Meet us at the following events to discover how a quantitative approach to cyber risk management enables effective decision-making. 

2018 EVENTS  

New York CIO Executive Summit 

June 27, 2018 | Pier Sixty at Chelsea Piers | New York, NY

Join the RiskLens team at this event*: "Our conference is uniquely built By CIOs, For CIOs and offers an unmatched program of networking, sharing insights and candid conversations for New York’s top technology leaders.

Join us to collaborate on the industry’s hottest topics — including virtual and augmented realities, artificial intelligence and deep-learning technologies. You will forge powerful partnerships across the business to elevate the value of IT, from the CMO to the CSO to the CDO."

*courtesy of


ISACA 2018 GRC Conference

Aug. 13 - 15 | Omin Hotel | Nashville, TN

Meet Jack Jones at this GRC-focused event*: "ISACA and The IIA are pleased to once again collaborate to bring you the 2018 Governance, Risk, and Control (GRC) Conference. Join more than 600 governance, risk, and control professionals from 40+ countries at the event that draws together the best and brightest minds to embrace challenges, forge solutions, and define the future of global GRC."

*courtesy of


Global CISO Executive Summit 

Aug. 20 - 22, 2018 | The Westin Hilton Head Island Resort & Spa | Hilton Head, SC

If you're attending this invitation-only event*, make sure to connect with Jack Jones on-site: "With an agenda built entirely 'by CISOs, for CISOs,' the Global CISO Executive Summit provides a platform for us to develop tangible solutions to the biggest challenges facing our community. Now in its sixth year, our invitation-only conference unites the most influential CISOs from North America and abroad for a crucial day of insights, networking and candid conversations."

*courtesy of


2018 FAIR Conference (FAIRCON18)

Oct. 16 - 17, 2018 | Carnegie Mellon University | Pittsburgh, PA

A huge success last year, this year's FAIR Conference will be hosted by the FAIR Institute in partnership with Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy. FAIRCON18 will bring together leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Click here to learn more and register.



FAIR Institute Breakfast at the Gartner Conference 

Jun. 5, 2018 | AC Hotel | National Harbor, MD 

The FAIR Institute will be hosting a breakfast for those in the area attending the Gartner Conference. More details and a chance to RSVP to this event are to follow. 

Annual Charlotte-Metro ISSA Summit 2018

May 10, 2018 | Charlotte Convention Center | Charlotte, NC

Join Jack at the Summit*: 

As a profession, we’ve finally gained the attention of the board and our executives.  Unfortunately, that attention has been gained in large part because of the major cyber related loss events that have occurred.  Now the challenge is to gain, and then maintain, their trust.  But what does trust mean in this context?  What are they trusting us for, and with, and what (if anything) do we need to do differently?  In this session, Jack will share his experiences as a CISO for three different companies, what he’s learned more recently from speaking with board members, as well as what surveys are showing we need to become better at.

IANS 2018 Dallas Information Security Forum

May 2 - 3, 2018 | City Place Conference Center | Dallas, TX

Join Jack Jones at this conference*, which "delivers an immersive curriculum with over 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders.

Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions." 

*courtesy of

CERT Cyber-Risk and Resilience  Symposium

April 24, 2018 | NRECA Conference Center | Arlington, VA 

Jack Jones will serve as a morning panelist for this day-long event* in Virginia: "Carnegie Mellon University’s CERT Cybersecurity Division is hosting a day-long symposium focused on proactively developing and implementing a cybersecurity risk and resilience strategy. A team of experts, from both the public and private sectors, will explore cybersecurity scenarios and provide guidance that you can apply immediately within any organization. Registration to this event is free, but space is limited to the first 200 registrants."

*courtesy of

Issues of Quantifying Risk Around Identity and Access Management (IAM)

Apr. 18, 2018 | 3:00 - 3:45 PM | Moscone West 2018 Esplanade 157, RSA Conference | San Francisco, CA

Identity and access management (IAM) has been a longtime domain for information security. How much energy should we be investing in these programs? How much risk is there for managing identities? Join Jack Jones and other FAIR Institute Members at this session to hear their approaches and understanding of the issues involved.

