Conference Presentations

risk management

  • Artificial Intelligence's Impact on Risk Management

    I had an opportunity to chat with RIMS members about global opportunities and threats of in the risk management industry.

  • Awesome GRC Conference!

    I just finished the 2017 Governance, Risk and Compliance (GRC) conference in Dallas, TX. The conference was co-sponsored by ISACA and IIA.  Excellent keynote speakers this year and I heartily recommend this conference for anyone seeking to learn how to solve governance, risk, and compliance challenges in your organization.

    My presentation is titled 'How Risk Culture Affects Compliance and Internal Controls' and focuses on how organizational culture can cloud decision maker's judgement.  Checkout my presentation and beware of Risk Hurricanes.

  • CIO Magazine Rates Top CRC Certifications

    The top 6 Governance, Risk and Compliance certifications

    CRISC vertical 78x1291. Certified in Risk and Information Systems Control (CRISC) One of the most sought-after GRC certifications by candidates and employers alike is the CRISC from ISACA, which identifies IT professionals who are responsible for managing IT and enterprise risk and ensuring that risk management goals are met. A CRISC is often heavily involved with overseeing the development, implementation and maintenance of information system (IS) controls designed to secure systems and manage risk. Since 2010, ISACA has issued over 18,000 CRISC credentials, which is a relatively high number in the GRC certification field.


    CGEIT Vertical 74x1392. Certified in the Governance of Enterprise IT (CGEIT) The CGEIT certification, by ISACA, recognizes IT professionals with deep knowledge of enterprise IT governance principles and practices, as well as the ability to enhance value to the organization through governance and risk optimization measures, and align IT with business strategies and goals. Since the program started, more than 6,000 individuals have achieved the CGEIT credential through ISACA.


    pmi rmp3. Project Management Institute-Risk Management Professional (PMI-RMP) Anyone who has pursued a project management certification is familiar with the Project Management Institute (PMI), either through research or by picking up the coveted Project Management Professional (PMP) credential. However, PMI also offers the Risk Management Profession (PMI-RMP) certification, as well as several others that focus on business management, processes, analysis and scheduling.

    The PMI-RMP identifies IT professionals involved with large projects or working in complex environments who assess and identify project-based risks. They are also competent in designing and implementing mitigation plans that counter the risks from system vulnerabilities, natural disasters and the like.

    Read More

  • Disciplined Execution

    disciplined smallA disciplined process with emphasis on simplicity and flexibility yields a highly effective process that is dynamic and can quickly adapt to changing market conditions.  An effective risk management program includes both a strategic and a tactical component.  The strategic component of risk management begins with a set of risk management principles that includes management acknowledgement and support, recognition that risk management is an inexact science, and recognition that a disciplined approach yields significant value to the organization.  Another key principle is recognition that, even though risk management is an inexact science, the risk management process must be disciplined and systematic.  A disciplined and systematic risk management program facilitates continual improvement and creates true value for the organization.  A disciplined and systematic risk management approach also helps avoid overspending on risk management.  It doesn’t make sense to spend $100,000 to treat a risk with a $20,000 impact. A disciplined risk management approach will quickly identify cases where the cost to treat a risk exceeds the cost of the impact and can divert the remaining effort to higher priority risks.

  • Joseph Mayo Selected to Speak at EuroCACS 2019!

    EuroCACS 2019 LogoEuroCACS 2019 is the premier cybersecurity and risk management conference that  brings together experts and practitioners from throughout Europe. Risk management practitioners from a wide range of industries, including finance, banking, tech services, government, insurance, medical and more will converge on Geneva Switzerland in October to dive deep into information security and discuss cybersecurity's impact across all fields of information systems and technology.

    Please join me for my session NextGen Risk Management. Disruptive technologies like artificial intelligence (AI), the Internet of Things (IoT), and nanotechnology are driving change at an unprecedented rate. AI can accomplish in four hours today what took humans a thousand years or more to accomplish.

  • New Writing Project

    Bimodal Risk Management - A Survival Guide for the Future

    I have started my next writing project that presents a risk management approach to help people and organizations cope with the massive technologic change we are facing today. Today we are on the verge of a technologic explosion fueled by artificial intelligence (AI), Internet of Things (IoT), deep learning, Big Data,  technology robots, and other disruptive technologies.  These disruptivie technologies are rapidly and dramatically altering the world we live in; pushing the pace of technological evolution to warp speed. 

  • Simplicity is the Key to Success

    simplicity smallMany organizations and tools tend to complicate risk management by utilizing complex prioritization schemes, algorithms, and procedures.  I have found no evidence or studies to indicate that complex prioritization schemes provide more effective risk management capability than simplistic prioritization schemes or processes.   Organizations that focus on simplicity and risk management fundamentals tend to be very successful because they can easily and quickly adapt to changing market conditions.  The ability to quickly adapt to changing market conditions is clearly a critical success factor in our current global economy.  The epic rise and fall of BlackBerry is a striking example of what happens when an organization does not recognize and adapt to rapidly changing industry trends. 

  • Soft Cover and e-Book Coming Soon!

    Soft covers and e-books will be available soon on this website and  Stay tuned for launch updates!

  • Speaking at ISACA Ireland 2019 Annual Conference


    Please join me in Dublin for the annual ISACA Ireland risk management conference.  This year's conference theme is The Fundamentals are Fundamental. My session for this year's conference is entitled "Effective Threat Modelling with CAPS and OARS". This session will explore some fundamental aspects of threat modelling by focusing on organizational assets and proactive opportunity management.

  • The Good, The Bad, and The Ugly

    2018 ISACA Ireland Logo

    Another fantastic conference by my ISACA Ireland colleagues!

    Disruptive technologies such as AI, IOT, and Bots are driving frenetic change in nearly all industries. Experts at IBM suggest that, by the end of this decade, disruptive technologies will cause the collective knowledge of humankind to double every 12 hours. This dramatic rate of change presents incredible opportunities (The Good) as well as unprecedented risk (The Bad). Unfortunately, current risk management practices are woefully inadequate for dealing with the unparalleled risk associated with the Post-Information Age (The Ugly). Checkout my session, Risk Management in the Post-Information Age

    This session will explore risk management practices from the 1500s to today and make a case for the rapid evolution of current risk management practices. The session will present bimodal risk management as the next generation of risk management practices. Bimodal risk management allows organizations to achieve compliance-driven value preservation while simultaneously using value creation to capitalize on the opportunities presented by disruptive technologies. During the session, we will explore examples of disruptive change in the financial sector, transportation sector, and others. We will offer specific strategies and tactics that enable organizations to prepare for the future and set the stage for transitioning to bimodal risk management.