top of page

CRFQ is founded around the truth that it takes a village to raise a security program. We work with organizations to apply a variety of methodologies to identify, quantify, and address cyber risk across your business. Rather than focusing on a single product or vendor platform, we work to understand YOUR business’ unique needs and tailor a solution in partnership with your leadership team, line-of-business employees, and board of directors (where necessary).

Andrew Shea

Andrew Shea

Founder of CRFQ

Andrew Shea is a cyber-security and risk-management leader with over two decades of domain experience including fifteen years working with TPRM practitioners. In that time, Andrew has created one of the first cyber risk quantification models, was integral to the deployment of the first cyber insurance policies and pioneered creation of the concept of defensible regulatory disclosure including the development of "CFO-Proof" cyber-risk analysis.

CRFQ is focused on assisting enterprise organizations with the implementation and ongoing development of cyber risk financial quantification capabilities. CRFQ is a contributing member to the FAIR institute and works actively with the FAIR institute standards…

bottom of page