It’s Tuesday afternoon. Your Senior Engineer, Sarah, gets a Slack notification: “Unusual database access pattern detected.”

In Part 2, I promised to show you how to run Monte Carlo simulations for FAIR risk analysis. But here's the thing: after spending weeks helping clients quantify their cyber risks, I realized that while Excel works, it's not ideal for the dynamic, collaborative nature of vCISO engagements.

In this article, I will demonstrate how you can use the FAIR methodology, which we introduced in Part 1.

In this series, I will summarize my journey into risk quantification using FAIR, a mathematically and statistically sound framework for quantifying cyber risk, which should help infosec practitioners move beyond traditional qualitative assessments (read: the usual Risk Heath Map) to a more sound (and defensible) financial approach.