Speaker: Tony Martin-Vegue
Admission: Free
Abstract:
The day after the Colonial Pipeline incident, every risk register for critical infrastructure should have changed. A single compromised VPN password had just shut down a major fuel pipeline, proof that OT ransomware wasn't theoretical anymore. But most models didn't budge, because they were built to track controls, not external shifts in what's possible.
This is the blind spot in most risk programs: controls are treated as the only input, while business changes, evolving threats, regulatory pressure, incident learnings, and governance shifts operate in the background. By the time the next annual assessment happens, the model is already wrong.
This talk introduces six forces that move risk and a practical approach to monitoring them continuously rather than periodically. No new tools required; just a framework for connecting signals you already have to decisions you're already making. One lever, one hour, this week.
Speaker Bio:
Tony Martin-Vegue is an author, consultant, and advisor specializing in security and technology risk, with over 20 years of experience helping Fortune 500 and high-growth companies build and scale quantitative risk programs. A hands-on practitioner and leader, he has performed countless risk assessments across cyber, fraud, operations, and enterprise domains. Author of the book From Heatmaps to Histograms (Apress, 2026) and the newsletter Heatmaps to Histograms: Field Notes, Tony is a frequent speaker at FAIRcon, SIRAcon, RSA, BSides, and ISACA events. He helps organizations launch and improve risk programs, select CRQ platforms, and translate analysis into impactful decisions.
Register
©2010-2025 Society of Information Risk Analysts, a 501(c)(3) non-profit organization. Our Privacy Policy.
