2025-08-05 –, Firenze
As organizations increasingly adopt cloud technologies and artificial intelligence, the attack surface expands, heightening the risk of data breaches and security incidents. Third-party vendors play a significant role in this dynamic, often introducing additional vulnerabilities into the ecosystem.
This presentation aims to provide organizations, practitioners, and individual contributors with an accessible and familiar framework for evaluating and onboarding potential vendors. By implementing effective third-party risk management strategies, attendees will learn how to mitigate risks and protect their organization's critical data.
We engage in third-party risk management (TPRM) on a weekly, if not daily, basis through various activities such as shopping for clothes, toys, and food. This talk will explore the analogy of a grocery store to better understand how we practice TPRM in our daily lives and how this can serve as a foundation for robust cyber hygiene.
Key terms and concepts that will be visited in this talk are the Criticality of a Vendor, the Inherent Risk of a Vendor, and what considerations may affect these two variables.
The talk will go through the different aisles of a grocery store to see how we vet our shopping cart:
Stationary
Food
Flowers
Etc.
The conclusion of this talk will emphasize using our everyday shopping habits as a model for effective TPRM. This approach aims to empower attendees in their role in cybersecurity, highlighting the importance of individual contributions to the overall security framework.
Rafael works in Third-Party Risk Management. His career path spans non-profit work, to education and most recently to third-party risk management and cybersecurity. He has a passion for learning and is always seeking ideas that will expand his horizons.
Outside of work, catch me playing MTG, coaching sports, or reading.