SC-1008 How to Avoid Supply Chain Pains for Financial Gains

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 11 a.m. (60 minutes)

Organizations rely heavily on third-party vendor relationships to provide their customers with various products and services. Mid-market companies, however, find themselves playing catch up to compete with the maturity of large organization risk assessment programs. This talk will reflect on real-world examples of the speakers experience developing third-party risk assessment questionnaires and reviewing those provided to a number of Credit Unions and Healthcare institutions in various states (both geographically and maturity of their security programs). He will also discuss how to fold OSINT investigation techniques to perform detailed background checks on the partners and their employees. Attendees will learn how to: - Create and refine third-party risk quantification criteria for partners and vendors, - The questions to ask your supply chain and discover the exaggerations, half-truths, and outright lies from respondents, and - Extend their current risk assessment activities beyond simple documentation review using freely available OSINT tools and techniques.


  • Andrew Hay - Lares
    Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of experience across multiple domains. He prides himself on his ability to execute security strategy without neglecting business objectives and the needs of its customers. Andrew is the author of multiple books on advanced security topics and is frequently approached to provide expert commentary on industry developments. He has been featured in publications such as Forbes, Bloomberg, Wired, USA Today, and CSO Magazine.


Similar Presentations: