About Me

Hi, I’m Tony Martin-Vegue. I work at the intersection of cybersecurity, risk, and decision-making—and have for over 20 years.

I help organizations navigate uncertainty and make smarter, data-informed decisions about risk. I’ve built and led technology risk programs at Netflix, LendingClub, and First Republic Bank. My work blends strategic thinking with analytical rigor—whether it’s implementing cyber risk quantification frameworks or translating technical issues into boardroom-ready insights.

This site is where I think out loud. I write about:

• Why risk heatmaps belong in a museum

• What Monte Carlo simulations actually tell us

• How broken incentives quietly shape our biggest security failures

• And how to make risk data useful enough to matter

I’m particularly obsessed with security economics—the weird world of mispriced risk, asymmetric information, and incentives gone sideways. From the market for lemons to ransomware-as-a-service, the more you zoom out, the more security starts to look like a behavioral economics case study. It’s not just about threats and controls—it’s about budgets, beliefs, and broken feedback loops.

Outside of work, I bake sourdough, walk my dogs in the woods, and get disproportionately excited about historical metaphors and spreadsheet-based storytelling. I also speak at conferences, consult on cyber risk, and occasionally post rants disguised as essays.

If you’re looking for a speaker, writer, or podcast guest who can bring clarity (and a bit of edge) to security, risk, and the economics behind it all—get in touch. I love collaborating with smart people and smart audiences.