Hi, I’m Demetri!
Enterprise risk professional specializing in cyber risk and governance.
I transform uncertainty into actionable insight by advancing how we think about, measure and report on risk and opportunity.
My professional interests
Risk based decision making
I’m a strong believer in making informed, data-driven decisions that fully consider key dimensions of uncertainty – risk and reward. I’m also appreciative of the role of biases and heuristics and how they can lead to suboptimal outcomes.
Risk governance and oversight
I enjoy tackling challenges related to the translation of complex risks into clear, actionable insights that align with and support business goals. This involves a focus on candid, transparent reporting and relationship building between the board and management.
Cyber risk quantification
I’m particularly interested in using data and analytical methods to quantify cyber risk. Exploring how quantification advances the objectives of prudential regulation through evidence-based decision-making was the central focus of my MSc dissertation.
Cyber performance metrics
I’m skeptical of cyber metrics that don’t help organizations effectively track security performance or make better decisions. This is an issue I’m passionate about solving with practical, actionable solutions.
My background
I’ve spent the greater part of the past fifteen years working in the fields of enterprise and technology risk management. During this time I’ve designed and implemented risk frameworks, worked on improving governance arrangements, and spent considerable time assisting first line colleagues in the improvement of processes and controls. Most of my recent experience has been within the financial services sector, however underpinning this is extensive experience across multiple sectors earned from my time in the consulting field.
Professionally qualified, I hold multiple certifications including CISSP, CRISC and CISA. I’ve also obtained my MSc in Risk, Crisis & Resilience Management from the University of Portsmouth. My dissertation focused on the role of cyber risk quantification in supporting the prudential objectives of financial services regulators in the Caribbean region. I actively support the continued development of the risk profession having volunteered time to furthering the work of the Institute of Risk Management and ISACA at both the local and international level.
If you’re interested in learning a bit more about my background, you can get in touch or visit my Linkedln profile.
My recent writing
-
Simplification matters. It allows us to reach a wider audience. But if we’re not careful, we run the risk of misleading the people we’re hoping to help.
-
It is in our collective interest to think a bit more clearly about institutional issues such as the dangers of governance and funding failures and the MITRE funding scare gives us an ideal opportunity to do just that.
-
To effectively contribute to decision making, risk managers need to abandon the misguided term “positive risk” which conflates the related but distinct concepts of risk and opportunity.
Projects & Professional Contributions
Expert Reviewer – ISACA Whitepapers and Risk Related Publications
I’ve reviewed multiple ISACA publications as a subject matter expert, ensuring ISACAs publications are technically accurate, relevant and aligned with the needs of the profession.
Some of the publications I’ve reviewed: Risk IT Framework & Practitioner Guide, Certified Data Privacy Solutions Engineer Review Manual, Conducting an IT Security Risk Assessment whitepaper and the IT Policy Template for Vulnerability Management.
Course Developer – IRM’s International Certificate in Financial Services Risk Management
I worked with the Institute of Risk Management (IRM) to redevelop the learning materials for their International Certificate in Financial Services Risk Management.
My updates to the “Regulation in Financial Services” and “Introducing Operational Risk in Financial Services” modules helped ensure the course remained current and aligned with industry standards. This redevelopment led to the qualification achieving OFQUAL Level 5 recognition for the first time.
Public Speaking & Presentations
I’ve had the privilege of presenting and contributing to various webinars, workshops, and panels on topics at the intersection of technology, risk, and governance.
Topics I’ve touched on include: the benefits and myths related to cyber risk quantification (ISACA TT), practical steps to enabling an effective risk management culture (ISACA TT), the opportunities and challenges of AI Adoption in the Caribbean (ACCA/BCCI) and AIs role in fraud prevention (ACCA/IIA TT).
Teaching and training – online & in-person
Working with industry associations and academic institutions, I have designed and delivered online courses for secondary school students, technical workshops for professionals, and master’s level modules for postgraduate students.
My areas of expertise include: cybersecurity fundamentals and data protection, technology governance and risk management, cloud computing audit and oversight, and the psychology of risk, it’s influence on risk culture and the benefit of behavior modification in IT environments.