“From Heatmaps to Histograms is a significant contribution to our profession and would be required reading for anyone in my organization if I were still a CISO. Brilliantly written for those with little or no background in quantitative risk measurement, it will also be valuable to those with years of experience. This is further evidence that Tony is one of the leading contributors to the future of our profession.”

“Tony makes a strong case for replacing popular but flawed risk assessment methods and goes further by providing practical approaches for implementing better ones. Through clear examples and step-by-step guidance, he makes even quantitative concepts accessible. I highly recommend this book.”

“I finally have a clear answer to the question I’m asked most often by those just starting out: Where do I begin with measuring cyber risk? This book is the definitive starting point for anyone serious about becoming a cybersecurity risk modeler.”

“I’ve been measuring cyber risk for over twenty years, and while better data still matters, practicality has become the real barrier to adoption. Conversations around cyber risk quantification are dominated by “Yeah, but how?” This book answers that question with concrete examples and practical guidance, striking the right balance between what you need to know and what you need to do.”

“If you are stuck in a world of color-coded risks that promote confidence and certainty over clarity, this book offers a way forward. It provides a practical path away from risk matrices and heat maps and toward a world where uncertainty is acknowledged, ranges reveal tail risk, and Monte Carlo simulations replace calculations of convenience. If you’re wondering where to start your journey into quantified risk, this is it.”

“This is the book I’ve been waiting for. It’s a true A-to-Z guide to cybersecurity risk forecasting written for both newcomers and seasoned professionals. Tony’s explanations are clear, his timing is impeccable, and his practical exercises make first-principles thinking accessible to everyone.”

“Tony’s book empowers both new and experienced risk professionals to communicate more effectively with boards and executives. By integrating models, experience, and clear, actionable steps, it provides practical tools for applying risk measurement in real organizations and finally moving beyond stoplight charts.”

“Tony’s book empowers both new and experienced cyber risk professionals to level up their communication skills to the board and executives in a way no one else has done. By seamlessly integrating models, drawing upon years of invaluable experience, and presenting practical steps in actionable formats, this book equips readers with the tools to employ risk measurement techniques and successfully manage cyber risk for their organizations. We can finally eliminate the reliance on the stoplight technique, as his book provides a comprehensive solution for effective cyber risk management!”

“You don’t just read this book; you do it. Tony has created a genuinely fun risk companion guide, with storytelling, step-by-step workflows, and templates that will have you running your first defensible risk scenario before you finish the last chapter. It belongs on every risk team’s onboarding list.”