2025-08-05 –, Firenze
As organizations increasingly adopt cloud technologies and artificial intelligence, the attack surface expands, heightening the risk of data breaches and security incidents. Third-party vendors play a significant role in this dynamic, often introducing additional vulnerabilities into the ecosystem.
This presentation aims to provide organizations, practitioners, and individual contributors with an accessible and familiar framework for evaluating and onboarding potential vendors. By implementing effective third-party risk management strategies, attendees will learn how to mitigate risks and protect their organization's critical data.
We engage in third-party risk management (TPRM) on a weekly, if not daily, basis through various activities such as shopping for clothes, toys, and food. This talk will explore the analogy of a grocery store to better understand how we practice TPRM in our daily lives and how this can serve as a foundation for robust cyber hygiene.
Key terms and concepts that will be visited in this talk are the Criticality of a Vendor, the Inherent Risk of a Vendor, and what considerations may affect these two variables.
The talk will go through the different aisles of a grocery store to see how we vet our shopping cart:
Stationary
Food
Flowers
Etc.
The conclusion of this talk will emphasize using our everyday shopping habits as a model for effective TPRM. This approach aims to empower attendees in their role in cybersecurity, highlighting the importance of individual contributions to the overall security framework.
Meghan Jacquot is a Cybersecurity Engineer at Carnegie Mellon University’s Software Engineering Institute and focuses on offensive security and maturity models. Meghan shares her research and learnings via conferences and publications. She has been published in US Cybersecurity Magazine and Sources2Create. Throughout the year, she helps a variety of organizations and people including DEF CON as a SOC GOON, Diana Initiative, OWASP, and WiCyS. She firmly believes in breaking barriers for others to enter cybersecurity and also helping others to upskill. To relax she also spends time with her partner visiting national parks, gardening, and hanging with her chinchilla.
Rafael works in Third-Party Risk Management. His career path spans non-profit work, to education and most recently to third-party risk management and cybersecurity. He has a passion for learning and is always seeking ideas that will expand his horizons.
Outside of work, catch me playing MTG, coaching sports, or reading.