From "No Data" to "Drowning in Data" - It's Time for a Reality

Apr. 17, 2018 | 3:30 - 4:15 PM | Moscone South Esplanade 157, RSA Conference | San Francisco, CA

For years the information security community has argued that it is hamstrung by a lack of data. Now we’re hearing organizations complain that they don’t know what to do with all of the telemetry they get from their security technologies. In this session Jack Jones will share insights regarding data-related opportunities and challenges, what the future holds, and how we can leverage data effectively.

AGC Partners' 2018 Information Security & Broader Technology Growth Conference

Apr. 16 & 17 | Hilton, Union Square | San Francisco, CA

Join RiskLens' CEO Nick Sanna at this conference*: "AGC’s 14th West Coast Information Security & Broader Technology Growth Conference will be held on Monday April 16th and Tuesday April 17th. Our conferences have become premier showcases for fast growing, predominately private technology companies.  Throughout the two days, attendees will have the opportunity to schedule up to 32 one-on-one meetings with over 400 participating company CEOs and over 450 strategic buyers and growth equity investors that will be present. These one-on-one meetings are the core of our conference series. There will also be high-caliber panel discussions featuring renowned tech industry experts."

*courtesy of


2018 Probability Management Conference on Standardizing Risk

Mar. 27 & 28 |Loring Ward Corporate Office | San Jose, CA

Jack will be speaking at this conference*: "Keeping uncertainty visible through simulation lets diverse stakeholders assess the situation according to their own risk attitudes, allowing them to make well informed risk management decisions. The open SIPmath™ standard has enabled this approach in the modeling of operational risk, and has just been applied to an implementation of the Open Factor Analysis of Information Risk standard (Open FAIR™) to quantify cybersecurity risk.

This conference explores these and other standards that facilitate the adoption of simulated risk management in an effort to better serve diverse stakeholders."
*courtesy of 
Cyber Risk North America


Mar. 20 - 21, 2018 | Marriott Marquis | NYC, NY

Join Jack Jones and the RiskLens team at Risk.Net's Cyber Risk North America in New York. Stop by the RiskLens booth to learn more about managing your cyber risk, and join Jack's live panel session on Day 1 of the conference (March 20 at 11:50 AM) on "Modeling Cyber Risk." If you're sticking around after the conference, join Jack and the AIG team at a post-conference workshop on March 22, "Cyber Risk Management and Quantification for Op Risk and Cyber Risk Practitioners."

Technology and Cybersecurity Risk Management Conference

Dec. 14, 2017 | Location TBD | Toronto, Canada

Hear Jack Jones, EVP of Research and Development at RiskLens and creator of FAIR, shed light on how to go about quantifying your organization's cyber risk in economic terms.

Jack's session will provided answers to some important questions, including:  

  • How and why current risk measurement methods fail
  • How to lay the foundation for effective risk measurement in your organization
  • Common misperceptions regarding cyber risk measurement and why they're wrong.

About this event*:

Information, technology and cybersecurity risk management are near the top of every organization’s priority list. In many cases, however, the subject remains the responsibility of compliance and IT departments despite the pervasive financial, reputational and regulatory risks they represent.

Dealing with an intangible, unpredictable risk to your business that presents tremendous financial, reputational and regulatory threats is a difficult task to grasp, to budge and to keep firmly on the agenda…until disaster strikes.

*courtesy of Acumen Information Services online


IANS Atlanta Information Security Forum

Nov. 1-2, 2017 | Hyatt Regency Atlanta | Atlanta, GA

Hear Jack Jones, EVP of Research and Development at RiskLens and creator of FAIR, give a compelling keynote address, titled "An Unfortunate Gift to Cyber Criminals."

About Jack's keynote*:

Cyber criminals have some inherent advantages -- for example, the ability to pick their target, timing, and techniques. They also have another advantage that is not inherent, but that can be just as powerful -- the fact that most organizations waste resources and are unable to focus on the things that matter most. In this keynote, Jack will share the most common causes for poor cyber risk measurement, as well as the relatively simple things that organizations can do to dramatically improve their cyber risk management focus. 

