Meet the SiRAcon Speakers
Below are all of the confirmed speakers, their talk title and on the back of
the card is their bio.
SiRAcon 22 Sponsors
With out the generosity of the community, events like this are not possible.
Sponsorship opportunities are still available
SiRAcon 22 Key note Speakers
Graeme Keith
A Grand Unified Theory of Enterprise Risk Management
Since completing his doctorate in applied mathematics at
Cambridge in 2000, Graeme has worked with the practical application of mathematical
modelling to risk management and strategy across a wide variety of fields and
industries. First as a research associate at Cambridge and later as an engineering
consultant based in Copenhagen, Graeme started out developing mathematical models
for technical failure investigations, risk management and decision analysis.
After 10 years in technical consultancy, Graeme turned to developing and
implementing analytical methods for strategy and portfolio management for capital
intensive project portfolios, first as Head of Research at the oil and gas division
of DONG E&P and later as Exploration Portfolio Manager at Maersk
Oil.
Leveraging the close relationship between strategy and risk management in
the highly volatile oil and gas market, Graeme moved into twin roles as Strategy
Advisor and Head of Enterprise Risk Management at Maersk, before taking over as Head
of Strategy.
Graeme returned to consultancy in 2018, first as an independent
advisor, helping companies use quantitative models of uncertainty to support
business and strategic decision-making processes and more recently as Practice Lead
for Strategic Risk Management at Archer IRM, helping companies and organizations
implement enterprise-wide quantitative risk management.
Graeme teaches at
Copenhagen University and the Technical University of Denmark. He is a fellow of the
UK Institute of Mathematics and its Applications and a Chartered Mathematician. He
is a popular writer and 'blogger on quantitative risk management and a much
sought-after speaker.
Graeme lives in Copenhagen with his wife Karin, his three
children Carl (2006), Theo (2008) and Isobel (2014), his cat Salamis, a growing
collection of musical instruments and an even more rapidly growing collection of
books.
Lace Padilla
Visualizing Our Uncertain World
Dr. Lace Padilla is an Assistant Professor in the Cognitive
and Information Sciences Department at the University of California Merced and was
an NSF Postdoctoral Scholar at Northwestern University. Padilla and collaborators
have received multiple grants from NSF and DOE to study uncertainty communication in
the context of COVID-19, wildfire risk, and energy grids. In 2021 she received an
Early Career Award from APA. In her spare time, she is a strong advocate for
minoritized groups in STEM, serving on the Governing Board of Spark Society and the
IEEE VIS Inclusivity Committee.
Christian Wagner
Articulating uncertainty-at-source
Christian Wagner completed his BSc in Computer Science and
MSc in Robotics and Embedded Systems at the University of Essex, UK in 2004 and 2005
respectively, before being awarded his PhD in Computer Science in 2009. He is a
Professor of Computer Science at the University of Nottingham, UK; founding director
of the Lab for Uncertainty in Data and Decision Making (LUCID), and currently a
visiting professor at the Department of Social and Decision Science, CMU, USA.
Christian’s research focuses on modelling and handling of uncertain data arising
from heterogeneous data sources such as domain experts and other stakeholders, with
a particular emphasis on designing interpretable AI based decision support systems.
In 2017, he was recognised as a RISE (Recognising Inspirational Scientists and
Engineers) Connector by the UK Engineering and Physical Sciences Research Council.
Much of his work straddles disciplines from computer and social sciences to
Psychology, with applications of his work range from decision support in cyber
security and environmental management to consumer-centric product design and control
in manufacturing. Together with his team, he has developed multiple open-source
software frameworks, making research accessible both to peer researchers as well as
to different research communities beyond computer science.
SiRAcon 22 Session Speakers
Ben Edwards
How to (indirectly) measure things in cyber security
Ben Edwards is a security data scientist working for the
Cyentia
Institute. His research has synthesized complex systems, data science, and security
resulting in contributions to multiple security subfields. Prior to joining Cyentia,
Edwards worked for IBM Research where he both assessed the security of machine
learning
algorithms and used machine learning to solve security problems. He holds a Ph.D. in
Computer Science from the University of New Mexico and his work has appeared at
leading
industry and academic venues.
Kaitlyn Webster
Crisis evolution: Evaluating Risk Across Multiple Phases of a
Crisis
Katie Webster, Ph.D., is the Program Manager for Federal
Government Services at RS21. She has a PhD and M.A. in Political Science (security,
peace, and conflict; quantitative methodology) from Duke University and a B.A. in
International Relations from the University of Rochester. After completing her
dissertation, she worked as an Assistant Professor of Political Science and Public
Administration at UNC-Charlotte, where she published research and taught classes on
civil conflicts. Prior to academia, she was an intelligence analyst at the
Department of Defense. Katie lives in North Carolina with her husband, two kids, and
lab-pitbull rescue.
