Hi, I’m Tony.

I’m here to make cybersecurity less about fear and more about rational decision-making.

That starts with risk, economics, and cutting through the noise.

I’m less interested in frameworks and more interested in outcomes. Less “best practice,” more actual practice. I believe security should be measurable, risk should inform decisions, and that compliance theater is wasting everyone’s time.

I cover topics like quantitative risk, security economics, and the psychology of bad choices — because behind every breach is a human, a budget, and a spreadsheet that no one believed.

Latest Essays

Featured
Zines, Blogs, Bots: A Love Story
Zines, Blogs, Bots: A Love Story

After a quiet stretch spent baking bread and relearning balance, I started wondering—has blogging joined zines in the graveyard of formats displaced by tech? With AI now mimicking human voices, I’m asking a bigger question: what does it mean to write now, and why does it still matter?

The CISO’s White Whale: Measuring the Effectiveness of Security Awareness Training
The CISO’s White Whale: Measuring the Effectiveness of Security Awareness Training

Most CISOs secretly wonder: does security awareness training actually reduce risk, or just check a compliance box? This post breaks down the metrics that don’t work—and offers a practical framework for ones that do.

How a 14th-century English monk can improve your decision making
How a 14th-century English monk can improve your decision making

Why do we overcomplicate decisions, even when the answer is obvious? A 14th-century monk might hold the key to better, faster, and more rational thinking in today’s risk-obsessed world.

A Beginner's Guide to Cyber War, Cyber Terrorism and Cyber Espionage
A Beginner's Guide to Cyber War, Cyber Terrorism and Cyber Espionage

Cyber war, terrorism, espionage, vandalism—these terms get thrown around a lot, but what do they actually mean? This guide cuts through the hype and headlines to help you tell the difference (and finally stop calling everything “cyber war”).

How to write good risk scenarios and statements
How to write good risk scenarios and statements

Writing risk scenarios isn’t just paperwork—it’s the foundation of a great risk assessment. This guide breaks down how to build narratives that matter and turn them into crystal-clear risk statements that decision-makers can actually use.