About this event*:

IANS Information Security Forums offer an immersive, two-day experience built around actionable, deep-dive technical and leadership sessions all delivered by our faculty of world-renowned security experts. Join us for sound, unbiased, research-driven advice on the top-of-mind information security threats and organizational concerns facing today’s enterprise security leaders.

*courtesy of IANS

TBM Conference 2017

Nov. 6-9, 2017 | The Wynn | Las Vegas, NV 

Stop by for a chat with RiskLens CEO Nick Sanna and President & co-Founder Steve Tabacek at Booth #19!

The TBM Conference is the only global event dedicated to providing IT and Finance leaders with the discipline, standards, and strategies to manage the business of IT. Global 1000 CIOs will discuss why they chose to adopt TBM and how the discipline has influenced the value they’ve delivered to their organizations.*

*courtesy of 


ISACA September Chapter Meeting: Modern Cyber and Technology Risk Management

Sept. 14, 2017 | Wellshire Inn | Denver, CO

Summary: Common cyber and technology risk measurement practices today are broken. The result is that organizations struggle to prioritize their risks they face, or understand the value proposition of the risk management initiatives they invest in. In this session, Jack will share the root causes that limit our effectiveness at measuring risk, and provide a workshop on Factor Analysis of Information Risk (FAIR).

Learning Objectives:

    - gain an understanding what FAIR is,
    - have an opportunity to apply it to analyze one (or more) risks.

Be forewarned though, some of what will be discussed will challenge conventional wisdom.

Who should attend
IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.


Cyber Risk North America

June 20 - 21, 2017 | Marriott Marquis Marquis | New York, NY

RiskLens is one of the sponsors of the event and will be present with several executives, including co-founder and President Steven Tabacek and CEO Nick Sanna, besides Jack Jones. 

Join Jack Jones at the panel discussion on June 20th at 11:40 am titled "Quantifying cyber risk exposure"

  • Using the standard Factor Analysis of Information Risk (FAIR) model for risk quantification and analysis
  • Putting a price tag on enterprise-wide loss exposure
  • Justifying the value of cybersecurity to management and the board

Register here.


Atlantic Security Conference

April 27 - 28, 2017 | Prince George Hotel | Halifax, Nova Scotia, Canada

Senior Risk Consultant Isaiah McGowan will be presenting on "Why risk is our bridge between security and business worlds" on April 28 from 10:00 AM to 10:45 AM.

Abstract: There is a need to make well-informed security decisions that align with business expectations. It’s always been there; we’re just more explicit about it today. This session focuses on a core tenant that bridges the gap in communication between security and business focuses: risk. Our most familiar approaches to risk measurement are failing us. What else is out there? And what are the implications for various security disciplines? We will dive into these topics and flesh out a way forward that aligns our security concerns with their business needs.

Register here.


Risk Management Summit

Apr 6, 2017 | Omni Orlando Resort at ChampionsGate | ChampionsGate, FL

Jack will be presenting two sessions at the conference:

9:00 AM – 9:30 AM
Session 1 – Revisiting the Groundwork, Jack Jones
Within the information security and risk professions there are significant differences in how people define and approach risk.  This creates significant challenges to us as professionals for everything from risk measurement, alignment with the business, and communicating with executives. Consequently, in order for the Risk Summit to be productive, it is critical that everyone in the room is on the same page on these fundamentals.

In this first section, we’ll review some basic risk concepts and terminology, which will lay the foundation for everything that follows.

4:15 PM – 5:00 PM
Making the Case to Risk Management, Jack Jones
The primary reason for measuring risk is to help executives make well-informed business decisions. 
That being the case, this final session of the day will focus on the challenges with, and practical approaches for, communicating risk analysis results to management. These tips can make the difference between glazed eyes and genuine interest by the executives whose decisions drive the risk condition of an organization. 

Register here.


