About
🔏 Privacy…
Activity
2K followers
-
John Hoffoss shared thisLast week, I commented on Caroline Wong‘s new book. Today, I have the pleasure of hearing from her at the IANS Minneapolis forum! What a happy coincidence and really looking forward to the new book!John Hoffoss shared thisGot my copy of The AI Security Handbook by Caroline Wong. I might be bias but I’m particular fond of chapter 6. “Global exploit prediction models like EPSS offer powerful,scalable insights derived from widespread exploitation telemetry. But not every vulnerability poses the same risk in every environment. This is where the concept of local models becomes essential.” Hard to argue that. And thanks for the props to our very Jay Jacobs & Michael Roytman.
-
John Hoffoss shared thisAnother year, another Distinguished Gentleman’s Ride! In just two weeks, a group of around a hundred Gentlefolk will embark on a tour of the town in a massive motorcycle convoy. This will disrupt Sunday drives as we ride to look great, smile, and wave to the crowd. Our mission is to raise awareness and funds to help fight cancer. I encourage you to join me (https://gfolk.me/jtho) on the ride in any way you can, and remember to stay dapper! (And because it must always be said, fu¢k cancer. 🤘)
-
John Hoffoss shared thisCaroline Wong was one of my favorite SiRAcon keynotes over the years, so I'm looking forward to this book!John Hoffoss shared thisGot my copy of The AI Security Handbook by Caroline Wong. I might be bias but I’m particular fond of chapter 6. “Global exploit prediction models like EPSS offer powerful,scalable insights derived from widespread exploitation telemetry. But not every vulnerability poses the same risk in every environment. This is where the concept of local models becomes essential.” Hard to argue that. And thanks for the props to our very Jay Jacobs & Michael Roytman.
-
John Hoffoss posted thisHave you found any independent analyses of agentic software tools like Claude Cowork or the chatGPT browser? I’m wrestling with lots of requests to use these tools and I can’t find any kind of testing of whether any of the permissions management or restrictions these tools claim to have implemented actually work. If I have to give one of these tools access to a folder via macOS permissions, it has access. No prompt or “OK” button in these program will actually prevent the program from acting without my consent…this has always been the case with software, but once we ask our program to pick its own non-deterministic path of execution and action, what control do I have?
-
John Hoffoss shared thisJoin us as Jack Jones, Doug Hubbard, and Dan Geer – three of SiRA's most popular speakers in our 14 year history – come together to read the tea leaves and help see where we're headed next!John Hoffoss shared thisJoin us for our webinar this month on Jan. 23 at 2 pm ET to hear from Dan Geer, Doug Hubbard, & Jack Jones. Register for free at https://lnkd.in/gy2STTrZ Looking for more content just like this? Sign up for SiRAcon '26 (4/21-4/23 in Boston) while Early-Bird tickets are still available: https://cvent.me/ZZLEEm
-
John Hoffoss shared thisPro-tip for cold connectors: If you’re firing off random LinkedIn requests without a message, at least make sure your profile does the talking. That means a real “About” section, a clear job description, and a sentence or two about what your company actually does. If your title is “Senior Associate VP of BizDev Growth Strategy” at a company called WhizBang.ai, and the only context is a tagline like “We put the cur back in security!”—I’m not clicking accept. If you want meaningful connections, don’t be vague. Be clear about what you’re offering and why you’re reaching out. If being clear doesn't work, then your problem isn’t clarity, you're either missing your target market, or you don't have a market to target.
-
John Hoffoss posted thisPro-tip for cold connectors: If you’re firing off random LinkedIn requests without a message, at least make sure your profile does the talking. That means a real “About” section, a clear job description, and a sentence or two about what your company actually does. If your title is “Senior Associate VP of BizDev Growth Strategy” at a company called WhizBang.ai, and the only context is a tagline like “We put the cur back in security!”—I’m not clicking accept. If you want meaningful connections, don’t be vague. Be clear about what you’re offering and why you’re reaching out. If being clear scares you, the problem probably isn’t clarity.
-
John Hoffoss shared thisMinnesota Spring is upon us and my motorcycle is purring again, breathing in that fresh air and emitting a (usually) soft purr as I put a few miles on. That also means it’s nearly time for The Distinguished Gentleman's Ride — an excuse to get dappered up, flaunt our threads a bit with a few hundred similarly-minded motorcyclists, and give the town a good and respectful showing of what a humongous motorcycle ride looks like. Even better, the DGR is an extension of the Movember Foundation, raising funds for men’s cancer research. My money’s in, as is my annual Ovative Group charitable giving match. If you feel so inclined, I’d be ever so grateful for your contribution and support. (Link in the comments.) And if you’re local, keep your eye around town for a mass of motors on May 18th!
