In this episode of Unspoken Security, host A.J. Nash sits down with Dr. J. Lugo Santiago, Chief Operating Officer at QBRIC, to dig into how organizations actually calculate cyber risk—and why most current models fall short. Lugo explains that understanding risk is much more than looking at past incidents or relying on static checklists. Instead, he argues that real foresight comes from blending human insight, diverse data, and scenario planning to anticipate both likely and unexpected threats.

Lugo challenges the habit of focusing only on what’s already happened. He shows why leaders need to account for changing threats, business priorities, and even social trends—not just technical vulnerabilities or compliance checkboxes. The conversation underlines that effective risk management means more than patching yesterday’s gaps. It requires building a culture where leaders feel the real impact of risk and use that discomfort to drive stronger decisions.

Together, Nash and Lugo discuss why organizations must move beyond stoplight charts and generic risk scores. They call for practical, forward-looking approaches that tie risk to business value and encourage honest conversations—because seeing risk clearly is the first step to real resilience.