Mark is a Managing Partner at Black Diamond Risk Enterprises, serves on several boards, led Treasury/Trading activities and was a Chief Risk Officer at Tier 1 banks. He is the Founding Executive Director of the MFE Program at UCLA, co- authored three books on Risk Management and holds an Applied Math PhD. Bob is a past GARP Risk Manager of the Year and is a cofounder of PRMIA.

Nicholas Bakewell

Using Middle Management to Drive Executive Support for an Information Security Program in an Atypical Organizational Design

I am a father of three, husband, bookworm, avid coffee drinker, and enjoyer of a fine Scotch. Founder and owner of Redwood Cyber Services, LLC, a cybersecurity consultancy, to finance the previous sentence. While I enjoy the technical aspects of cybersecurity, my real enjoyment comes from considering organizational design, change management, and business process reengineering and the role it plays in establishing effective and resilient information security practices. I am a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).

Apolonio "Apps" Garcia

Introduction to Quantitative Risk Analysis

Apolonio “Apps” Garcia, CRISK, Open FAIR, has over 20 years of experience in healthcare IT, Information Security, and Risk Management. He has been applying and teaching quantitative risk analysis, including Open FAIR, for over a decade.For his day job, he is the CEO and Founder of HealthGuard, a mid-west based company that provides quantitative risk management software, services and training to hospitals. He also serves as the Board President of the Society of Information Risk Analysts (SIRA), and an active member of the Open Group Security Forum, which maintains the Open FAIR risk analyst standard and related materials.Apps is a husband, father and decorated veteran of the U.S. Navy.

David Severski

Better Than Beta: Finding the PERT-fict Fit for Event Frequency

David F. Severski is an information security data scientist, specializing in quantified risk management. He has provided risk management expertise across diverse industries -- retail, aerospace, finance, energy, and healthcare. David brings both broad and deep expertise in a number of technical areas with a special focus on cloud technologies and DevOps practices. He strives to combine rigorous methods, technical expertise, and a human-centered approach to advance the state of evidence-based information security risk management. David lives in Seattle, Washington with a low-maintenance spouse, a high-maintenance house and a spiffy fedora.

Jon Sternberg

Practical Tips to Enhance Your Data Visualization.

Jon serves as a lead data analyst at Northwestern Mutual, a Fortune 100 financial services company headquartered in Milwaukee, Wisconsin, USA, in the company’s Enterprise Information Risk & Cybersecurity organization. With over 20 years of experience in information security, Jon finds his greatest engagement in his work when he plays at the intersection of information security, data analytics, and human behavior. In addition to holding the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA) certifications, he is also certified as a Myers-Briggs Type Indicator (MBTI) practitioner and as a CPI 260 practitioner. His current professional focus includes data visualization and storytelling, with an emphasis on data analytics in the Microsoft Business Intelligence stack. Jon aspires to be an ever-improving servant leader with his faith, love of family and friends, and empathy at his core. His professional mottos are simple: If serving others is beneath you, leadership is beyond you; and you’ll never regret being kind.

Milena Rodban

The Risky World of Whisk(e)y: The Geopolitics, Economics, and Technology Behind Every Golden Dram

Milena is an interactive simulation designer and geopolitical risk expert with over a dozen years of experience helping organizations manage uncertainty. Whisk(e)y is one of her favorite drinks, and also a fascinating topic to discuss all the themes that SIRACon covers, including data, technology, security, and risk. Milena is thrilled to be presenting to the always inquisitive and engaging SIRACon audience for the third time. She hopes you’ll pour a dram and join her!

Lisa Young

Using Risk Scenarios in risk identification and analysis

Lisa Young, CISA, CISM, CISSP, is an operational risk and security metrics professional with a passion for solving problems with data. She is a prominent cybersecurity veteran, having worked in government, military, industry, and academia. She holds a Master of Public Policy with a cybersecurity concentration from the University of Maryland and a B.A. in Business Administration from University of South Florida. Her superpower is preparing security teams to protect and defend their organizations from cyber criminals, respond to crises, and recover when something bad happens. Lisa can be found at: