Cisco is using the FAIR methodology to standardize how the company talks about and decomposes risk. Its framework has been paired with data analytics to scale threat vector scenario models informing operational and investment decisions. Early on, the focus was on individual use case modeling in support of return on risk mitigation decisions; this continues today. However, from the outset, Cisco has had its sights on building capabilities for analyzing large bodies of assets simultaneously. This is no small undertaking. The company has been investing in the defensibility of the FAIR model’s statistical underpinnings, model assumptions, subject matter expert inputs, and loss magnitude resources for the past few years. Cisco is also a strong advocate for cyber security talent pipeline development with research and academic partnerships globally. They believe that a well-rounded cyber security education should include business acumen and risk skills, which enable professionals to communicate cyber security risk in terms of financial and economic exposure for the business.