The official logo of the ORION Risk Forecasting consulting service.

Cybersecurity Risk Forecasting Workshop

Abstract

If the absolute atomic cybersecurity first principle is to reduce the probability of a material cyber event, then knowing how to calculate the current probability is key. You will get hands-on practice with Bayes' Algorithm, Fermi estimates, Superforecasting techniques, and Monte Carlo simulations and you will build your organization's Loss Exceedance Curve with the current probability.

Why take this workshop?

I've been in the cybersecurity business for over 30 years. I've studied all the Cybersecurity Canon’s Hall of Fame books on cyber risk forecasting

  • Hubbard and Seiersen’s 2016 How to Measure Anything in Cybersecurity Risk (Amazon Affiliate Link)

  • Freund and Jones 2014 Measuring and Managing Information Risk: A FAIR Approach (Amazon Affiliate Link)

  • Tetlock and Gardner’s 2015. Superforecasting: The Art and Science of Prediction (Amazon Affiliate Link: https://amzn.to/4pgaiv8

I love those books as an introduction, but they are theories. For all of them, I kept waiting for the chapter at the end that explains how to do it in the real world. They don't exist. This workshop is that chapter.

Interactive Elements:

  • Participants will build, from scratch, in Excel or Google Sheets, a first draft Loss Exceedance Curve that visually demonstrates the probability of a material cyber event to their organization. They will learn how to create random numbers, build Monte Carlo simulations, how and why to use The lognorm.inv() Function, and how to use the Hubbard & Seiersen approximation of the mean and standard deviation.

  • Participants will complete several Fermi estimates.

  • Participants will engage in several Bayes' Algorithm pool table thought experiment exercises.

  • Participants will perform one or two simple Superforecasting estimates.

Agenda

  • An introduction to Cybersecurity First Principles

  • Introductions and Networking

  • An quick overview of the four books that are the foundation of the cybersecurity risk forecasting discipline: "Superforecasting" by Dr. Tetlock, "How to Measure Anything in Cybersecurity" by Hubbard and Seiersen, "Measuring and Managing Information Risk: A FAIR Approach" by the Jack Freund and Jack Jones, and "Cybersecurity First Principles" by me.

  • An overview of three practical Risk Forecasting techniques: Bayes' Algorithm, Fermi Estimates, Superforecasting techniques.

  • Hands On: Bayes' Algorithm pool table thought experiment.

  • Hands On: Fermi estimates

  • Hands On: Superforecasting estimates

  • A discussion of Loss Exceedance Curves and why they are better than Heat Maps.

  • A discussion of how Monte Carlo simulations work.

  • Hands On: Building a Loss Exceedance Curve

  • Wrap it up: Learning Points

Prerequisite Knowledge

  • Anybody interested in risk forecasting but are frustrated with qualitative heat maps

  • Anybody that thinks that quantitative risk forecasting is too hard or too theoretical.

  • A general knowledge of how to use spreadsheets (You don't have to be an expert).

Orion

A consulting company built to provide this workshop and to advise clients on how to do cybersecurity risk forecasting properly.

Need More Information?

Click the Contact button on the top right menu from this page.