Blog

At SiRAcon 2025, we're not just measuring risk—we’re exploring how risk decisions actually get made. That’s why this unique track dives deep into the intersection of Decision Science, Behavioral Science, and Data Science—disciplines that go far beyond numbers and models to influence the very core of enterprise risk management.

Why this track matters

In theory, good data should lead to good decisions. But in practice? It's messier. Cognitive biases, organizational politics, incomplete information, and poorly designed models can all distort risk assessments and decisions. This track confronts that reality head-on.

By blending technical methods with human insight, speakers will share strategies for making risk quantification more useful, usable, and actionable across the enterprise.

What to Expect from this Track

Decision Science: Structuring Better Choices

How do you move from quantification to action? Decision science provides frameworks for structuring options, defining objectives, and assessing tradeoffs under uncertainty. Sessions in this area will explore:

• How to frame risk questions that matter to executives

• Using decision trees, value of information, and utility curves to clarify priorities

• Real-world case studies of decisions improved (or distorted) by modeling

Behavioral Science: Understanding Risky Humans

Risk isn’t just technical—it’s deeply human. Behavioral science helps us understand how people perceive, misinterpret, and respond to risk. This sub-track explores:

• Common biases in interpreting risk data (e.g., overconfidence, probability neglect)

• Organizational friction: how teams resist or misapply quant models

• Nudging better decisions with communication, design, and defaults

Data Science: Driving Better Inputs

Behind every credible model is a mountain of messy, fragmented data. Data science helps risk professionals:

• Clean and structure data from disparate sources

• Automate updates and detect outliers

• Apply machine learning techniques with caution and transparency

You’ll also hear from practitioners who are bridging the gap between raw telemetry and business-relevant insights, using real-world data pipelines to power meaningful risk decisions.

Risk Isn’t Just a Number—It’s a Decision Process

This track will challenge attendees to think differently about the role of quantification. It's not about producing the “perfect” number—it’s about producing information that improves decisions under uncertainty.

You’ll leave with frameworks, stories, and tactics for:

• Making your models more decision-relevant

• Communicating uncertainty more effectively

• Designing processes and cultures that absorb, not resist, risk intelligence
  
  

Join Us

If you’ve ever asked “Why aren’t they using our risk analysis?”, this track is for you. Decision, behavioral, and data science offer practical, often surprising answers—and this year’s speakers are bringing their best lessons forward.

Because at the end of the day, a quantified risk is only valuable if it helps someone make a better choice.

Fix the Data. Trust the Model. Move Faster.

Behind every successful risk quantification effort is something most people never see: a messy, manual, and often frustrating process of wrangling data, building models, and troubleshooting why they just don’t behave like they should. That’s the reality of risk measurement—and it’s exactly what the “Measurement Tips, Tricks, & Tools” track at SiRAcon ‘25 is here to tackle.

This track isn’t about flashy dashboards or the latest software suite. It’s about the everyday work of making quantification practical, defensible, and trusted. If you've ever thought, “this model looks right, but something feels off,” or spent hours trying to clean a spreadsheet someone exported from an obscure legacy system—this track is for you.

Data Hygiene in the Real World

Before you model anything, you have to trust your data. That’s easier said than done when your inputs come from ticketing systems, config management databases, threat intel feeds, or one-off subject matter expert interviews.

In this session, you'll learn proven methods for:

• Spotting common inconsistencies in real-world cyber risk data

• Creating defensible assumptions when you don’t have a complete dataset

• Validating source quality—and knowing when a source is too noisy to use
  Building workflows that let you revisit and update assumptions without starting from scratch

If garbage in = garbage out, this is how you take out the trash before it corrupts your model.

Troubleshooting Quant Models

“My loss exceedance curve looks weird.” If you’ve ever said that out loud, congratulations—your LEC does in fact look weird, but you’re not alone. Diagnosing why your model output seems “off” takes more than gut instinct, which is what this talk track is about. This session will give you the skills to reverse-engineer your models when the results don’t match expectations.

Some possible topics to explore:

• How to identify hidden bias in your estimates or distributions

• Techniques for sensitivity analysis that highlight which inputs matter most

• Warning signs that your simulation isn't converging—or is overfitting to bad data

• Ways to communicate uncertainty and model limitations without undermining credibility
  
  

It’s not just about making models—it’s about making models that hold up under scrutiny.

Scripting Smarter Simulations

Monte Carlo models are the backbone of modern risk quantification—but building simulations that are fast, flexible, and maintainable is an evolving art.

Sessions in this track might walk through:

• Structuring simulations so they scale and adapt as your data evolves

• Writing modular code in Python, R, and Excel to reduce manual work

• Running multiple what-if scenarios in parallel without rewriting your logic every time

• Avoiding common performance bottlenecks when running large simulations
  
  

If you’re stuck in a spreadsheet swamp, or want to build scripts that do more of the heavy lifting, this will get you there faster.

Shortcuts and Time-Savers

Risk teams are often under-resourced and over-asked—so efficiency isn’t a luxury, it’s a necessity. These sessions are full of “if only I knew this sooner!” kinds of tricks that help you move faster without compromising accuracy or integrity.

Talks in this track aim to address:

• Lightweight ways to automate recurring analysis tasks

• How to templatize your modeling workflow to reduce errors

• Creative ways to repurpose prior assessments and speed up scenario development

• Quick checks you can run to spot red flags before presenting results
  
  

Because the faster you can get to reliable insight, the more time you have to act on it.

Your Quant Practice, Supercharged

The Measurement Tips, Tricks, & Tools track delivers practical knowledge that risk professionals can apply the very next day. It’s for the people doing the work—building models, validating inputs, debugging strange outputs, and constantly evolving their methods to be more credible and more actionable.

