New Post: SIRAcon 2024

.vscode/settings.json

@@ -12,6 +12,7 @@
         "CISO",
         "Cofense",
         "CONOPS",
+        "CRAN",
         "Cyentia",
         "Danyel",
         "dastergon",
@@ -53,6 +54,7 @@
         "Petoff",
         "Provan",
         "PSAS",
+        "quantrr",
         "readr",
         "reimagining",
         "Renn",

_posts/2024-08-29-siracon-2024.md

@@ -0,0 +1,24 @@
+---
+layout: post
+title: SIRAcon 2024
+author: jabenninghoff
+tags: ["SIRAcon", "R", "Risk Quant", "Talks"]
+comments: true
+---
+[SIRAcon 2024](https://societyinforisk.org/SiRAcon24) wrapped up last Thursday, and once again the conference didn't disappoint! We had an amazing line-up of speakers this year, and all of the [talks](https://web.cvent.com/event/7f49b0a6-bca9-46fd-8245-a2deb671efee/websitePage:23d1376e-2723-411a-910a-0edf87b03015) were excellent! We also had a diversity of talks; academic and non-academic, quantitative and qualitative approaches, confidentiality and availability, technical and human risk. All but one of the talks were recorded and currently available to attendees on the conference website and will be available to members on the SIRA website after they are uploaded.
+
+Once again, I was honored to be selected as a speaker, and my talk, "[UnFAIR: Simplifying and Expanding Technology Risk Quantification](https://web.cvent.com/event/7f49b0a6-bca9-46fd-8245-a2deb671efee/websitePage:23d1376e-2723-411a-910a-0edf87b03015?session=956b9176-13ad-4dac-af3c-e8ccb30bae8a&shareLink=true)," was well received, and even generated some agreeable disagreement! While some disputed my assertion that FAIR (Factor Analysis of Information Risk) is not suited to risks outside of cybersecurity, I stand by my assertion: while FAIR *can* be used to quantify any risk, the language, once you get past the top level, is specific to the cybersecurity domain, and can be confusing for other types of risk, such as operational risk.
+
+## quantrr
+
+In my talk, I presented a [demo](https://jabenninghoff.github.io/security/analysis/rq-demo.html) of a new Risk Quantification tool designed to be more flexible, use statistical distributions that better fit the data, and ultimately meet the needs of an analyst who is trying to start a risk quantification practice with limited time and no budget.
+
+Since attendees expressed interest in trying out the tool, I wanted to make it more accessible, including to people with little or no experience using R. To address this, I spent time this week repackaging the demo and am excited to announce version 1.0 of [quantrr](https://jabenninghoff.github.io/quantrr/) (QUANT-R)! quantrr is bundled as an R package (library) and includes documentation on how to quickly get started using a "standalone" version and how to integrate quantrr into your existing R analysis and publishing workflow. Using the Quick Start instructions, you should be able to have an example report based on the demo up and running in less than an hour.
+
+If you've learned [FAIR](https://en.wikipedia.org/wiki/Factor_analysis_of_information_risk) or read Hubbard's [How to Measure Anything](https://www.goodreads.com/book/show/444653.How_to_Measure_Anything) and want to get started quantifying risk with something other than Excel, give quantrr a try!
+
+It's very much an [MVP](https://en.wikipedia.org/wiki/Minimum_viable_product) release, by design, to get early reactions. I already have some things that I'd like to improve, and I would greatly appreciate feedback from any and all who give it a try, either sent to me directly or through [GitHub](https://github.com/jabenninghoff/quantrr/). Reproducible bugs, feature requests, and pull requests are all welcome, I'd love to see it evolve into a community supported project and submitted to [CRAN](https://cran.r-project.org) to become an official R package!
+
+## Slides
+
+Slides from my talk are available [here](/assets/siracon2024-benninghoff.pdf), and [this](https://bento.me/jbenninghoff) is the link from the QR code I shared at the end.