Bayesian Updating
Stop treating threat intelligence as binary. Learn how to update probability estimates with each piece of evidence. You'll master this through an interactive billiards simulation, then apply it to real threat scenarios.
RSAC 2026 Workshop
First Principles
First Principles
Risk Forecasting
The missing implementation chapter for quantitative risk forecasting.
2 Hours
Hands-On Workshop
4 Tools
Interactive Exercises
1 Model
You'll Build
Why This Workshop Exists
Heat maps lie. Numbers don't.
Books like How to Measure Anything in Cybersecurity Risk (Hubbard & Seiersen), Superforecasting: The Art and Science of Prediction (Tetlock & Gardner), and Measuring and Managing Information Risk (Freund & Jones) teach you the theory. In this workshop, you'll leave with applied knowledge, working models, and the confidence to build more.
Fermi Estimation
"How many ransomware gangs target our industry?" You don't know. But you can estimate. Learn to break unknowables into knowable parts. This is how experts reason when data doesn't exist.
Forecasting
Your gut is wrong. So is everyone's. Forecasters aren't smarter—they use structure rooted in academic forecasting research. Apply Tetlock's four-step method to cybersecurity predictions. Base rates. Evidence. Reference classes.
Interactive Workshop Tools
Four hands-on exercises that take you from first principles to a complete risk forecast.
Exercise 1 • 20 minutes
Bayes Algorithm
A white cue ball is hidden somewhere on a billiards table. Where is it? You'll click to guess, then gather evidence (red balls land left, blue balls land right). Each new ball updates your belief. This is Bayesian reasoning.
Watch your forecasts improve with evidence. Then apply this exact logic to cybersecurity: what's the real probability a threat intel alert means you're compromised?
Exercise 2 • 15 minutes
Fermi Estimates
How many piano tuners work in Chicago? You don't know. But you can figure it out. Population times piano ownership times tuning frequency divided by tuners per year. That's Fermi estimation.
Now apply it: How many ransomware gangs actively target healthcare? Break the unknown into knowable parts. Get within 1-2 orders of magnitude. That's good enough to be useful.
Exercise 3 • 10 minutes
Applied Forecasting
"What's the probability we'll experience a material breach in the next 12 months?" Your gut says 30%. But your gut is calibrated on Hollywood movies, not data.
Forecasters use structure: start with base rates, identify distinguishing details, find reference classes, then adjust. You'll apply a four-step method drawn from academic forecasting research to cyber risk. Watch how different it is from your initial guess.
Exercise 4 • 30 minutes
Loss Exceedance Curve
This is why you learned the other three methods. You've estimated probabilities (Bayes), quantified unknowns (Fermi), and made calibrated forecasts (Applied Forecasting). Now run 10,000 simulations.
Build your first Loss Exceedance CurveA curve that shows the chance losses exceed a given dollar amount. using Monte Carlo simulationRunning thousands of random scenarios to estimate a distribution. in Excel. See what losses you can expect at 10th, 50th, and 90th percentilesThe value below which a given percentage of outcomes fall.. This is your working risk model.
Your Instructors
These are practitioners who've done the work teaching others how to do it too.
Brandon Karpf
Leader, International Public-Private Partnerships, NTT Inc.
Brandon leads security partnerships at NTT, coordinating cyber resilience strategy across the Fortune 100 telecommunications company's global operations. Over fifteen years, he has built and led security programs across government, startups, and media—including Vice President and General Manager at N2K Networks, Executive Editor of N2K CyberWire, and operations officer at the National Security Agency and Cyber Command.
He teaches because he has seen what happens when theory meets adversaries. He serves as Operating Partner at Fulcrum Venture Group, Adjunct Professor at the US Naval Academy, and he served as editor of Cybersecurity First Principles: A Reboot of Strategy and Tactics (Wiley, 2023).
Rick Howard
CEO and Co-Founder, Cybercanon Project
Rick is the CEO and co-founder of the Cybercanon Project, an all-volunteer nonprofit curating timeless cybersecurity wisdom. Over 30 years, he has led security teams across government, industry, and media, including CSO at The CyberWire and Palo Alto Networks, CISO at TASC, General Manager of iDefense at VeriSign, Global SOC Director at Counterpane, and Chief of the U.S. Army's Computer Emergency Response Team.
He teaches because he has seen which security programs hold up under pressure. He advises Tidal Cyber, the Center for Internet Security, and Resilience, teaches in Carnegie Mellon's CISO Executive Program, and has authored one book while serving as executive editor on two others.
Additional Resources
These books teach the theory. Our workshop shows you the implementation.
How to Measure Anything in Cybersecurity Risk
The foundational text for quantitative cyber risk. Explains why measurement works, how to apply it, and why your current methods probably don't work.
Superforecasting: The Art and Science of Prediction (Tetlock & Gardner)
What separates forecasters who beat CIA analysts from everyone else? Structure. This book explains the research. Our workshop gives you the practice.
Cybersecurity First Principles: A Reboot of Strategy and Tactics
A field guide to security strategy grounded in first principles, written for practitioners who need tactics that hold up against real adversaries.
Measuring and Managing Information Risk: A FAIR Approach
The FAIR framework for quantifying cyber risk. Shows you how to think about frequency and magnitude systematically.
Workshop Template
Build your own Loss Exceedance Curve in Excel with a fully functional Monte Carlo simulation workbook.
Download LEC Excel Template