In this episode of Risk Is Our Business, Captain Michael Rasmussen brings together a cross-functional crew of risk, audit, cyber, and technology leaders for a candid conversation recorded in the Netherlands. Joined by David Ngu, Brett Steinmetz, Jos Bredero, and Eric Groen, the discussion opens with a simple question: what actually keeps you up at 1 a.m. when it comes to risk?

From there, the conversation explores the key drivers shaping risk management in the Netherlands, and how they compare to broader European and U.S. approaches. The group reflects on how Europe tends to lean more toward principles and outcomes-based thinking, while the U.S. often emphasizes rules and compliance and how those differences play out in practice across organizations and industries.

They then turn to the role of professional services firms, unpacking what a successful engagement really looks like. Rather than focusing purely on tooling, the discussion emphasizes the importance of a business-oriented approach, ensuring that technology implementations are grounded in real operational needs, not just frameworks or features.

The episode closes with each guest offering a key takeaway and practical insights drawn from their experience working across risk, controls, cyber, and consulting.

This is a grounded look at how risk is actually managed on the ground (across regions, disciplines, and perspectives) when the frameworks meet reality.

In this return episode of Risk Is Our Business, Captain Michael Rasmussen reconnects with Tony Martin-Vegue for a wide-ranging conversation built around his new book, From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification.

At the center of the discussion is a simple but uncomfortable idea: most organizations aren’t really measuring cyber risk, they’re describing it. Heatmaps, scoring models, and qualitative frameworks may look familiar, but they rarely help leaders make better decisions.

Tony breaks down what’s going wrong, and why. Along the way, he uses an unexpected historical example (the Hanoi Rat Massacre of 1902) to illustrate how well-intentioned interventions can create worse outcomes when incentives, measurement, and behavior are misaligned.

The conversation moves through the core themes of the book:

• Why cybersecurity often behaves like two separate disciplines under one label
• Why quantitative risk is less about advanced math and more about structured thinking
• The biggest myth about data that keeps organizations stuck in qualitative approaches
• Where methods like Monte Carlo simulation and FAIR fit and where they don’t

They also explore why many cyber risk quantification programs fail, what it takes to make them practical, and how the same principles apply beyond cyber to operational risk more broadly.

At over an hour, this is one of the most in-depth conversations on the show! It's less a summary and more a working session on how to move from risk reporting to decision-making.

In this episode of Risk Is Our Business, Captain Michael Rasmussen connects over a slightly distant comms link (via Teams) with Hakkı Sarp, Enterprise Risk Management leader at QIAGEN, for a conversation on how risk management is being reshaped by today’s fast-moving environment.

They begin by examining the limitations of traditional risk practices, and why approaches built for slower, more predictable conditions are struggling to keep up with the velocity and complexity organizations now face. From there, the discussion turns to AI and separating real value from hype, including identifying where it is genuinely enhancing risk management today versus where expectations may be running ahead of reality.

Hakkı and Michael explore the dual challenge of predicting risks while remaining adaptable, and how organizations must balance short-term financial pressures with longer-term sustainability considerations that don’t always fit neatly into existing frameworks. They also unpack the role of risk culture and what it really means, why it’s so difficult to embed, and how leadership behaviors ultimately determine whether risk is lived or simply documented.

The conversation closes with a simple but powerful perspective on how leaders should approach risk in a world where uncertainty is constant and conditions change faster than frameworks can keep up.

In this return episode of Risk Is Our Business, Captain Michael Rasmussen welcomes back Graeme Keith for a sequel to Wrath of Math, this time shifting from models to meaning.

They take aim at cookie-cutter risk management, unpacking what separates genuine practice from templated frameworks that look good on paper but fail to influence decisions. The conversation centers on Graeme’s recent writing on risk appetite, and his frustration with how often organizations discuss the risks they’re willing to take without addressing the more fundamental question of why are we taking those risks at all?

From there, they explore how risk appetite is often less about numbers and more about culture, intent, and context, and why effective risk management must always be anchored to the decisions it is meant to support. Without that connection, risk becomes descriptive rather than directional.

They also dive into the realities of interconnected risk, the current state of risk technology, and where the discipline may be heading by 2030, including whether tools are helping organizations make better decisions, or simply producing more sophisticated noise.

If Wrath of Math challenged how we quantify risk, this episode challenges how we make sense of it and whether risk management is truly helping us navigate, or just giving us more charts while we drift.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Karan Rao, Head of Enterprise Risk at Embark Student Corp., for a conversation that started not in a boardroom but on LinkedIn.

A post from Karan caught Michael’s attention on how the best risk managers aren’t the ones with the most complex models, but the ones who can walk into a room, read the people, interrogate the data, and explain risk so clearly that action becomes unavoidable.

From there, the discussion dives into the human side of risk. They explore why understanding behavior is just as important as understanding data, and why the ability to communicate, write, and present with clarity separates those who inform from those who influence. Risk leaders, they argue, don’t hide behind dashboards, they translate insight into decisions.

They also discuss the importance of developing skills that compound over time: communication, storytelling, emotional intelligence, and business understanding. Karan shares how ideas from Atlas of the Heart shape his approach to risk leadership, helping him connect emotion, clarity, and decision-making in high-stakes environments.

This episode is about moving risk from a reporting function to a leadership discipline, one where the ability to engage the room matters just as much as the data on the screen.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Anne Louise Higgins, Global Head of Cyber Governance, Risk and Control at BNY Mellon, for a conversation about how the risk profession has evolved and who will be leading it into the future.

Anne reflects on the growing role of women in risk management and cybersecurity, and how diversity of experience and perspective strengthens decision-making at every level of the enterprise. From there, the discussion broadens into how the practice of risk management itself has changed over time, from compliance-driven reporting toward more integrated, business-aligned approaches.

They also explore the cultural differences in how risk is approached in the United States versus Europe, and how those perspectives shape governance, accountability, and engagement with leadership. The conversation then turns to risk technology, what currently stands out in the market, and how emerging capabilities are reshaping the way organizations understand and manage uncertainty.

Michael and Anne also discuss the future of careers in risk, cyber, and GRC, particularly in an era increasingly shaped by AI and rapid technological change. The episode closes with practical insights on how professionals can future-proof their careers and build the skills, adaptability, and strategic mindset needed to stay relevant on the bridge as the risk landscape continues to evolve.

In this episode of Risk Is Our Business, Captain Michael Rasmussen connects over a slightly long-distance subspace channel (also known as a video call) with Alex Dali, President of the G31000 Risk Institute, to explore the evolution of one of the most widely recognized frameworks in modern risk management.

Alex walks through the story of ISO 31000, where the standard came from, how it has evolved since its original release, and what the next phase of its development may look like as organizations confront an increasingly complex risk landscape.

Along the way, they unpack the difference between bad risk management (overly procedural, disconnected from decisions, and driven by checklists and heat maps) and good risk management, which aligns with organizational objectives and supports leadership in navigating uncertainty.

The conversation also turns to the current state of risk technology, including the ongoing search for tools that genuinely support the principles of ISO 31000 rather than forcing risk management into rigid compliance workflows. From there, they explore how AI may reshape the discipline, the role technology should play in enabling better decision-making, and how the Chief Risk Officer role itself may evolve as risk becomes more integrated with strategy and business operations.

The discussion offers a thoughtful look at how risk management standards, technology, and leadership must evolve together if organizations are to navigate uncertainty with clarity rather than simply documenting it.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Geoff Trickey, founder of Psychological Consultancy and creator of the Risk Type Compass™, alongside Elliot Phillips, Principal Risk Psychologist, for a conversation that shifts the focus of risk management from systems to psychology.

They begin by unpacking psychometrics—what it is, how it works, and why measuring personality traits can provide powerful insight into how individuals and teams perceive and respond to uncertainty. From there, they explore the concept of risk psychology and how risk-taking is not simply situational or financial, but deeply rooted in personality.

Geoff explains the origins of the Risk Type Compass™ and walks through its eight distinct risk types and how individuals are categorized, what differentiates them, and how those differences shape decision-making and risk culture within organizations. The discussion highlights an often-overlooked dimension of diversity—diversity of risk disposition. When leaders understand the varied ways people approach uncertainty, they can build more balanced teams, improve governance conversations, and avoid collective blind spots.

The episode also examines how organizations use this approach in practice, not as a personality exercise, but as a measurable way to strengthen risk management, enhance communication, and align decision-making with strategic objectives.

If every enterprise is a starship navigating uncertainty, this conversation reminds us that understanding the temperament of the crew may be just as important as the strength of the shields.