Deep-dive on Cyber Risk Quantification and GRC w/ Tony Martin-Vegue from Netflix episode artwork

EPISODE · Jul 29, 2025 · 1H 2M

Deep-dive on Cyber Risk Quantification and GRC w/ Tony Martin-Vegue from Netflix

from GRC Engineer · host Ayoub Fandi

To learn more, go to grcengineer.comSummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering. They discuss Tony's career journey from IT to risk management, the importance of cyber risk quantification, and the interplay between governance, risk, and compliance. Tony shares insights on the benefits of risk assessments for various stakeholders, the role of AI in enhancing risk quantification, and practical tips for those looking to start their journey in cyber risk quantification. The conversation also touches on the philosophical aspects of risk management and the need for better decision-making frameworks in organizations.Takeaways- Tony has conducted around a thousand quantitative risk assessments in his career.- Risk quantification enables richer conversations with executives about trade-offs and investments.- GRC should be seen as a business enabler rather than a checklist.- Cyber risk quantification (CRQ) is a philosophy, while FAIR is a tool to implement it.- Stakeholders across the organization benefit from risk assessments in different ways.- AI can significantly reduce the time needed for data collection in risk assessments.- Understanding the philosophy of risk is crucial for effective risk management.- The majority of time in risk management is spent on identification and communication, not just modeling.- Organizations should focus on better decision-making rather than just remediation.- Security awareness training may not provide a good return on investment.Sound bites"FAIR gives you a package, a framework.""We need data to make better decisions.""Security awareness training doesn't work."Chapters00:00 Introduction to GRC Engineering and Guest Background02:39 Tony's Career Journey in Risk Management06:49 The Shift to Cyber Risk Quantification12:27 The Interplay of GRC: Governance, Risk, and Compliance16:32 Understanding Cyber Risk Quantification and FAIR23:13 Stakeholders Benefiting from Quantified Risk Assessments28:32 Balancing Remediation Bias in Risk Management34:13 Engaging with Risk Owners39:49 The Philosophy of Risk Management44:48 Quantifying Risk Activities47:33 The Role of AI in Risk Assessment52:21 Getting Started with Cyber Risk Quantification01:01:04 Collaboration Between GRC Engineering and Risk Analysis01:01:43 Challenging Conventional Wisdom on Security TrainingKeywordsGRC Engineering, Cyber Risk Quantification, FAIR, Risk Management, Governance, Compliance, Risk Assessment, AI in Security, Stakeholder Engagement, Risk Acceptance

Episode metadata supplied by the publisher feed · Published Jul 29, 2025

To learn more, go to grcengineer.comSummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering. They discuss Tony's career journey from IT to risk management, the importance of cyber risk quantification, and the interplay between governance, risk, and compliance. Tony shares insights on the benefits of risk assessments for various stakeholders, the role of AI in enhancing risk quantification, and practical tips for those looking to start their journey in cyber risk quantification. The conversation also touches on the philosophical aspects of risk management and the need for better decision-making frameworks in organizations.Takeaways- Tony has conducted around a thousand quantitative risk assessments in his career.- Risk quantification enables richer conversations with executives about trade-offs and investments.- GRC should be seen as a business enabler rather than a checklist.- Cyber risk quantification (CRQ) is a philosophy, while FAIR is a tool to implement it.- Stakeholders across the organization benefit from risk assessments in different ways.- AI can significantly reduce the time needed for data collection in risk assessments.- Understanding the philosophy of risk is crucial for effective risk management.- The majority of time in risk management is spent on identification and communication, not just modeling.- Organizations should focus on better decision-making rather than just remediation.- Security awareness training may not provide a good return on investment.Sound bites"FAIR gives you a package, a framework.""We need data to make better decisions.""Security awareness training doesn't work."Chapters00:00 Introduction to GRC Engineering and Guest Background02:39 Tony's Career Journey in Risk Management06:49 The Shift to Cyber Risk Quantification12:27 The Interplay of GRC: Governance, Risk, and Compliance16:32 Understanding Cyber Risk Quantification and FAIR23:13 Stakeholders Benefiting from Quantified Risk Assessments28:32 Balancing Remediation Bias in Risk Management34:13 Engaging with Risk Owners39:49 The Philosophy of Risk Management44:48 Quantifying Risk Activities47:33 The Role of AI in Risk Assessment52:21 Getting Started with Cyber Risk Quantification01:01:04 Collaboration Between GRC Engineering and Risk Analysis01:01:43 Challenging Conventional Wisdom on Security TrainingKeywordsGRC Engineering, Cyber Risk Quantification, FAIR, Risk Management, Governance, Compliance, Risk Assessment, AI in Security, Stakeholder Engagement, Risk Acceptance

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Deep-dive on Cyber Risk Quantification and GRC w/ Tony Martin-Vegue from Netflix

0:00 1:02:01

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

AI Generated - EDU Video Podcast Magnus Lian Explore how video tools and AI are transforming education with Magnus Sæternes Lian, Senior Engineer at NTNU and founder of ReadyMedia. This podcast dives into the latest video technologies, real-world use cases, and actionable insights for educators and tech enthusiasts. Created using cutting-edge AI tools like GoogleLM and ElevenLabs, all content is verified for accuracy. Discover practical solutions and stay ahead in the evolving landscape of educational technology! The Driven To Draw Podcast: Self Improvement|Painting|Drawing|Visual Problem Solving|Unleashing the Creativity Within! Arvind Ramkrishna/Designer/Artist/Engineer The Driven to Draw Podcast will teach you how to solve problems visually, think outside the box, build your confidence, generate ideas, and innovate.You'll hear from top creative artists, designers, engineers, and photographers who share their techniques to create products, broaden their creative abilities, and share the benefits of thinking visually.No matter your background or area of expertise, Driven to Draw will be your constant motivator to help you become your best…and Unleash the Creative Within! Prompt / AI Podcast from Japan Inyu | prompt engineer JPN I'm a Japanese prompt engineer. On this podcast, I talk about my job, research of AI and prompting. Mohammad Qutub Muslim Central Dr. Mohammad Qutub is an Islamic scholar with several decades of experience as a teacher and orator. He completed his Master’s and PhD degrees in Uṣūl al-Dīn and Comparative Religion at the International Islamic University Malaysia (IIUM), and has several Ijāzahs (licenses) and certificates in Qur’an, Hadith, etc. He has spoken internationally in the Middle East, the U.S., and Southeast Asia and regularly holds intensive seminars and university lectures. His passions and research revolve around: Islamic thought and history, Qur’anic Tafsīr, scientific Iʿjāz (inimitability) in the Qur’an and Sunnah, and comparative religion. He teaches students of all different ages and backgrounds in-person and online. He is also an engineer by profession with a Bachelor of Science in Chemical Engineering from the U.S., and extensive experience in the field of Industrial Gases.

Frequently Asked Questions

How long is this episode of GRC Engineer?

This episode is 1 hour and 2 minutes long.

When was this GRC Engineer episode published?

This episode was published on July 29, 2025.

What is this episode about?

To learn more, go to grcengineer.comSummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering. They discuss Tony's career journey from IT to risk...

Can I download this GRC Engineer episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!