‹ All episodes

Third Party Threat Hunters

Third Party Threat Hunters Podcast: Guest Jay Bobo

January 30, 2024 Gregory Rasner Season 2 Episode 2
Third Party Threat Hunters Podcast: Guest Jay Bobo
Third Party Threat Hunters
More Info
Third Party Threat Hunters
Third Party Threat Hunters Podcast: Guest Jay Bobo
Jan 30, 2024 Season 2 Episode 2
Gregory Rasner

Summary

In this episode, Gregory interviews Jay Bobo, the creator and CEO of Breach Siren, about third-party risk management. They discuss the challenges of using crappy and expensive tools in the space, the need for accountability from regulators and ISACs, and the financial impact of third-party risk. They also explore how cybersecurity breaches can affect other risk domains and the importance of risk identification and event notification. The conversation concludes with a plan to continue discussing other topics in future episodes.

Takeaways

  • Many tools in the third-party risk management space are focused on compliance rather than security.
  • Third-party risk management should not be treated as a tick-the-box exercise, but as an ongoing process of threat hunting and risk assessment.
  • Regulators and ISACs play a crucial role in holding organizations accountable for third-party risk management.
  • Cybersecurity breaches can have a significant financial impact and can affect other risk domains such as privacy and compliance.
  • Risk identification and event notification are essential for effective breach response and mitigation.

Chapters

00:00
Introduction and Background

03:08
Crappy, Expensive Tools

09:14
Accountability

13:38
Financial Impact

15:02
Cybersecurity's Impact on Other Risk Domains

22:29
Risk Identification

23:13
Event Notification and Breach Response

26:19
Conclusion

Spotify Amazon Music Podcast Index Podcast Addict Podchaser Pocket Casts +
Show Notes

Summary

In this episode, Gregory interviews Jay Bobo, the creator and CEO of Breach Siren, about third-party risk management. They discuss the challenges of using crappy and expensive tools in the space, the need for accountability from regulators and ISACs, and the financial impact of third-party risk. They also explore how cybersecurity breaches can affect other risk domains and the importance of risk identification and event notification. The conversation concludes with a plan to continue discussing other topics in future episodes.

Takeaways

  • Many tools in the third-party risk management space are focused on compliance rather than security.
  • Third-party risk management should not be treated as a tick-the-box exercise, but as an ongoing process of threat hunting and risk assessment.
  • Regulators and ISACs play a crucial role in holding organizations accountable for third-party risk management.
  • Cybersecurity breaches can have a significant financial impact and can affect other risk domains such as privacy and compliance.
  • Risk identification and event notification are essential for effective breach response and mitigation.

Chapters

00:00
Introduction and Background

03:08
Crappy, Expensive Tools

09:14
Accountability

13:38
Financial Impact

15:02
Cybersecurity's Impact on Other Risk Domains

22:29
Risk Identification

23:13
Event Notification and Breach Response

26:19
Conclusion