Learn FAIR Quantitative Risk Analysis in SANS Courses This Fall

August 23, 2019  Jeff B. Copeland

RiskLens Lead Trainer David Musselwhite will teach two 4-day courses on “Measuring and Managing Information Risk Using FAIR” at the SANS training events in Houston (Oct. 28-31) and Atlanta (Nov. 18-21). Students will walk in beginners on quantitative cyber risk analysis and walk out ready to apply the FAIR model and conduct analyses for their organizations.

RiskLens and SANS, the leading IT training organization in the world, have a growing relationship. David has already taught two SANS course earlier this year, and more will be coming. The latest version of the SANS CIS Controls poster, a handy guide used by many in the profession, covers FAIR, and Frank Kim, leader of the management and software security curricula for SANS, generated a lot of buzz with his talk at the 2019 RSA Conference that portrayed FAIR as filling a gap in the standard security frameworks by enabling financial analysis of cyber risk.

The FAIR training at SANS is based on best practices in adult learning, David says, designed to keep students engaged with lots of hands-on activities, role playing and practice. For instance, students act out one of the challenges of the data-collection phase of FAIR analysis–eliciting a calibrated estimate from a subject matter expert in the organization–with David playing the role of the SME. David says his teaching style is to “ask a lot of guiding and prompting questions. That’s how things stick in our brains.”

Student reviews of the SANS course have been outstanding. Some reactions to the SANS Orlando training, earlier this year:

“This course is a necessary first step for all future cyber risk analysts.”

“Valuable content speaking to real-life decisions I face every day — I’ve never been to a better session on risk analysis.”

“The content was fantastic, and the activities gave insight into how to practically apply the methodology. Even better, the course was delivered by a passionate, knowledgeable, experienced expert.”

Reserve your spot for the SANS FAIR course – sign up for Houston (Oct. 28-31) or Atlanta (Nov. 18-21).


For more training and educational opportunities on FAIR, quantitative cyber risk analytics and the future of risk-based cybersecurity, attend the 2019 FAIR Conference by the FAIR Institute, September 24-25 at National Harbor, MD, near Washington, DC. Learn more about FAIRCON19.