How to Teach Your Employees About Third-Party Risk

All links and images for this episode can be found on CISO Series.

There are so many third party vendors we want to work with, but uggh, their security and privacy is so troublesome. Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our guest is Phil Beyer, former head of security, Etsy.

Thanks to our podcast sponsor, Balbix

Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs.

In this episode:

• There are many third party vendors that CISOs & practitioners want to work with, but why is their security and privacy so troublesome?
• Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security?
• What can frontline employees do to manage third-party risk?