Here are six minutes of the best moments from “Hacking Third Party Risk: An hour of critical thinking on how to consider and measure all risks into your overall risk posture”.

Watch the full video chat 

in this discussion:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor, Reciprocity

ZenGRC by Reciprocity is an award-winning, cloud-based GRC software that automates and simplifies compliance and risk management, solving critical problems at scale while customizing to your business needs. Adhering to the majority of regulations is a snap with pre-built templates and a unified system of record. Learn more at

Winner of “Best Bad Idea”

The CISO Series community knocked it out of the park last week with a whopping 59 bad ideas, but Shawn Bowen, CISO, RBI brought home the prize for a truly awful idea. We do have a few honorable mentions.

“Accept a bribe from a vendor and sign off on their risk.” – Mitchell DeMazza, account executive, ThreatModeler

“Use the Rocks Paper Scissors game to determine if the vendor meets your risk requirements.” – Scott Campbell, account executive, Expel

Best quotes from the chat room

“Inherent risk is the bedrock of any TPRM program….if you dont know what data your vendor has or what volume of…you cant assess them properly.” – Jon Ehret, vp, strategy and risk, RiskRecon

“That’s EXACTLY where small / new vendors shine, they can move and adjust much quicker and hungry for business, i have seen small vendors do magic in one week that huge companies can’t do in a year.” – Eli Migdal, CEO, Boardish

“Assessments, mappings, frameworks mean nothing unless you actually build a qualitative process that pulls in the right data from the above, associate monetary value and the associated impact to the business.” – Mathew Biby, CISO, Satcom Direct