About Me

Hi, I’m Tony Martin-Vegue. I work at the intersection of cybersecurity, risk, and decision-making - and have for over 20 years.

I’m a practitioner and a leader. I’ve built and led technology risk programs at Netflix, LendingClub, and others, always blending strategic vision with deep technical expertise. My work focuses on helping organizations navigate uncertainty, make smarter, data-informed decisions, and move beyond compliance theater toward real risk reduction.

Along the way, I’ve spoken at conferences like RSA, FAIRcon, various B-Sides, SIRAcon, and ISACA Risk Forum, and contributed to publications and frameworks for ISACA, RIMS, and Risk.net. I believe in making risk accessible: translating complex ideas into clear, actionable insights for leaders, boards, and practitioners alike.

This site is where I think out loud. I write about:

• Why risk heatmaps belong in a museum

• What Monte Carlo simulations actually tell us

• How broken incentives quietly shape our biggest security failures

• And how to make risk data useful enough to matter

I’m particularly obsessed with security economics: the weird world of mispriced risk, asymmetric information, and incentives gone sideways. From the market for lemons to ransomware-as-a-service, the more you zoom out, the more security starts to look like a behavioral economics case study. It’s not just about threats and controls—it’s about budgets, beliefs, and broken feedback loops.

Outside of work, I bake sourdough, walk my dogs in the woods, and get disproportionately excited about historical metaphors and spreadsheet-based storytelling.

If you’re looking for a speaker, writer, or podcast guest who can bring clarity (and a bit of edge) to security, risk, and the economics behind it all - get in touch. I love collaborating with smart people and smart audiences.