-
John Hoffoss shared thisJoin us to accelerate and tie in your info/tech risk assessment activities into the management of risk across your org. Always a good conference with hallway conversations worth their weight in gold.John Hoffoss shared thisSiRAcon ‘25 is a go! Submit your abstract today @ https://lnkd.in/ghkFnqbk Topics this year include but are not limited to… -Risk Decision Support -Measurement Tips, Tricks, & Tools -Decision Science, Behavioral Science & Data Science -AI in Quantitative Risk Measurement -Risk Measurement Outside of Cyber -How Effective are your Controls? The Call for Presentations closes on Mar. 23, so don’t wait! #SiRAcon25 #ZeroToQuant #QuantERM
-
John Hoffoss liked thisJohn Hoffoss liked thisStudying for the FAIR certification? You *do* need to memorize the FAIR model. When I took mine, there wasn't an app for that. I printed out a blank version of the tree and filled it in with pen and paper until I had it down. So I built the app. There's a learn mode that shows you the full model with all 13 components and their units. When you're ready, switch to practice mode. It clears the tree and gives you a shuffled pool of components to drop into the right spots. Then you assign each one its unit (dollars, probability, or frequency). There's also a definitions quiz that covers all 22 testable items. It's free, runs in your browser, no login required. Hope you find it useful. (ok yeah I used a little bit of Claude Code) 👉 https://lnkd.in/gXJYi4mu
-
John Hoffoss reacted on thisHad a fantastic time at SiraCon 26. Thanks to the Society of Information Risk Analysts (SiRA) board, all the folks involved in making it happen, the other speakers and attendees for the warm welcome and excellent discussions. Having had so many thought-provoking conversations I still have plenty to digest, but two themes that already stand out are the intersection of continuous controls monitoring and quant risk (particularly the importance of control coverage) and the role (and risks) of AI across both domains. Looking forward to continuing the conversations virtually with the community!
-
John Hoffoss liked thisJohn Hoffoss liked thisMost AI risk frameworks only show where risk appears. But governance requires answering two questions: Where is the risk? And how controllable is it? That's why the next evolution of the AI Risk Heatmap is an AI Risk Landscape Map. It evaluates AI risk across three dimensions: • Lifecycle stage • Risk severity • Controllability Because the most dangerous AI risks are not just severe — they are difficult to control. Examples: • External regulatory exposure • Human decision bias • Operational system failures Understanding this difference helps organizations focus governance where it matters most. Responsible AI is not just about safer models. It's about managing risk across the entire decision system. #AIgovernance #ResponsibleAI #AIrisk #EnterpriseAI
-
John Hoffoss reacted on thisJohn Hoffoss reacted on thisMSP came in last place for airport stress — sometimes it's great to just absolutely suck at something 🙋♂️✈️🧳 https://lnkd.in/gJkm3zxK
-
John Hoffoss liked thisJohn Hoffoss liked thisI recently saw Tony Martin-Vegue at SIRACON. He has a new book out: “From Heatmaps to Histograms”. The tagline says it all: A Practical Guide to Cyber Risk Quantification. I highly recommend this book if you are a cybersecurity practitioner interested in risk quantification or if you are curious about how to build or grow a cyber risk quantification program.
Experience & Education
-
Ovative Group
View John’s full experience
See their title, tenure and more.
or
Licenses & Certifications
Volunteer Experience
-
Board Member (Treasurer, Technology Director)
Society of Information Risk Analysts
- Present 16 years 2 months
Science and Technology
🏫 Founding board member of a professional community dedicated to advancing the practice of information risk analysis. Lead operations behind the scenes—handling incorporation, tax filings, nonprofit compliance, banking, and 501(c)(3) recognition—while also owning technical infrastructure as the org’s de facto CTO. Helped turn a shared vision into a functioning, sustainable organization.
-
Co-president & Webmaster
University of Minnesota Habitat for Humanity
- 2 years 1 month
Poverty Alleviation
🏡 Provided leadership and organization for over 100 members. Designed, implemented, and maintained the website and online membership communications. Also worked on numerous Habitat for Humanity job sites coordinating and participating in demolition, framing, and finish carpentry.
💵 Together, the members of the Habitat for Humanity campus chapter at the University of Minnesota raised $25,000 to sponsor the complete remodel of a home in 2001-2002. In the 2002-2003 year, the chapter…🏡 Provided leadership and organization for over 100 members. Designed, implemented, and maintained the website and online membership communications. Also worked on numerous Habitat for Humanity job sites coordinating and participating in demolition, framing, and finish carpentry.
💵 Together, the members of the Habitat for Humanity campus chapter at the University of Minnesota raised $25,000 to sponsor the complete remodel of a home in 2001-2002. In the 2002-2003 year, the chapter raised $50,000 to sponsor the construction of a new home in 2002-2003. -
Head Judge for Minnesota/Iowa State and Midwest Regional Competitions
National Collegiate Cyber Defense Competition
- 8 years
Science and Technology
Created challenging cybersecurity and operational technology scenarios while monitoring the progress of the competition, red team activity, and evaluating the performance of each competing team in a fair and unbiased manner.
Recommendations received
5 people have recommended John
Join now to viewOther similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content