In this episode, Raj Krishnamurthy speaks with Tony Martin-Vegue, seasoned risk practitioner, speaker, and co-chair of the FAIR Institute San Francisco chapter. Tony shares decades of lessons learned from leading cyber risk management at Netflix, Gap, and other major enterprises—showing how to move from qualitative heat maps to quantitative insights that drive smarter business decisions.
He breaks down Monte Carlo simulations, risk modeling, and the six levers that influence risk—all through a practical, approachable lens. Tony also explores how generative AI is transforming risk quantification and what every CISO, analyst, and engineer can do today to make risk measurable, actionable, and business-aligned.
Key Takeaways
- CRQ doesn’t require perfection—start with what you have and refine over time.
- The most effective risk programs focus on directionally correct data, not precision.
- Good risk scenarios clearly define asset, threat, and effect to avoid misalignment.
- Generative AI accelerates scenario development, data research, and model creation.
- CISOs should demand more from risk teams—move beyond “pick a color” heat maps.
Topics Covered
- Cyber risk quantification (CRQ)
- Monte Carlo simulations and modeling
- Risk scenario design and measurement
- GRC and compliance integration
- Generative AI in risk management
- Moving from qualitative to quantitative risk
- Improving risk hygiene and maturity
- CISO leadership and risk culture
What You’ll Learn
- The difference between qualitative and quantitative risk methods
- How to conduct your first risk quantification in Excel
- Why Monte Carlo simulations are simpler than most think
- How GRC, compliance, and security teams can collaborate effectively
- The six levers that influence risk magnitude and frequency
This podcast is brought to you by ComplianceCow:
ComplianceCow helps enterprises automate GRC, shift compliance left, and continuously monitor controls across the business.
Learn more at ComplianceCow.com
Connect with our guest: Tony Martin-Vegue on LinkedIn
- Co-Chair, FAIR Institute San Francisco Chapter
- Former Risk Leader at Netflix and Gap Inc.
- Author, From Heat Maps to Histograms (coming 2026)
Subscribe toSecurity & GRC Decodedon your favorite platform:
- Spotify
- Apple Podcasts
- Explore all episodes: ComplianceCow.com/podcast
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
iHeartRadio 24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com