In this star-mapping episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tony Martin-Vegue, risk consultant, advisor, and author of the upcoming book Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. With 25 years navigating the galaxy of cyber risk, Tony has guided enterprises from the gravitational pull of checklists and color-coded charts into the warp lanes of defensible, quantitative analysis.

Their journey begins with the dark matter of bad risk management: programs designed to placate auditors, check boxes, or reassure customers without truly informing decisions. From there, they plot a course toward what good risk management looks like—proactive, integrated, and tied directly to organizational objectives. Tony traces the lineage of risk management back to the late 1600s, when probability theory first emerged, showing how centuries of thinking have led us to today’s crossroads.

The conversation dives into heatmaps, when they can still provide navigational value, and when they collapse under the weight of oversimplification. From there, they move to the promise of histograms, simulations, and CRQ models that help businesses not only understand thresholds and acceptable levels of risk, but also chart their path with clarity and confidence.

For CISOs, CROs, and risk leaders, this episode is both history lesson and star chart, a reminder that risk management isn’t about artifacts to prove you exist, but about enabling the mission. If your current program is orbiting in circles, this is the transmission that will help you break free, align your coordinates, and accelerate to warp speed.

In this mission-critical episode of Risk Is Our Business, host Michael Rasmussen opens the comms with Hardik Mehta, Global Head of Risk and Regulatory Compliance at JPMorgan Chase. With two decades of experience across Uber, Microsoft, and global advisory firms, Hardik has charted risk programs that span continents, cloud migrations, and regulatory galaxies.

Their conversation starts with what keeps him up at night: the turbulence of geopolitical risk, ever-changing regulations, data security challenges, and the inertia of legacy platforms slowing cloud adoption. From there, they examine what bad risk management looks like (siloed programs cut off from strategy) versus what good risk management should deliver (i.e., integrated, technology-enabled frameworks that guide the enterprise toward its objectives).

Resilience comes to the forefront as Hardik explains how he weaves it into risk strategy, not as an afterthought but as a forward-facing capability. He emphasizes the need for both left-brain precision in quantification and right-brain imagination in creative foresight, a duality essential for navigating uncertainty. The discussion explores the technologies enabling better risk programs today, the role of risk intelligence in scanning horizons, and how AI is reshaping the future of risk management.

For boards, CROs, and risk leaders, this episode is a navigational chart for transforming risk into resilience, and for steering your enterprise at warp speed toward intelligent, mission-aligned futures.

In this galaxy-spanning episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Todd Fitzgerald, former Fortune 500 CISO, cybersecurity hall-of-famer, and #1 best-selling author of CISO Compass. With over 25 years navigating the outer reaches of information security, Todd has seen the CISO role evolve from the days of dial-up to today’s warp-speed threat environment.

Their mission is to chart the vast and sometimes confusing constellation of terminology in our sector, from information security, to cybersecurity, to digital risk, cyber risk, and beyond, and explore why these distinctions matter when steering an enterprise through uncertainty. They trace the history of the CISO from its 1990s origins to its current form as a strategic officer on the bridge, responsible not just for defense but for enabling the business to boldly go toward its objectives.

From cyber risk quantification done right (and how to make it more than a numbers game) to managing the digital supply chain and interconnected risk, Todd offers a star map of practical strategies. He tackles the long-standing perception of security as the “department of no” and reframes it as a mission-critical enabler, helping organizations comprehend what’s an acceptable risk and navigate toward opportunity without drifting into a black hole.

For any security leader, risk officer, or governance professional, this episode is a tricorder reading of where we’ve been, where we’re headed, and how to ensure your cybersecurity program is aligned with the Prime Directive: enabling the mission.

In this transmission of Risk Is Our Business, host Michael Rasmussen connects over comms with Tim Leech, pioneer of Objective Centric Risk and Uncertainty Management (#OCRUM), longtime board advisor, and someone who’s spent decades trying to rescue enterprise risk from the black hole of checkbox compliance.

Recorded over a long-distance call (no transporters this time), this episode dives straight into the uncomfortable truth of modern ERM often being more about optics than outcomes. Tim and Michael dismantle the illusion of risk registers and heat maps, exposing how many programs are built to pacify boards and regulators rather than support real decision-making.

But Tim doesn’t stop at critique. He offers a new model, one where risk starts with the people who actually run the business, where strategy sets the coordinates, and where the board isn’t kept in the dark behind colored charts but engaged with objective-driven insight.

