I help organizations make better decisions about risk.
I’m Tony Martin-Vegue, author, advisor, and consultant focused on transforming how companies measure and manage cyber risk.
Explore My Approach
Speaking & Advisory
I help organizations move beyond color-coded heat maps to decision-ready insights. My work focuses on making risk measurable in financial terms so leaders can act with clarity and confidence
Latest Essays
That Feels Too High”: A Risk Analyst's Survival Guide
When stakeholders say your quantitative risk numbers don't "feel right," there are three main reasons: you missed something they know, cognitive bias is affecting their judgment, or you failed to communicate the numbers clearly.
Six Levers That Quietly Change Your Risk and How to Spot Them
Most people think risk only moves when you add controls, but five other hidden forces are quietly reshaping your exposure behind the scenes.
AGI Dreams: What Keeps a Risk Professional Up at Night
Even a data‑driven risk analyst like me loses sleep when the threat model is a hypothetical, self‑aware AGI that could be friend, foe, or clueless Pinocchio.
The CISO’s White Whale: Measuring the Effectiveness of Security Awareness Training
Most CISOs secretly wonder: does security awareness training actually reduce risk, or just check a compliance box?