Today we’re talking to Rich Caralli, the Cybersecurity Advisor at Axio. And we discuss how risk quantification is the missing link between business decision makers and cybersecurity professionals. Recognizing that cybersecurity and business resilience are two sides of the same coin, and why companies need to get back to basics with their security practices.
All of this, right here, right now, on the Modern CTO Podcast!
To learn more about Axio, check them out at https://axio.com
In case you missed it: check out our episode with David White, Axio’s Founder and President

About Rich Caralli:
Richard Caralli is a cybersecurity professional with nearly 40 years of experience in accounting, auditing, risk and resilience management, and process improvement. He is currently helping organizations implement and institutionalize GRC programs as a member of the consulting team at Seiso LLC, a solution-focused cybersecurity firm based in Pittsburgh. Prior to joining the Seiso team, Caralli held various senior level positions in information technology and cybersecurity in the oil and gas industry where he was responsible for developing and operating information and operational technology cybersecurity programs. Prior to returning to industry, Caralli was the Technical Director of CERT’s Risk and Resilience Directorate at Carnegie Mellon’s Software Engineering Institute where he was the lead architect of the CERT® Resilience Management Model (CERT-RMM), a process improvement-focused maturity model for managing operational resilience, much of which has been incorporated into various models including the Cybersecurity Maturity Model Certification (CMMC). Caralli’s research agenda was influential in developing and delivering coursework in information security to graduate and executive education students at Carnegie Mellon’s Heinz College. Prior to joining CERT in 2001, Caralli led accounting and IT audit teams in the banking, manufacturing and oil and gas industries.
About Axio:
Axio is the leader in SaaS-based cyber management software, which empowers security leaders to build and optimize security programs and quantify risk in financial terms. Axio360 is the only cyber risk management platform to align security leaders, business leaders, and Boards of Directors around a single source of truth about their most critical corporate risks. Since 2013, Axio has been a trusted partner to many of the world’s leading critical infrastructure, energy, manufacturing, and financial services companies, helping drive better visibility and decision-making about cybersecurity priorities and investments.