Karen Hagar
Introduction to the Field of Superforecasting and Human
Predictive Intelligence
Karen has a B.A. Anthropology, minor Religious Studies
(Arizona State University 2005), M.S. Criminal Justice/Homeland Security (Tiffin
University 2008), MSW Master of Social Work - (Arizona State University, 2012). Her
master’s thesis “The Superstructure of the Islamic Extremist Gang (2008), was
extolled in national security circles. -------Karen has considerable experience
dealing with multicultural dynamics and interpreters and has helped individuals of
many cultures, ethnicities and walks of life. She’s worked in crisis response
alongside first responders, addressing behavioral health issues and suicide
prevention. She has been involved in change in the state of Arizona and has
advocated for children while assisting the Department of Child Safety, provided
court room testimony, and has met with the children separated from their parents at
the AZ/Mexico border. She has been an archaeologist for a Native American Tribe,
working on tribal grounds, and is a licensed social worker (LMSW) - providing
behavioral health recommendations to doctors and nurses nationwide. -------She began
predictive forecasting in 2011 and achieved top accuracy scores during the
Aggregative Contingent Estimation (ACE) forecasting competition, sponsored by the
U.S. Intelligence Advanced Research Projects Activity (IARPA). Following this, she
became one of the original Superforecasters®, consulting for Good Judgment Inc; and
Oxford University’s Future of Humanity Institute. She has collaborated on a
specialized research project alongside Dr. Philip Tetlock, Dr. Barb Mellers,
(University of Pennsylvania), and Dr. Daniel Kahneman, Nobel Laureate, (Princeton
University).
Brian Labatte
Introduction to the Field of Superforecasting and Human
Predictive Intelligence
(B.A. Mathematics & Economics Brown University, MBA
Concordia) is the Director of Business Development and Strategic Marketing at
Hitachi Energy. His key responsibilities are establishing and assessing the
attainment of sales & marketing targets for the largest business unit. During
his career at Hitachi, he has managed sales & marketing operations, engineering
groups, the litigation of trade cases and major new product development initiatives.
His patent on concurrent engineering, work processes and communication has permitted
the Hitachi organization to expand its global footprint. Brian is passionate about
forecasting and decision making and is an original member of the Good Judgement
Project, a leading political and economic forecast organization.
John Benninghoff
Making R work for you (with automation!)
JOHN BENNINGHOFF is a long-time student and practitioner of
managing information risk. He currently leads the Site Reliability Engineering team
at Cigna/Express Scripts, applying SRE principles, measurement, and risk
quantification to improve organizational performance and make better decisions about
risk. His 20-year career in Information Security includes diverse experience in
financial services, retail, government, and recently completed a Masters of Science
in Managing Risk and Systems Change, with the goal of adapting safety science to the
emerging field of resilience engineering.
Serban Pop
Uncertainty Quantification in Cyber Risk Data Modelling using an
Exploit-Explore Methodology and Monte Carlo Simulations
Dr. Serban Pop is a Senior Data Scientist at ThreatConnect working within the Risk Department. His work is focused on modelling the financial risks that are associated with cyber attacks. Serban completed his doctoral degree in Applied Mathematics at the University of Kaiserslautern, Germany and ITWM Faunhofer. Prior to joining ThreatConnect built a career in academia, his work focusing on modelling and computer simulations of real-life problems. He collaborated with many companies, and helped train new generations of modelers, having obtained his Postgraduate Certificate of Teaching in Higher Education from Oxford Brooks University in the UK in 2015. The current research work in Cyber Risk Modelling provides for a complex and challenging field that allows Serban to continually extend his knowledge and refine his skills.
Steven Schwartz
The Future of Cyber Insurance
Steven Schwartz is the Vice President of Insurance Strategy
& Underwriting at Safe Security, the pioneer in Digital Risk Quantification.
Steven is responsible for developing and executing Safe's insurance strategy,
underwriting approach and criteria, and insurance policy innovation needed to
alleviate the cyber insurance market constraints with trust and transparency.
Recognized as an innovation leader in the fields of risk management and
cybersecurity, Steven is on the Advisory Board at PACE University's Seidenberg
School for Computer Science and Information Security.
Prior to joining Safe
Security, Steven was Chief Revenue Officer and Co-Founder of Periculus, a
direct-distribution, subscription-based solution for mitigating and transferring
digital risk. He previously led Strategy and Insurance at Cytegic, an
industry-leading platform for quantifying cyber risk, and played a vital role in the
company's successful acquisition by Mastercard in June 2020. Steven spent a large
portion of his career as a Senior Managing Consultant and Head of Business
Development at one of the largest, global independent risk management and insurance
consulting firms, UIC, Inc., where he personally managed and negotiated the risk
management & insurance programs for F2000 entities paying in excess of $100M in
Annual Premium across 40 countries.
