Schedule a Meeting with us at RSAC20

Are you attending RSA Conference 2020? Then schedule a meeting with us to see how RiskLens can help you build a cyber risk quantification program. Simply fill in the form below and one of our account executives will reach out to schedule a time that's convenient for you.

Meeting Request Form:

eBook: An Executives Guide to Cyber Risk Economics

Read the eBook that’s changing how corporate leaders understand and manage cyber risk.

eBook: An Executive’s Guide to Cyber Risk Economics

eBook: An Adoption Guide For FAIR

You understand the power of cyber risk quantification. Jack Jones shows you how to make it real in your organization.

eBook: An Adoption Guide for FAIR

The RiskLens Blog

Our blog features expert commentary on the business and technical issues related to quantitative cyber risk management programs - it is a wealth of knowledge that we are happy to share with you.


"FAIR is a quantifiable, repeatable methodology that has a proven model behind it that is actually relevant to our business...we can actually articulate risk and threat likelihood and consequences, it gets us in a good position as a trusted adviser to the board."

Grant Bourzikas, CISO at McAfee

"If CISOs push back on quantifying potential loss, I find that unacceptable as a board director. CISOs need to advance."

James Lam, Director, E*Trade

"It'’s important that we have a risk-based culture. Risk in my mind is the bridge that connects the business world to the technical world of security controls. We looked at different ways we could be more explicit about a risk-based culture, and we landed on FAIR"

Omar Khawaja, CISO at Highmark Health

"The best thing to do in cybersecurity is to think of it as a risk to be managed. My hope here is that the risk quantification frameworks like the FAIR model will help…collectively, you are definitely moving the country to a better place. "

Representative Jim Langevin, Co-founder of the Congressional Cybersecurity Caucus ,

"Controls and procedures should enable companies to identify cybersecurity risks and incidents [and] assess and analyze their impact on a company’s business."

SEC, Cyber Security Disclosure Guidance