About Me

My name is Charlene Deaver-Vazquez. As a contractor I provided cyber risk quantification and model development for the Nuclear Regulatory Commission until last year. Now I produce business-level risk forecasts for businesses like yours.

I specialize in turning cyber risk into something business leaders can actually understand, measure, and act on.

For most organizations, cyber risk is still communicated in vague terms—“high,” “medium,” or “low.” That approach fails at the executive level. It does not support investment decisions, and it does not align cybersecurity with business strategy. My work has focused on solving that gap.

I am an expert in Cyber Risk Quantification, a discipline that uses data, probability, and modeling techniques to estimate the financial impact of cyber threats and support decision-making in real dollar terms. Over the course of my career, I have built and refined models that translate complex attack patterns, threat behaviors, and control effectiveness into clear, measurable business risk.

My Work

My focus has always been on making cyber risk usable at the executive level.

I have spent years developing quantitative models that go beyond traditional risk scoring. These models incorporate threat vectors, attack scenarios, control effectiveness, and business impact to produce realistic, scenario-based forecasts. Rather than relying on static assessments, my approach uses structured data and probabilistic methods to estimate both the likelihood and financial magnitude of potential cyber events.

This work is grounded in a simple idea: cybersecurity is not just a technical problem—it is a business decision problem. Effective risk models must bridge the gap between technical teams and executive stakeholders by expressing risk in financial and operational terms that leadership can use.

Risk Modeling

My experience developing risk models spans the full lifecycle of cyber risk analysis—from scenario design to financial outcome modeling.

I design risk models that:

• Break down cyber threats into actionable scenarios

• Estimate frequency and impact using probabilistic techniques

• Incorporate real-world data and observed incident trends

• Evaluate the effectiveness of specific security controls

• Produce outputs that directly support investment, prioritization, and strategy decisions

These models allow CISOs and executive teams to understand not just where risk exists, but what that risk means in financial and operational terms, and what actions will reduce it most effectively.

At the core of my work is scenario-based modeling, where each risk is expressed as a plausible business event with defined causes, pathways, and outcomes. This approach ensures that risk analysis remains grounded in how attacks actually occur, rather than abstract scoring systems.

My models use the math of probability to go beyond qualitative into quantitative analytics. It is the same math used in nuclear, space, safety, finance, health and other industries to answer some of our most complex questions.

Author and Speaker

In addition to my modeling work, I am an author and speaker focused on advancing how organizations think about cyber risk.

My writing and presentations center on:

• Moving beyond qualitative risk assessments

• Applying quantitative methods in practical, scalable ways

• Helping CISOs communicate risk effectively to boards and executives

• Translating cybersecurity into financial and strategic language

I have developed educational content, frameworks, and tools designed to make cyber risk quantification accessible and actionable, especially for organizations that do not have large internal analytics teams.

What Drives My Work

The cybersecurity industry has matured significantly, but the way we communicate risk has not kept pace.

Executives are no longer asking whether cyber risk exists—they are asking:

• How much could this cost us?

• What should we invest in next?

• How do we prioritize competing risks?

Those are quantitative questions, and they require quantitative answers.

My work is focused on providing those answers—through models, analysis, and structured approaches that allow organizations to move from uncertainty to informed decision-making.

Today

Today, I focus on building scalable cyber risk forecasting models and delivering insights that help organizations understand their unique risk profile based on exposure, attractiveness, and security maturity.

The goal is simple: to give CISOs and business leaders a clear, defensible view of cyber risk—and the confidence to act on it.