Texas Cyber Summit II

Organizations rely heavily on third-party vendor relationships to provide their customers with various products and services. Mid-market companies, however, find themselves playing catch up to compete with the maturity of large organization risk assessment programs.

This talk will reflect on real-world examples of the speakers experience developing third-party risk assessment questionnaires and reviewing those provided to a number of Credit Unions and Healthcare institutions in various states (both geographically and maturity of their security programs). He will also discuss how to fold OSINT investigation techniques to perform detailed background checks on the partners and their employees.

Attendees will learn how to:
- Create and refine third-party risk quantification criteria for partners and vendors,
- The questions to ask your supply chain and discover the exaggerations, half-truths, and outright lies from respondents, and
- Extend their current risk assessment activities beyond simple documentation review using freely available OSINT tools and techniques.