Jason Leuenberger
The Softer Side of Risk: How Knowing People and Culture Can Help
You
I'm a certified executive coach with 20+ years of experience
in Information Security, Risk Management, GRC, and Privacy. Day-to-day I work with
leaders & teams centered around their development goals, clearly identifying
obstacles that might be getting in their way, and then working to break free from
anything limiting them. I apply my coaching background to work in risk management
with people and teams, understanding the most powerful component of managing risk:
the human beings involved in making those decisions.
Wade Baker
Risk Insights from another year of data-driven research
Dr. Wade Baker is a Co-Founder of the Cyentia Institute,
which focuses on improving cybersecurity knowledge and practice through data-driven
research. He’s also a professor in Virginia Tech’s College of Business, teaching
courses for the MBA and MS of IT programs to help prepare the next generation of
leaders. Prior to this, Wade held positions as the VP of Strategy at ThreatConnect
and was the CTO of Security Solutions at Verizon, where he had the great privilege
of leading Verizon’s Data Breach Investigations Report (DBIR) research team for 8
years.
Zachery Cossairt
Human Nature in our Risk Programs: Work With it, Not Against It
Zach spent his childhood and teenage years in southern
California before entering the United States Navy to serve in the Nation’s Submarine
Force. After basic and technical training, he began his tenure onboard the fast
attack submarine USS Pasadena as a Fire Control Technician, responsible for
collecting and aggregating various forms of intelligence and synthesizing useful
data to inform tactical and strategic decision-making of the command and squadron
leadership. It was during his time cruising around underwater, building and
maintaining models of the submerged and surfaced world, where he developed an
instinctive understanding of judgment and decision-making under states of
uncertainty and risk. ---After leaving the ship, he embarked on a shore tour where
he carried out duties as a training specialist, acquiring knowledge of learning
theory and applying it while instructing aspiring Fire Control Technicians on the
formal tactics, techniques, and methods necessary to perform optimally at sea.
During this time on shore duty, and upon exiting the service, he completed the
required coursework and was awarded a Bachelor of Science in Security and Risk
Analysis from Pennsylvania State University. He utilized the knowledge and practical
skills gained during his undergrad program and applied them to various public and
private sector consulting roles before transitioning into his current position as
the Information Risk Program Manager at Equinix. ---Zach’s experience directly
observing human behavior in hazardous environments, where choices could often result
in exceptionally unfavorable outcomes, contributed to his curiosity of the cognitive
processes occurring in the mind when making intuitive judgments, evaluating
alternatives, and ultimately making decisions in the face of risk and uncertainty.
This interest influenced his decision to engage in more formal study of the
intersection of psychology and decision-making in the Master of Arts in Behavioral
Economics Program at the Chicago School of Professional Psychology. Zach is
passionate about applying what he learns to encourage sound decision-making
practices in his professional and personal life. He currently resides in Poulsbo,
Washington, where he owns a home with his life journey partner Chelsea and three
rescue pups Maple, Moose, and Clementine.
Jay Jacobs
Measuring a Risk Concept: Exploitability
Jay is a Co-founder and Chief Data Scientist at Cyentia
Institute, a research firm dedicated to advancing the state of information security
knowledge and practice through data-driven research. Jay is also the lead researcher
on the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS SIG at
FIRST. Jay was also a co-founder of the Society for Information Risk Analysts (SIRA)
and a co-author of Data-Driven Security, a book covering data analysis and
visualizations for information security.
Mike Jerbic
Going Beyond Emphatic Assertion to Assess a Cyber Risk Model’s
Fitness for Purpose in a Financial Institution
Mike Jerbic is an expert at solving problems and leading
successful programs that interface between law, technology, and markets. He has led
technical, business, and legal teams in diagnosing key problems, architecting
workable solutions, and leading interdisciplinary teams to accomplish results in
activities including the implementation of information security programs, cyber risk
analysis and management, and information governance and compliance. ——Mike’s
experience includes information security product development engineering and
management at Hewlett Packard, information security project management as a
consultant at Visa, technical practice consultant director at CBIZ, independent
board director service at California Hydronics, Public Safety Commissioner service
for the City of Cupertino, and Lecturer at San Jose State University. He leads the
continuous improvement of the profession by chairing the Open Group Security Forum
and leading its Security and Risk Management Work Group and co-chairing the American
Bar Association’s Information Governance Working Group.
