Presentation: Using Data to Measure Risk in Cyber Systems

Track: Security: Lessons Attacking & Defending

Location: Pacific DEKJ

Duration: 11:50am - 12:40pm

Day of week:

Level: Intermediate

Persona: Developer, General Software, Security Professional, Technical Engineering Manager


Risk analysis in cyber systems remains an immature field with significant potential. Despite widespread belief that cyber can't be quantified, the tools and data already exist to significantly improve risk management. In this talk, we'll review the literature on risk quantification and discuss examples of data-driven risk analysis.

Speaker: Marshall Kuypers

Director of Cyber Risk @QadiumInc

Dr. Marshall Kuypers is the Director of Cyber Risk at Qadium, an SF-based startup. He received his doctorate from Stanford, focusing on data-driven methods for quantifying cyber risk. Marshall was a fellow at the Center for International Security and Cooperation (CISAC) from 2014-2016 where he worked on projects ranging from policy to technical matters in computer security. Marshall has also modeled cyber risk for the Jet Propulsion Lab, and assessed supply chain risk in cyber systems with Sandia National Labs. He was also the Co-President of the Stanford Complexity Group while at Stanford.

Find Marshall Kuypers at