Former Pittsburgh Steel Worker and Former New Orleans Saxophonist Partner to Cover Cybersecurity Blind Spots


David and Julian EditedAs a young man growing up in the Pittsburgh, Pennsylvania area working in steel mills, (ISC)2 CEO David Shearer learned early on that a strong work ethic and collaborative spirit were important factors to being successful in business. David met fellow Safety Harbor, Florida-based CEO of PivotPoint Risk Analytics Julian Waits, who was originally a budding saxophone player performing in his hometown of New Orleans, Louisiana at the first annual conference for the International Consortium of Minority Cybersecurity Professionals (ICMCP). After realizing that they both resided in the same town in Florida and worked for organizations that could be mutually beneficial, the two leaders began a business partnership to help advance the automation of cyber insurance decisions in an effort to protect businesses from financial risk in the event of a breach.

By (ISC)² CEO David Shearer

(ISC)² and PivotPoint Risk Analytics have signed a business agreement with the goal of empowering chief information security officers (CISOs) to make more effective security business operations and cyber insurance decisions. The solution, called ‘cyber value-at-risk analytics’ (CyVaR™), aims to support CISOs and information security professionals with the information they need to make more strategic business decisions and mitigate risks.

Some may wonder why we’re venturing into this type of relationship as a longstanding vendor-neutral certification body. Our education and certification programs are based on a Common Body of Knowledge (CBK) and will remain vendor-neutral; however, I’m open to fostering relationships with organizations and companies that can provide benefits to our international membership. We’re doubling up our thought leadership efforts in areas where we see potential blind spots within our membership and the industry.

Simply stated, we know we must do more for our members. When it comes to our certified members, we realize that they use tools and programs for their organizations as part of their jobs. As CEO, I believe that I have an obligation to our members to negotiate discounts—where possible—for existing and/or new offerings that we believe can be helpful in advancing their organizations’ cyber, information, software and infrastructure security. This certainly includes tools and services that can better position their organizations’ ongoing cyber insurance requirements. We are open to discussing opportunities for our membership with any organization or company that wants to present how their offerings can add value to our members, their career development and their respective jobs.

This new partnership provides (ISC)² members with a 35 percent discount for the first year of a CyVaR subscription. The benefit provides our members with another way to demonstrate value to their organization, while also making the job of the CISO more efficient.

Information security professionals can sometimes speak a different language than the leadership they answer to, be it a board of directors, CEO or other executives. The business impact of decisions made by the cybersecurity team needs to be quantified, which is the problem that cyber value-at-risk solutions solves. By changing the conversation from a technical discussion about cybersecurity threats to a business discussion about the potential financial impact of cyber risk, members of the C-suite and board can better position their organizations for increasingly sophisticated cyber threats.

“By quantifying the risk to the most critical corporate information assets and associated software and infrastructure, cyber value-at-risk helps CISOs secure the value of their business and bolster their respect in the boardroom,” said Julian Waits, CEO, PivotPoint RA. “We are excited about this collaboration with (ISC)², a recognized organization that is committed to enhancing the security posture of global organizations.”

CyVaR can help determine, for example, how much money an organization could lose to a cyberattack, how investing in security can reduce their risk and what types of cyber insurance would be advisable to transfer financial risks. The CyVaR approach is endorsed by The World Economic Forum’s “Partnering for Cyber Resilience” initiative and is the common risk quantification for its members.

A webinar will be available on July 12 for (ISC)² members and cybersecurity professionals alike to learn more about the partnership, program and what it can mean for them and their organizations. For more information about the CyVaR solution, please visit

[(ISC)² Blog]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.