FAIR Institute Breakfast Meeting

Feb 15, 2017Morrison & Foerster LLP | San Francisco, CA 

Jack Jones will be presenting a session on 'The Characteristics of a Risk-aligned Leader'

8:00 AM - 10:00 AM

Register here.


RSA Conference 2017

Feb 15, 2017 | Moscone Center | San Francisco, CA 

Jack Jones will be presenting a session on 'Tomorrow's Cyber-Risk Analyst' (PROF-W11)

2:45 PM - 3:30 PM

Abstract: As our industry evolves to better align with the needs of senior executives and boards of directors, the skills and characteristics of professionals need to evolve as well.  In this session, Jack will describe what the next generation of cyber risk analysts needs to look like, where and how they can acquire these capabilities, and what the job opportunities will look like.

2016 Schedule 

MIS|TI Risk Management Summit 2016

December 8, 2016 | Marriott New Orleans, 614 Canal Street, New Orleans, LA

9:00 AM - 10:00 AM

The combination of inherently limited risk management resources and an increasingly complex and dynamic risk landscape means that effective prioritization is crucial. Without it, organizations are unable to identify and resolve their most important issues, and will invariably waste resources and delay resolving important issues.

In this session, Jack Jones will highlight some of the key weaknesses in common (and even “best”) practices, as well as share insights and simple steps organizations can take to evolve their risk management programs. Be forewarned that this will be a “take no prisoners” session, because in order to evolve we have to be honest about what doesn’t work, and why.

Register here


Jack Jones to speak to ISACA Toronto Chapter

November 15, 2016Ivey Tangerine Leadership Centre, 130 King Street West, Toronto ON, M5X1A9


Jack Jones presents an Educational Course on FAIR to New York ISACA Metropolitan Chapter 

November 3, 2016BNY Mellon, 101 Barclay Street, 10th Floor, New York, NY

9:00 AM - 5:00 PM

Course will cover risk prioritization in information security and risk management and how to use Factor Analysis of Information Risk (FAIR) as an approach for effective prioritization and analysis of a risk scenario.

Register here


The Annual FAIR Conference

October 14, 2016Wake Forest University Charlotte Center, 200 North College Street, Charlotte, NC

Hosted by the FAIR Institute, the FAIR Conference brings the foremost leaders in information risk management together to explore best FAIR practices that produce greater value and align IT with business goals.

Stay tuned for more details.


Executive Briefing on Third Party Management

June 16, 2016 | H.E.S.S. Club, Houston, TX

Jack Jones will be presenting on 'Changing Your Third Party Management Strategy for Cyber Security Risk and Compliance.'

3:00 PM - 5:00 PM

Audience members will takeaway

  • Serious challenges to managing risk: Bald tires and space shuttle missions
  • Quantitative vs. qualitative risk measurement — Correcting misperceptions and fallacies
  • Factor Analysis of Information Risk (FAIR) — Understanding a simple and clear model for risk analysis 
  • Communicating third party risk effectively to the c-suite
  • Prioritizing third party risk management efforts effectively
  • Understanding the flaws with current third party cyber risk management methods
  • How to manage third parties effectively by acting like a wolf hunting Caribou


Information Systems Security Association presents Cornerstones of Trust

June 14, 2016 | Crowne Plaza, Foster City, CA

Jack Jones will be delivering the keynote address titled 'Just Secure What?'  

1:30 PM - 2:15 PM

  • Jack will demonstrate the challenges faced by the information security profession.
  • Share practical methods for overcoming them by leveraging the FAIR open standard.  


Evolver's 2nd Annual Cyber Risk Technology Forum

May 17, 2016 | Capitol Hilton, Washington, DC

CEO, Nick Sanna will be presenting on 'Valuing the Invaluable - Identify, Measure & Value Cyber Risk in Financial Terms.'

10:30 AM - 11:30 AM

  • Learn to identify, measure and value individual risks as part of your risk management program.
  • See cyber risk management software that is purpose-built on Factor Analysis of Information Risk (FAIR), the only international standard Value at Risk (VaR) model for cybersecurity and operational risk. 
  • Contact us to request a personal invitation to this exclusive, invite-only event.


