Security Weekly
Full episode and show notes

Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable – Travis Wong – RSAC26 #3

Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that’s a costly blind spot. In this RSA interview, Resilience’s VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. Resilience Arc: https://4526209.fs1.hubspotusercontent-na1.net/hubfs/4526209/arcone-pager.pdf. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Read the interview summary from S...

This episode is sponsored by
Full Segment Notes

Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise.

Resilience Arc: https://4526209.fs1.hubspotusercontent-na1.net/hubfs/4526209/arcone-pager.pdf

See it in action. Request a demo at https://securityweekly.com/resiliencersac.

Read the interview summary from SC Media here: Resilience’s Travis Wong on making cyber risk continuous, quantified, and actionable

Key Moments
  • 0:00 - – RSAC 2026 Interview Intro ????
  • 0:28 - – Meet Travis Wong (Cyber Risk Expert)
  • 0:42 - – Why Cyber Risk Management Is Broken Today
  • 01:40 - – What Resilience Does (Cyber Risk + Insurance Explained)
  • 02:18 - – Dollar-Based Risk: Speaking the Language of Business ????
  • 02:46 - – How Cyber Insurance Actually Works
  • 03:29 - – Why Actuarial Data Matters in Cybersecurity
  • 03:58 - – The Problem with Static Risk Assessments
  • 04:14 - – AI & Dynamic Risk: Why Old Models Fail
  • 04:52 - – Outside-In vs Inside-Out Risk Visibility
  • 05:18 - – Does Better Security = Lower Insurance Costs?
  • 06:00 - – Why Cyber Risk Is a Relationship, Not Just a Policy
  • 06:22 - – Transparency in Cyber Risk & Insurance Decisions
  • 06:54 - – Sharing Risk Models: A New Approach to Security
  • 07:41 - – Translating Security Risk into Business Value
  • 08:04 - – Communicating Cyber Risk to CFOs & Boards
  • 08:49 - – Building a Dynamic Cyber Risk Strategy
  • 09:26 - – Why Point-in-Time Risk Assessments Don’t Work
  • 10:28 - – The Future of GRC: Making “Risk” the Priority
  • 11:05 - – Risk Transfer vs Risk Mitigation Explained
  • 12:07 - – Measuring & Managing Cyber Risk Effectively
  • 12:27 - – Structural Accountability Problem in Cybersecurity
  • 12:46 - – CISO Risk Challenges & Real-World Case Studies
  • 13:52 - – Lack of Visibility Across Organizations
  • 14:36 - – Board-Level Cyber Risk & New Regulations
  • 15:45 - – Final Thoughts: The Future of Cyber Risk Management
Guest
VP, Customer Engagement at Resilience

Travis Wong is the VP of Customer Engagement at Resilience. He leads the Security and Risk Services and Customer Success teams and brings over 15 years of experience in risk management consulting, helping clients assess, measure, and manage their risk effectively.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

You can skip this ad in 5 seconds