Bio

Tony Martin-Vegue is a writer, speaker and risk expert with a passion for data driven decision making. He brings his expertise in economics, cyber risk quantification and information security to advise senior operational and security leaders on how to integrate evidence-based risk analysis into business strategy. He has led risk teams for several Bay Area financial institutions and in the words of his eight-year-old son, has spent much of the last 20 years “Fighting criminals on the internet.” Tony is also the chair of the San Francisco chapter of the FAIR Institute – a professional organization dedicated to advancing risk quantification. He has spoken at BSides, FAIRcon, RSA and SIRAcon and others. Tony is obsessed with elevating the information security profession through data, reason, and the total eradication of Harvey Ball charts. He holds a B.S. in Business Economics from University of San Francisco and numerous certifications including CISSP and CISM.

Media Mentions

• October 6, 2020: Dark Reading | How Netflix Makes Security Decisions: A Peek Inside the Process

• November 1, 2018: Decipher | Pay or not pay a ransom? It’s not that simple

• October 4, 2018: Dark Reading | 7 Steps to Start Your Risk Assessment

• December 8, 2016: Chicago Tribune | 7 ways to avoid the many possible pitfalls of gift cards

• April 28, 2016: State of Security | Adblocker Use on the Rise, Finds Study

• April 4, 2016: InfoWorld | So, you want to be a security pro? Read this first

• February 2, 2016: Wall Street Journal | Blockchain: Catalyst for Massive Change Across Industries

• January 7, 2016: Hudson’s Bay agrees to accept gift cards from other stores

• December 22, 2015: Windsor Star | Windsor woman warns of gift card scam

• April 20, 2017: FAIR Institute blog | Meet a FAIR Institute Member

• August 7, 2015: Resilient Lawyer Podcast | Practical tips for maintaining data security and living with social anxiety

Publications

Most of my writing effort is on this site in the form of short-form blog posts, but I have written and contributed to more formal publications.

• Optimizing Risk Response | ISACA | 2021 | (Lead author)

• Cyber Risk Quantification | ISACA | 2021 |(Contributing author)

• ISACA Risk IT Framework, 2nd Edition | ISACA | June 18, 2020 | (SME/Expert reviewer)

• ISACA Risk IT Practitioner’s Guide, 2nd Edition | ISACA | June 18, 2020 | (SME/Expert reviewer)

• Bridging the Digital Risk Gap | Rims & ISACA | 2019 (SME/Expert reviewer)

• Book chapter titled Cyber-risk Quantification of Financial Technology in Fintech: Growth and Deregulation (reprinted here with permission) | 2018

• The Downstream Effects of Cyberextortion | ISACA Journal | August 17, 2018