Research
Quantifying What Matters
Moving public sector cybersecurity from subjective heat maps to defensible, data-driven risk analysis.
Quantitative Risk Analysis
Applying the FAIR (Factor Analysis of Information Risk) model to translate subjective risk heat maps into defensible, data-driven estimates that executives and legislators can act on.
Public Sector Cybersecurity
Studying the unique risk dynamics of state government: resource constraints, political accountability, citizen data exposure, legislative oversight, and federated agency models.
Monte Carlo Simulation
Using PERT-distributed Monte Carlo simulations to model loss event frequency and magnitude across 35 state agencies, producing probabilistic risk estimates rather than single-point guesses.
Doctoral Dissertation
Analyzing FAIR's Effectiveness in Estimating Public Sector Cybersecurity Incidents
Institution
Capitol Technology University
Doctor of Science in Cybersecurity
Methodology
Quantitative, non-experimental, correlational design. Retrospective application of FAIR to historical incident data from 10-20 Florida state agencies using Monte Carlo simulation with PERT distributions.
Research Questions
How accurately does FAIR quantify cybersecurity risk compared to historical incident data in state government agencies?
What are the key discrepancies between FAIR-generated risk predictions and actual incident outcomes?
How can the FAIR model be optimized for improved predictive reliability in the public sector?
In plain language: When we use FAIR to estimate cybersecurity risk in state government, how often are we right? That answer matters to every public sector CISO in the country.
Publications
Papers and conference presentations forthcoming as the dissertation progresses.
Interested in research collaboration or discussing FAIR in the public sector?
Get in Touch