About Me

I’m an author, researcher, and advisor specializing in security and technology risk, with over 25 years of experience helping Fortune 500 and high-growth companies build and scale quantitative risk programs. As a hands-on practitioner and leader, I’ve led risk assessments across cyber, fraud, operations, and enterprise domains. I’m the author of the upcoming From Heatmaps to Histograms (Apress, 2026) and the newsletter Heatmaps to Histograms: Field Notes. I frequently speak at FAIRcon, SIRAcon, RSA, BSides, and ISACA events, and my work has been featured in ISACA Journal and Risk.net. I help organizations launch and improve risk programs, select CRQ platforms, and turn complex analysis into decisions that matter. Learn more at heatmapstohistograms.com.