April 21, 2016 | Booth #3, Hyatt Regency, Cambridge, MA

Steve Tabacek wil be giving a presentation on 'Leading Cyber Risk Management Practices: Cyber Risk Quantification'

11:25 AM - 12:15 PM

  • Attendees will learn how measurement of cyber risk using analytics and reporting can help decision makers make more informed decisions regarding cyber risk management. 
  • Insight gained from this approach will help provide a return on investment for cybersecurity budgets, prioritize cybersecurity projects/resources, and help determine appropriate capital reserves or determine insurance requirements. 


RIMS 2016 Annual Conference & Exhibition

April 12, 2016 | Room 23AB, San Diego Convention Center

Steve Tabacek will be co-presenting a session on 'Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets' with Chris Cooper, VP, Operational Risk Officer, Reinsurance Group of America, Inc.

        2:00 PM - 3:00 PM

  • Attendees will learn how factor analysis of information risk (FAIR) can be used to quantify cyber risk in financial terms.
  • Adopt business language that translates cyber security risks into executive- and board-understood terms.


Infosec World 2016

April 7, 2016 | Disney Contemporary Resort, Lake Buena Vista, FL

Jack Jones will be participating in several sessions throughout the day. His first presentation will be a session on 'Setting the Stage: What is Risk Anyway? Ending the Confusion'

8:15 AM – 9:00 AM  

  • Attendees will gain clarification about risk, hear examples of what’s making it so confusing, and learn what can happen if the confusion is not alleviated.
  • Learn a clear, meaningful, and practical set of definitions and concepts that can fundamentally change the risk dialog in your organization.
  • Learn how to consistently normalize risk terminology and concepts within your organization.
  • Gain an improved ability to “drill into” and evaluate someone else’s statements about risk.


Jack will also be presenting on the topic of '3 Common Risk Management Pitfalls and Challenges'

       10:15 AM – 11:15 AM  

  • Learn the most common reasons why organizations struggle to manage information security risk effectively. 
  • Learn the simple steps for recognizing, avoiding, and correcting common risk management mistakes where you work.
  • Understand when compliance helps and hurts a security program.
  • Learn why most risk management maturity models miss the point and don’t measure maturity effectively.


Jack will also be co-presenting with Evan Wheeler, DTCC, and Ron Woerner,  Director Cybersecurity Studies, Bellevue University on '5 Risk Measurement and Communication: Triage Exercise'

        1:30 PM – 3:15 PM  

  • Prioritization is one of the most important, and challenging, components of risk management. In this session we’ll share and practice applying methods for triaging things like policy exceptions, audit findings, and vulnerability scan results.
  • Explore and practice using common risk management methodologies including FAIR and the NIST Risk Management Framework (RMF). These enable you to identify, measure, and prioritize security risks to your organizational infrastructure.
  • Sample tools and methods for documenting and communicating risks in your organization.
  • Gain hands-on experience quickly sifting through the noise and identifying the exposures that matter most.


Cyber Risk North America

March 15-16, 2016 | New York Marriott Marquis

RiskLens will be exhibiting at the Cyber Risk North America Forum and participate on a panel on prioritizing cyber risk prevention initiatives. 


RSA Conference 2016

Feb 29-Mar 4, 2016 | Moscone Center San Francisco 

Jack Jones will be presenting a session on 'How infosec maturity models are missing the point' (STR-W04)

Scheduled Date: 03/02/2016 - 10:20 AM - 11:10 AM

Abstract: Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature -- or not. In this session Jack will share what those missing elements are, why they are so critical, how to gauge maturity in those dimensions, and the steps you can take to help make your organization more mature. 

Follow-on Discussion: 03/02/2016 - 4:30 PM- 5:20 PM

Abstract: Continue the How Infosec Maturity Models Are Missing the Point conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees. 