Together, they explore how to overcome resistance across the enterprise, align the crew, and finally bring risk back to the bridge—not as an afterthought, but as a core navigational system.

If your program is still flying blind on outdated frameworks, it’s time to recalibrate.

In this starlog entry of Risk Is Our Business, recorded live at the Risk-In Conference in Zurich, Captain Michael Rasmussen sits down with Pascal Busch, Global Head of ERM & BCM at Acino and creator of VirtueSpark, for a deep-space transmission on the future of enterprise risk.

What keeps a seasoned risk commander up at night? Pascal opens up about the unknown anomalies in the system, such as inefficiencies, blind spots, and missed signals that still plague too many GRC programs. But he’s not just scanning for threats, he’s building the future. From digital twins to decision intelligence, Pascal charts a course toward a risk program that’s faster, smarter, and fully integrated into the mission of value creation.

Together, they explore where his tech journey is today, where he wants it to be in two years, and how risk professionals can move from compliance copilots to strategic navigators, guiding organizations through the turbulence of uncertainty with precision and purpose.

If your risk program feels stuck in the past, it’s time to reroute power to the engines. Because as Pascal makes clear, the future of GRC isn’t about avoiding risk, it’s about managing it at warp speed.

In this episode of Risk Is Our Business, Michael Rasmussen welcomes Stefan Gershater, Head of Risk and Governance at the Co-op, for a bold and unflinching conversation that challenges the very foundations of modern risk management.

Broadcasting from the front lines of strategic uncertainty, Stefan shares insights from his forthcoming book, a deep critique of the risk orthodoxy shaped by accounting firms, software vendors, and low expectations. He argues that what passes for risk management in many boardrooms is little more than a comforting illusion—one that fails to serve strategy, enable decisions, or engage with the complexity of the real world.

Together, they explore the good, the bad, and the ugly of today’s risk practices, from the myth of “risk appetite” to the misuse of assurance resources and the danger of chasing frameworks over outcomes. But this isn’t just a teardown, it’s a mission briefing. Stefan lays out how risk can be reimagined as a cognitive, analytical, and strategic asset that improves decision velocity and organizational intelligence.

For risk professionals ready to break orbit and leave behind the gravitational pull of mediocrity, this episode is both roadmap and rallying cry.

Recorded live at Corporate Risk Minds 2025 in Berlin, this episode of Risk Is Our Business features a conversation with Florian Worm—risk technologist, modeling expert, and one of the sharpest minds charting the next frontier in enterprise risk.

Florian joins Michael Rasmussen on the bridge to explore the processes and paradigms reshaping risk management in a world where volatility is no longer an anomaly, it’s the environment. Together, they examine the limitations of legacy frameworks, the regulatory gravity of IDW PS 340, and why good risk quantification requires more than Monte Carlo curves and dashboards. In a galaxy of noise, it’s about decision-useful insight, grounded in rigor and relevance.

At the heart of the episode is a deep dive into digital twins, not as sci-fi theory, but as a real-world capability to simulate risk environments, explore alternate futures, and make better decisions in real time. Whether you're scanning for weak signals, stress-testing for resilience, or mapping out mission-critical paths, digital twins are fast becoming the warp core of forward-looking risk.

For those ready to chart a new course, this episode offers a shift from static risk logs to living systems, where uncertainty is mapped, modeled, and understood.

In this episode of Risk Is Our Business, Michael Rasmussen charts a course with Klaus Jaeck and Daniel Cassel of Horváth to explore the next frontier in enterprise risk management, where resilience is just the baseline, and business confidence is the true objective.

Recorded at Corporate Risk Minds 2025 in Berlin, Klaus and Daniel offer a sharp perspective on how risk management is evolving across the region, moving beyond regulatory routines and static controls into dynamic systems that align risk with strategy, trust, and decision-making agility. They unpack why trust and resilience, while critical, aren’t enough on their own, and why organizations need something more to thrive in the vast unknowns of modern business.

They also take us deep into the heart of GRC transformation in Germany—what’s working, what’s lagging, and how digitalization, ESG, and a growing risk consciousness are reshaping expectations. The conversation explores how risk leaders can act less like tactical responders and more like bridge officers, guiding the ship, not just guarding the hull.

And yes, they have fun along the way. As Klaus and Daniel say, “no risk, no fun”, but with the right GRC model, it’s a mission worth taking.