Summary

In this episode, Gregory interviews Jay Bobo, the creator and CEO of Breach Siren, about third-party risk management. They discuss the challenges of using crappy and expensive tools in the space, the need for accountability from regulators and ISACs, and the financial impact of third-party risk. They also explore how cybersecurity breaches can affect other risk domains and the importance of risk identification and event notification. The conversation concludes with a plan to continue discussing other topics in future episodes.

Takeaways

• Many tools in the third-party risk management space are focused on compliance rather than security.
• Third-party risk management should not be treated as a tick-the-box exercise, but as an ongoing process of threat hunting and risk assessment.
• Regulators and ISACs play a crucial role in holding organizations accountable for third-party risk management.
• Cybersecurity breaches can have a significant financial impact and can affect other risk domains such as privacy and compliance.
• Risk identification and event notification are essential for effective breach response and mitigation.

Chapters

00:00
Introduction and Background

03:08
Crappy, Expensive Tools

09:14
Accountability

13:38
Financial Impact

15:02
Cybersecurity's Impact on Other Risk Domains

22:29
Risk Identification

23:13
Event Notification and Breach Response

26:19
Conclusion