Jack Jones will be participating in a panel discussion on 'Habits of an Effective CISO.' (GRC-R02)

Scheduled Date: 03/03/2016 - 8:00 AM- 8:50 AM

Short Abstract: With less time and more responsibilities, how does an effective CISO manage? Three leading CISO will share their strategies for success. 


Ben Rothke, Senior eGRC Consultant, The Nettitude Group

Phil Agcaoili, Chief Information Security Officer, Elavon
Roland Cloutier, VP & CISO, ADP, Inc.
Jack Jones, EVP Research & Development, RiskLens

Jack Jones will be participating in a panel discussion on 'Aligning and Prioritizing Risk Efforts Across the Enterprise' (GRC-F03)

Scheduled date: 03/04/2016 at 11:20 AM- 12:10 PM

Short Abstract: The responsibility for managing risk rests within many parts of the organization(e.g., audit, security, compliance, etc.). Unfortunately, very often these efforts are redundant or contradictory. In this session, learn how these groups can work together to minimize confusion and “religious” debates in order to better evaluate risk and prioritize in a consistent, efficient, and aligned manner.


Jack Jones, EVP Research & Development, RiskLens

Maria Shaw, VP, IT Risk Management, McKesson
Tess Martillano, MD, IRM Enterprise Services & CIRO, Latin America & the Caribbean, BNY Mellon
Evan Wheeler, Executive Director, Operational Risk Management, DTCC


The Open Group Conference - Enabling Boundaryless Information Flow

Jan 25, 2016 | San Francisco

Isaiah McGowan will present a session on 'Steps to Success - Lessons Learned on Successfully Adopting OpenFAIR'

Abstract: In the two years since it’s establishment as an international standard, OpenFAIR has been adopted by many organizations –from the smallest to the largest- as their risk analysis method of choice. These programs span the spectrum of qualitative and quantitative approaches.

This session will explore key attributes of a successful OpenFAIR implementation, pitfalls to avoid when adopting OpenFAIR, and examples of how OpenFAIR can help mature virtually any risk program.


Tech in Focus: Trends in Cybersecurity

January 12, 2016 | Data I/O, 6464 185th Ave NE #101, Redmond WA 98052

Steven Tabacek will be participating in a panel discussion on 'Trends in Cybersecurity' 

04:00 - 06:00 pm

Come listen to a panel of cybersecurity experts talk about how cyber criminals are forcing the government to rewrite laws, necessitating new technologies to be developed, and fostering a new industry within the tech industry.

2015 Schedule


October 8 - 9, 2015 | Detroit, MI

RiskLens will be attending the annual conference for the Society of Information Risk Analysts.


Tech Risk Forum

August 3 - 4, 2015 | Buffalo, NY

Jack Jones and Chad Weinman will be participating in the annual private IT risk management event. This is the third year we have been involved.   


RIMS 2015

April 26 - 29, 2015 | New Orleans, LA

CXOWARE will be at the RIMS 2015 Conference exhibiting its innovative cyber risk quantification solution RiskCalibrator at the ABA Risk Management Forum in New Orleans, LA.


RMA's GCOR Conference

April 22 - 23, 2015 | Cambridge, MA

Steve Tabacek will be presenting “Translating Propeller-Head Cyber Risk Information for the Board and Executive Management” on Thursday at 11:20am.


RSA Conference

April 20 - 24, 2015 | Moscone Center | San Francisco, CA

Jack Jones will be presenting “Misinforming Management” on Thursday at 9:10am. Information regarding security deficiencies and the value of the security initiatives can affect organization priorities and resource investments. Consequently, if this information is inaccurate it can seriously harm an organization’s ability to achieve business and risk management objectives. In this session, Jack will discuss common information deficiencies, their effects, and how to avoid them.

On Thursday from 1:30 – 2:00pm Jack will have a book signing session where he will be signing copies of his book “Measuring and Managing Information Risk: A FAIR Approach”.


ABA Risk Management Forum

April 14 - 17, 2015 | St. Louis, MO

CXOWARE will be at the ABA Risk Management Forum exhibiting its innovative cyber risk quantification solution RiskCalibrator at the ABA Risk Management Forum in St. Louis, MO.