Tools & Downloads

Put Cyber Risk Quantification into Practice

This page is your practice lab. Every tool here is free and designed to reinforce a specific concept from the book so you can build real skills, not just read about them.

  • 🤖 Custom GPTs are trained on the book's methodology and will walk you through scoping scenarios, estimating losses, vetting data, and translating results into executive-ready language. They are genuinely useful for getting your first few risk assessments off the ground.

  • 🖥️ Interactive web apps let you run simulations, test your calibration, and explore probability concepts right in your browser.

  • 📄 Downloadable files are referenced directly in the book's exercises, pre-built with formulas, charts, and 10,000-trial Monte Carlo simulations you can explore and customize.

This collection will keep growing. Check back regularly for new tools, updated versions, and additional chapter resources. Found a bug or have an idea for a new tool? Let me know.

🤖 = Custom GPT · 🖥️ = Interactive Web App · 📄 = Downloadable File

Part 1: Foundations

Chapter 2: Probability's Plot Twist

🖥️ Heat Map → Histogram: See What Your Risk Matrix Is Hiding Place the same risk on a heat map and a histogram side by side to see how much information the matrix hides. This is the core argument of the book in about 30 seconds.

Part 2: Getting Your Risk Muscles Working

Chapter 4: Foundations

🖥️ Can You Beat a CIA Officer? The Probability Word Challenge Test how consistently you interpret words like "likely" and "probable" compared to intelligence community benchmarks. A quick exercise that makes the case for using numbers instead of words.

🖥️ Calibration Trainer Practice estimating confidence intervals and get immediate feedback on your accuracy. Calibration is a learnable skill, and this is where you start building it.

Chapter 5: Your First Quantitative Risk Assessment

🖥️ Your First Monte Carlo: Watch the Law of Large Numbers in Action Run a live Monte Carlo simulation and watch the distribution take shape as iterations increase. Builds intuition for why 10,000 iterations work and what the output means.

📄 Exercise 5-1: Monte Carlo Coin Flip (Excel) Simulate coin flips to see the Law of Large Numbers in action. Compare 10 flips to 1,000 and watch how proportions stabilize as sample size grows.

📄 Exercise 5-3: Mobile Phone Incident Frequency (Excel) Your first frequency-only Monte Carlo simulation. Enter a triangular distribution for how often events occur and explore the output: expected events per year, chance of at least one event, and the 95th percentile.

📄 Exercise 5-5: Quantitative Risk Analysis (Excel) The full quantitative risk assessment combining frequency and magnitude. Enter ranges for both, run 10,000 trials, and see loss exceedance curves, five-number summaries, and exceedance statements.

Chapter 6: Interpreting and Communicating Results

🤖 The Board Translator Turn your Monte Carlo results into loss exceedance statements and executive-ready talking points. If you have ever stared at simulation output and thought "how do I explain this to my CISO," this is for you.

🖥️ How to Read a Loss Exceedance Curve Learn to read the most important chart in cyber risk quantification. Build a loss exceedance curve step by step from a Monte Carlo simulation, then overlay your own risk tolerance, loss reserve, and materiality thresholds to turn the curve into decision support.

Chapter 7: From Risk Statements to Assessment Scope

🤖 Cyber Risk Scenario Coach Turn a vague risk worry like "ransomware" into a structured, scoped scenario ready for quantitative analysis. This GPT follows the book's methodology step by step.

🤖 Roast My Risk Register Paste a risk register entry and get honest feedback on what's vague, unmeasurable, or useless for decisions, plus a rebuilt version you can use immediately.

Chapter 8: Understanding Loss: The Six Forms

🤖 The Loss Estimator Walk through the Six Forms of Loss for any cyber risk scenario with specific calculation frameworks for each cost category. Magnitude estimation is where most people get stuck, and this GPT gets you unstuck.

Part 3: Solving the Data Problem

Chapter 9: Getting Unstuck with Data

🤖 The Data Detective Describe your risk scenario and get a structured data hunt plan: which external sources to find, which internal teams to ask, and what questions to ask them.

Chapter 10: How to Vet and Believe Your Data

🤖 Cyber Risk Data Vetter Paste any data source and evaluate its trustworthiness in minutes using a three-step quality check with range adjustments.

Chapter 12: Finding and Using Internal Data

📄 AI-Generated Incident Data (Excel) A sample incident dataset for practicing internal data analysis techniques covered in the chapter.

Chapter 13: Your Secret Weapon: Subject Matter Experts

🖥️ Chips and Bins: Turn Expert Beliefs Into Probability Distributions Practice the chip-and-bin elicitation technique. Drag chips into bins to build a probability distribution from expert judgment, then see the fitted curve.

Part 4: Risk Assessment in Action

Chapter 16: Extending to FAIR

🖥️ FAIR Model Study Tool An interactive tool for memorizing the FAIR model taxonomy. Useful for certification prep or for getting the ontology into your head before your first FAIR assessment.

Chapter 17: How to Run a Complete CRQ Assessment

📄 Ransomware Risk Assessment (Excel) The Chapter 17 ransomware scenario pre-loaded into a full Monte Carlo workbook. Frequency and magnitude inputs match the book's values, with 10,000 trials, loss exceedance curves, and five-number summaries ready to explore. Open it, hit F9, and watch the simulation run.