This talk is appropriate for both technical and non-technical audience members who are interested in gaining a better understanding of how to proactively address cybersecurity risk while still supporting the innovation and engineering goals of their organization. We will use the real-life example of the nascent cybersecurity risk management program at Roblox to provide users with practical applications of the concepts we discuss.

In this talk we will cover the following topics:
A brief intro to the role of cybersecurity risk management in a technology organization
Overview of traditional qualitative risk management techniques (heatmap)
Discussion of cybersecurity risk quantification (CRQ) and the Factor Analysis of Information Risk (FAIR) methodology; benefits of quantitative methodology over more traditional qualitative approaches
Tips for introducing CRQ into your organization & notes from the field on how we’ve introduced CRQ at Roblox.

The session will be a 25 minute presentation with two speakers. There will be an opportunity for the audience to ask questions.