Cyber risk quantification has common use cases across industries, but tech companies face a unique mix of scale, complexity, and dependency risk that makes a strong CRQ practice especially valuable. This session starts with general best practices for building and maturing a quantification program, then moves into examples tailored to the tech sector. Tony Martin-Vegue will share insights from his own work and walk through recent industry events, including the AWS and Cloudflare outages. The session will highlight how CRQ helps uncover first, third, and even fourth party risk, and how these insights support better decisions in fast-moving technology environments.
Meet your speaker:
Tony Martin-Vegue, Technology Risk Consultant & Author
Tony Martin-Vegue is an independent cyber risk researcher, consultant, and author based in the San Francisco Bay Area. He led the technology risk program at Netflix and has worked across tech, fintech, and financial services. Tony is an Executive Fellow at the Cyentia Institute, an advisor to Ostrich Cyber Risk, and a frequent speaker at FAIRCON, SIRAcon, and RSA. He writes the newsletter “Heatmaps to Histograms: Field Notes” and is the author of the upcoming book From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification, publishing in early 2026.
Meet your speaker:
Adam Lamantia, Director @ Ostrich Cyber-Risk
Adam Lamantia is a seasoned leader in the realm of cybersecurity risk, currently serving as a Director of Cyber-Risk. In this role, he spearheads initiatives in sales, marketing, and product development at Ostrich Cyber-Risk with a keen focus on working with organizations to implement their risk quantification programs. With his FAIR certification, Adam brings a deep understanding of risk assessment methodologies to his work.