Bob Mark
Going Beyond Emphatic Assertion to Assess a Cyber Risk Model’s
Fitness for Purpose in a Financial Institution
Dr. Bob Mark is a Managing Partner at Black Diamond Risk
Enterprises, serves on several boards, led Treasury/Trading activities and was a
Chief Risk Officer at Tier 1 banks. He is the Founding Executive Director of the MFE
Program at UCLA, co- authored three books on Risk Management and holds an Applied
Math PhD. Bob is a past GARP Risk Manager of the Year and is a cofounder of PRMIA.
Nicholas Bakewell
Using Middle Management to Drive Executive Support for an
Information
Security Program in an Atypical Organizational Design
I am a father of three, husband, bookworm, avid coffee
drinker,
and enjoyer of a fine Scotch. Founder and owner of Redwood Cyber Services, LLC, a
cybersecurity consultancy, to finance the previous sentence. While I enjoy the
technical
aspects of cybersecurity, my real enjoyment comes from considering organizational
design, change management, and business process reengineering and the role it plays
in
establishing effective and resilient information security practices. I am a
Certified
Information Systems Security Professional (CISSP) and a Certified Information
Systems
Auditor (CISA).
Apolonio "Apps" Garcia
Introduction to Quantitative Risk Analysis
Apolonio “Apps” Garcia, CRISK, Open FAIR, has over 20 years
of experience in healthcare IT, Information Security, and Risk Management. He has
been applying and teaching quantitative risk analysis, including Open FAIR, for over
a decade.For his day job, he is the CEO and Founder of HealthGuard, a mid-west based
company that provides quantitative risk management software, services and training
to hospitals. He also serves as the Board President of the Society of Information
Risk Analysts (SIRA), and an active member of the Open Group Security Forum, which
maintains the Open FAIR risk analyst standard and related materials.Apps is a
husband, father and decorated veteran of the U.S. Navy.
David Severski
Better Than Beta: Finding the PERT-fict Fit for Event Frequency
David F. Severski is an information security data scientist,
specializing in quantified risk management. He has provided risk management
expertise across diverse industries -- retail, aerospace, finance, energy, and
healthcare. David brings both broad and deep expertise in a number of technical
areas with a special focus on cloud technologies and DevOps practices. He strives to
combine rigorous methods, technical expertise, and a human-centered approach to
advance the state of evidence-based information security risk management. David
lives in Seattle, Washington with a low-maintenance spouse, a high-maintenance house
and a spiffy fedora.
Jon Sternberg
Practical Tips to Enhance Your Data Visualization.
Jon serves as a lead data analyst at Northwestern Mutual, a
Fortune 100 financial services company headquartered in Milwaukee, Wisconsin, USA,
in the company’s Enterprise Information Risk & Cybersecurity organization. With
over 20 years of experience in information security, Jon finds his greatest
engagement in his work when he plays at the intersection of information security,
data analytics, and human behavior. In addition to holding the Certified Information
Systems Security Professional (CISSP), Certified Information Security Manager
(CISM), Certified in Risk and Information Systems Control (CRISC), Certified Data
Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA)
certifications, he is also certified as a Myers-Briggs Type Indicator (MBTI)
practitioner and as a CPI 260 practitioner. His current professional focus includes
data visualization and storytelling, with an emphasis on data analytics in the
Microsoft Business Intelligence stack.
Jon aspires to be an ever-improving servant leader with his faith, love of family
and friends, and empathy at his core. His professional mottos are simple: If serving
others is beneath you, leadership is beyond you; and you’ll never regret being kind.
Milena Rodban
The Risky World of Whisk(e)y: The Geopolitics, Economics, and Technology Behind Every Golden Dram
Milena is an interactive simulation designer and geopolitical risk expert with over a dozen years of experience helping organizations manage uncertainty. Whisk(e)y is one of her favorite drinks, and also a fascinating topic to discuss all the themes that SIRACon covers, including data, technology, security, and risk. Milena is thrilled to be presenting to the always inquisitive and engaging SIRACon audience for the third time. She hopes you’ll pour a dram and join her!
Lisa Young
Using Risk Scenarios in risk identification and analysis
Lisa Young, CISA, CISM, CISSP, is an operational risk and security metrics professional with a passion for solving problems with data. She is a prominent cybersecurity veteran, having worked in government, military, industry, and academia. She holds a Master of Public Policy with a cybersecurity concentration from the University of Maryland and a B.A. in Business Administration from University of South Florida.
Her superpower is preparing security teams to protect and defend their organizations from cyber criminals, respond to crises, and recover when something bad happens. Lisa can be found at: www.linkedin.com/in/lisa-r-young
https://www.rsaconference.com/experts/lisa-young