Making security measurable, AI trustworthy, and risk defensible.
I work at the intersection of data science, AI, and cybersecurity — applying statistical modeling, Bayesian inference, and machine learning to problems most people wave away as unmeasurable. From quantifying cyber risk with FAIR to securing LLM systems to building validation frameworks for AI decision support.
Writing
View all on Medium →Between Black Swans and Bell Curves
Why the CRQ community needs a better map of what models can and cannot do. Taleb's taxonomy, gray swans, and honest uncertainty.
Decision Science AI Agents
What happens when you hand risk decisions to LLMs — and what validation looks like when the stakes are real.
In Cybersecurity Risk, You Don't Need More Data — You Need Bayesian Thinking
Encoding expert beliefs, updating with evidence, and why prior distributions are not guessing.
Security Through the Lens of Statistical Distributions
Normal, Poisson, Beta — the distributions that actually matter for security decisions, and why averages lie.
Power Analysis in Cybersecurity Risk Quantification
How much data do you actually need? When to trust your sample and when to keep collecting.
Measuring the Immeasurable: Quantifying the Value of Data
Our best-case scenario is nothing happens. And measuring nothing is hard.
Publications
2006 — 2025 · 19 publicationsTime-to-Patch Metrics: A Survival Analysis Approach Using Qualys and Elastic
Elastic Security Labs
AI Controls Matrix
Cloud Security Alliance · Core Author
Bringing Financial Discipline to Cyber-Risk Decisions — A Practitioner's Field Guide
FAIR Institute
Das datenzentrische Unternehmen — Daten als Erfolgsgrundlage im KI-Zeitalter
De Gruyter · Book chapter
AI Organizational Responsibilities: AI Tools and Applications
Cloud Security Alliance
A FAIR Perspective on Generative AI Risks and Frameworks
Elastic
Securing LLM Backed Systems: Essential Authorization Practices
Cloud Security Alliance · Lead author
Inventory to Insight: How Elastic's Asset Inventory Powers InfoSec Use Cases
Elastic
How to Build a Cybersecurity Asset Management Solution on the Elastic Stack
Elastic
Case Study: How FAIR Risk Quantification Enables Information Security Decisions at Swisscom
ISACA Journal
3 Lessons We Learned from Our Introduction of FAIR at Swisscom
FAIR Institute
Flexible Data Access in a Cloud based on Freshness Requirements
IEEE
The Re:GRIDiT Approach — Replicated Data Management in the Cloud via Data Grid Protocol
CloudDB 2009
Load-Aware Dynamic Replication Management in a Data Grid
Springer Berlin / Heidelberg
Re:GRIDiT — Coordinating Distributed Update Transactions on Replicated Data in the Grid
IEEE
The Re:GRIDiT Protocol: Correctness of Distributed Concurrency Control in the Data Grid
University of Basel
DILIGENT: Integrating Digital Library and Grid Technologies
International Journal on Digital Libraries
On-Demand Service Deployment and Process Support in e-Science DLs
DLSci06 · ECDL Workshop
Tools & Research
Open-source tools for cyber risk quantification. Built to support real decisions, not to produce impressive numbers.
FAIR Simulator
Monte Carlo risk quantification with IRIS 2025 benchmarks. Scenario creation, sensitivity analysis, portfolio aggregation.
FAIR-CAM Agent-Based Model
Agent-based cybersecurity risk simulator. Operationalizes the full FAIR-CAM taxonomy.
QUORUM
Agentic AI for cyber loss estimation. 5 LLM agents deliberate over structured rounds to produce per-component FAIR loss distributions.
Survival Analysis for Vulnerability Management
Kaplan-Meier survival analysis applied to time-to-patch metrics using Qualys VMDR data. Published as Elastic Security Labs blog post.
Speaking
The $ Value of Faster Vulnerability Remediation
How much risk reduction does faster patching buy you?
FAIRCON 2025
The Business ROI of Risk Management
Bringing financial discipline to cyber risk decisions.
FAIR European Summit 2025
Moving from a Compliance-Based to a Risk-Based Approach to Cybersecurity
FAIR European Summit 2023 · London · Panelist
Genev'Hack
Speaker
Zero Day Conference
Panelist
How Quantification Enables Better Decision Making
FAIRCON 2019 · Use Case Panorama · Panelist
Laura Voicu
I specialize in cyber risk quantification, AI security, and applied data science — the kind of work where statistical modeling, machine learning, and domain expertise converge to make hard problems measurable. Bayesian inference, Monte Carlo simulation, survival analysis, causal reasoning — these aren't abstractions for me; they're the tools I use to translate security problems into defensible decisions.
Two decades in technology: data architecture at Credit Suisse, enterprise data architecture and AI/RPA automation, cyber security at Swisscom (where I introduced FAIR risk quantification in 2018), and building Elastic's security data science and security assurance practice, building a security data warehouse, and leading the cyber risk quantification program. Earlier: research in distributed systems at ETH Zürich and Penn State.
PhD Computer Science (University of Basel) · MSc Physics · CAS Applied Data Science & ML (EPFL) · CISSP
ERQI — Co-Founder & CDSO
FAIR Institute — Standards Committee & DACH Co-Chair
Cloud Security Alliance — Lead Author & WG Co-Chair
Global Council for Responsible AI — Global Ambassador
Startup Advisory — Product Development & Data/AI Strategy
Denny Wan FAIR Ambassador Europe Award, 2025
Interested in collaboration, speaking, or making cybersecurity measurable? Reach out via LinkedIn.