About Tony Martin-Vegue

Author. Researcher. Advisor. One of the most experienced voices in modern cyber risk quantification.

I’m an author, researcher, and advisor specializing in cyber and technology risk. For more than twenty-five years, I’ve helped Fortune 500 and high-growth companies understand uncertainty, measure exposure, and make better decisions. At Netflix, I built a full FAIR-based cyber risk quantification program from the ground up, working across engineering, security, and executive teams to bring clear, defensible analysis into everyday decisions. In 2020, I received the FAIR Institute’s FAIR Ambassador Award for advancing quantitative risk practices across the industry.

Today, I work with organizations of all sizes on risk quantification, program design, threat and control modeling, decision frameworks, and executive education. My advisory work spans sectors and includes hands-on training, portfolio-level analysis, and practical guidance for leaders who want clarity, not complication. I also serve as an Executive Fellow at the Cyentia Institute and as an Advisor to Ostrich Cyber Risk, where I help shape CRQ tools and research.

I’m the author of the upcoming From Heatmaps to Histograms (Apress, 2026) and write the newsletter Heatmaps to Histograms: Field Notes. I speak frequently at FAIRcon, SIRAcon, RSA, BSides, and ISACA events, and my writing has appeared in ISACA Journal and Risk.net. My work focuses on bringing measurement thinking, better decision-making, and clear communication into cybersecurity and enterprise risk.

If you want to understand how modern risk analysis really works, or you want help building a program that stands up in the real world, you’re in the right place.