Slides from Tony Martin-Vegue's presentation at SIRAcon (Cincinatti, OH) on April 30, 2019
We make estimates every day in the process of performing risk assessments. We regularly estimate the probability of a data breach, effectiveness of awareness training or projected staffing levels for the next 5 years.
Here’s the problem: humans are horrible at making estimates! All sorts of bias cloud our judgement, making it difficult to make good security decisions. Here’s the good news: it is possible to overcome some of these inherent biases with many of the same techniques that professional bookmakers use to set odds when placing and taking bets. Attend this hands-on session to learn how to overcome your bias and become a better estimator. All attendees will take a test to determine estimation skills and will receive personalized feedback on what kind of bias is present. Bring a $20 bill to place bets – don’t worry, you’ll get it back!