When you walk away from these sessions, you won’t just know how to measure risk—you’ll know how to do it better, faster, and with a lot more confidence.

At SiRAcon ‘25, we’re not just pushing boundaries—we’re refining the engine behind the insights that matter.

In the world of risk analysis, knowing the numbers is just the beginning. The real challenge, but also the value, lies in using those numbers to support better decisions. That’s why the Risk Decision Support track at this year’s SiRAcon 2025 will be insightful for anyone looking to advance from quantifying risk to managing it strategically.

From Zero to Quant to ERM

Continuing the evolution from last year’s theme “From Zero to Quant,” this year’s theme “From Zero to Quant to ERM” spotlights the journey organizations are on: from beginning their risk quantification efforts, to integrating those efforts into broader enterprise risk management (ERM) strategies. At the heart of that journey is decision support - the ability to turn data into action.

Why Risk Decision Support Matters

Quantifying risk isn’t just about producing numbers; it’s about helping leaders make informed, defensible decisions under uncertainty. Whether you're prioritizing controls, selecting vendors, allocating budget, or evaluating cyber insurance options, quantitative models provide a structured way to weigh trade-offs and assess outcomes.

This track is for analysts, CISOs, risk managers, and decision-makers who want to bridge the gap between technical measurement and real-world action.

What to Expect in This Track

The Risk Decision Support track will cover topics such as:

• Using Quant Models to Drive Action: Learn how organizations are applying Monte Carlo simulations, Value-at-Risk, and expected loss modeling to prioritize cybersecurity initiatives, justify budgets, and communicate risk in financial terms.
  
  

• Decision Frameworks That Integrate Quantification: Discover methods for embedding quantitative risk assessments into strategic frameworks - such as cost-benefit analysis, decision trees, and Bayesian updating to support rational, transparent decision-making across the enterprise.
  
  

• Real-World Case Studies: Hear from practitioners who’ve operationalized quant models, and learn what worked (and what didn’t) when translating analytics into business value.
  
  

• Bridging the Analyst–Executive Gap: Explore communication strategies for presenting quantitative results to non-technical stakeholders, ensuring data drives decisions without getting lost in translation.
  
  

Take the Next Step in Your Risk Journey

SiRAcon 2025’s Risk Decision Support track is your opportunity to explore how cutting-edge quant methods are being transformed into powerful decision-making tools. Whether you're deep in the modeling weeds or steering enterprise strategy, this track will spark new ideas and deliver practical insights you can apply immediately. Don’t miss the chance to be part of the conversations that are shaping the future of risk management. Let’s move beyond metrics and toward meaningful, data-driven decisions.

SIRAcon ‘25 is set to take place September 9th-11th at the Boston Federal Reserve. This year's theme, "From Zero to Quant to ERM," highlights the evolving landscape of risk analysis. Building on its strong foundation in cyber risk quantification, this year's conference expands its focus to include broader Enterprise Risk Management (ERM) practices. Attendees can expect practical insights, hands-on guidance, and strategic frameworks to improve risk measurement across the enterprise.

Presentations this year will center around several possible topics:

• Risk Decision Support

• Measurement Tips, Tricks, and Tools

• Decision Science, Behavioral Science, and Data Science

• AI in Quantitative Risk Measurement

• Risk Measurement Outside of Cyber

• Control Effectiveness

Risk Decision Support

Risk quantification can guide strategic decision-making. Presenters will share methods for integrating risk data into prioritization and resource allocation processes, ensuring that organizations make informed decisions backed by quantified insights. Expect sessions that explore techniques like financial impact modeling, showcasing how risk quantification can improve outcome predictions and help leadership make data-driven decisions.

Measurement Tips, Tricks, and Tools

Practitioners looking to improve their risk measurement processes need actionable strategies for enhancing data collection, analysis, and visualization. Expect sessions that will provide practical techniques for streamlining risk quantification efforts, ensuring practitioners can deliver clear, meaningful insights that resonate with stakeholders.

Decision Science, Behavioral Science, and Data Science

Effective risk management requires more than just data – it demands an understanding of how people interpret and act on that data. By applying behavioral science principles, risk professionals can enhance their ability to communicate insights, drive change, and improve outcomes. Expect sessions that delve into psychology, cognitive biases, and data modeling to help attendees improve decision-making under uncertainty. 

AI in Quantitative Risk Measurement

Artificial intelligence and machine learning are revolutionizing risk quantification. Leveraging AI requires best practices to improve accuracy, efficiency, and insight in risk models. Expect sessions that offer practical applications of AI for forecasting, automation, and enhancing decision support capabilities.

Risk Measurement Outside of Cyber

Risk quantification isn't limited to cybersecurity. Risk quantification techniques can be applied to broader domains, such as supply chain risk, financial risk, and environmental risk. Expect sessions that provide strategies for expanding risk frameworks to align with enterprise-wide objectives and improve resilience.

Control Effectiveness

Ensuring that controls perform as intended is crucial for mitigating risk. Practitioners require practical strategies for assessing control performance, identifying gaps, and measuring control effectiveness. Expect sessions that provide frameworks for improving control designs, tracking key metrics, and ensuring alignment with organizational risk objectives.

Come Join Us!

SIRAcon ‘25 promises to deliver valuable insights for risk professionals seeking to expand their skill sets and improve decision-making in their organizations. Whether you're new to risk quantification or looking to build on existing practices, this year's conference will provide the tools and knowledge needed to advance from zero to quant to ERM.

You can register for SiRAcon ‘25 here.

Watch your email, LinkedIn, and the SiRAcon event site for the full agenda to be posted in April!