Scaling a Vendor Security Practice in a High Tech Company

**Food and Drinks will be provided thanks to our Sponsors ThirdPartyTrust (https://www.thirdpartytrust.com/) and TEKsystems (https://www.teksystems.com/en)**

Abstract:

Join Nick Percoco (https://www.linkedin.com/in/c7five/) (CISO of Uptake), Michael Allen (https://www.linkedin.com/in/michaeljallen2001/) (CIO of Morningstar) and Anders Norremo (https://www.linkedin.com/in/andersnorremo/) (CEO of ThirdPartyTrust) to talk about the best vendor security practices in high tech companies. We’ll be discussing hackers utilizing vendors as attack vectors, the NSA Vault 7 Toolkit, and strategic plans for the future.

For many companies, the process of gathering and managing third party risk profiles is laborious and time-intensive, with spreadsheets and file cabinets being the historical method of choice. Gleaning insights and patterns from this information is difficult, at best. Increased regulation is now also requiring companies to actively be apprised of their third-party entities’ cyber risk profiles and methods. Establishing a line of sight with each third-party entity’s Vendor Management and/or Compliance department is even more difficult. Similarly, establishing a formalized framework for the purpose of acquiring third-party cyber risk intelligence is extremely difficult. Regardless of the difficulty, the regulators will hold you accountable, and the penalties will carry hefty monetary fines (as well as adverse effects to your reputational and operational risk).

It is imperative that organizations implement a controllable, pragmatic risk management strategy. The most efficient strategy incorporates converged practices, collaboration, and relationship building at the third and fourth party levels.

Evolve Security Academy (https://www.evolveacademy.io/)

Evolve Security Academy is ranked the #1 cyber security bootcamp in the world, by Switchup. A 17-week Cyber Security Bootcamp in Chicago that provides in-person and immersive training, giving students the concrete and practical skills they will actually need on the job. Students gain real work experience through the live security assessment work they perform on not-for-profit companies. With over 238,000 unfilled cyber security jobs in the U.S. and 1,000,000 globally, our primary focus is on creating top-tier cyber security talent and placing them into a high-paying job.

ThirdPartyTrust (https://www.thirdpartytrust.com/)

ThirdPartyTrust is a vendor risk management platform for enterprises to strengthen vendor intelligence and simplify management processes. By analyzing vendor risk using a network-based solution, trust is built and mapped within your vendor eco-system.

TEKsystems (https://www.teksystems.com/en)

A $3.8 billion IT services company, known for excellence in the industry. We provide the best talent in the country by hand picking the best and brightest and placing them at our client sites. We have deployed over 2,000 Information Security consultants in the past two years. We currently have over 500 active CISSP certified consultants and 400 recruiters certified to identify top talent. We also stay informed on market trends by partnering with companies such as SailPoint, Curion, RSA, Oracle and many more.

WeWork (http://www.wework.com/)

Provides small businesses, startups, freelancers, large enterprises, and everyone in between with the workspace, community, and services they need to make a life, not just a living. With weekly events, personalized support, month-to-month flexibility, and access to over 100,000 like-minded creators around the world, WeWork is the perfect place to grow your business. Book your tour here (https://www.wework.com/l/chicago--IL)!