Summit on Security & Third-Party Risk
Session Abstracts
Modernizing Data Driven Operational Resiliency
Constantly evolving threats arising from cyber, supply chain, climate change, geopolitical or socioeconomic risks require every firm to withstand and be "invocation ready" to minimize customer disruption. The current industry approach is largely siloed across cyber, data, third party and continuity communities, with point in time plans. The session will focus on modernizing resiliency and leveraging data to build "Resilient by Design" capabilities and response.
Efficiency Meets Third-Party Risk: The New Age of Third-Party Risk Assessment
As organizations move from building to maturing their Third-Party Risk Management (TPRM) programs, the focus shifts to speed and efficiency without compromising risk. This presentation reveals how AI-driven tools and intelligent design are cutting third-party onboarding times by almost 70%, transforming cumbersome processes into streamlined, scalable systems. Learn how automated risk assessments, smart questionnaires, customer GPTs and parallel approval workflows are enhancing decision-making, reducing manual effort, and ensuring compliance. Attendees will leave with actionable strategies to optimize onboarding, improve risk visibility, and evolve their TPRM programs to meet the demands of a fast-paced business environment.
ABC's of TPRM
We will walk through the ABC's of kicking off and establishing our TPRM program at Arkansas Blue Cross Blue Shield (ABCBS). From the initial gathering of data (spreadsheets) of vendors, gaining leadership support, setting up a steering committee, building an inventory, assessing and due diligence, and continuous monitoring. We will discuss what has worked well, improvements we've made, and our next steps.
Can AI Be Your Trusted Partner in Securing Your Extended Business Ecosystem?
Traditional third-party risk management (TPRM) approaches are struggling to keep pace with the ever-evolving threat landscape. Enter Artificial Intelligence (AI), poised to revolutionize TPRM, with which we will see exponential growth in speed and accuracy. By leveraging AI’s analytical prowess and automation capabilities, organizations can significantly strengthen their TPRM posture.
Panel Discussion: Embedding an Effective Security Awareness Program into Your Organization's Culture
Most employees feel that security awareness training is boring and a waste of their time to sit through. Usually, employees are forced to listen to a canned video once a year and answer a few questions to make sure that they were paying attention. While this does meet most compliance requirements, this form of training is not enough to educate employees about the latest threats throughout the year within their own organization. Since security awareness training is a critical component to protecting an organization from potential financial and reputational damage, a taskforce known as the PHISH (Pretexting, Hacking, Impersonating and Scamming Humans) Committee, has been developed to provide a multifaceted approach to continuous training for a better user experience. Join us for a lively panel discussion, where you will learn about various tools, tactics and techniques on how to make security awareness training more impactful, personal and entertaining.
Cyber Threat Intelligence: The Critical and The Practical
What does a threat intelligence program look like in small to medium sized enterprises? Could social media be your best kept secret? What kind of intelligence monitoring is actionable? We'll cover these and other questions, and discuss what is working for our colleagues in the audience.
25 Years of Information Sharing: Past, Present, and the Future of Collective Resilience
Bill played an instrumental leadership role in the growth of the information sharing and analysis center (ISAC) movement. As CEO of Financial Services ISAC, and later Global Resilience Federation, he was a pioneer in the development of collective defense, cross-sector sharing, and advancements in industry resilience. In this presentation he’ll discuss some of the key milestones in today’s security environment, from the advent of email threat lists, and the inception of the Traffic Light Protocol, to the launch of secure sharing portals and the movement into automated threat exchange. Reflecting on his long history in the threat information sharing industry, he will pose to the audience what he expects to be the greatest future threats and the ways in which we can work together to overcome them.
Predict, Prioritize, Protect: Next-Gen Third-Party Risk for the Retail Enterprise
In today’s volatile retail landscape, information security risk managers are under pressure to predict and mitigate third-party risks faster and more intelligently. This session explores how AI-driven assessments, predictive risk modeling, and the FAIR methodology can be leveraged to prioritize and remediate third-party threats—especially as geopolitical tensions and cyber regulations evolve. Attendees will gain actionable insights on integrating forward-looking analytics into their TPRM programs, using real-world examples from large-scale retail environments. The session will also highlight how to align these practices with operational resilience goals and drive meaningful security outcomes.
AI in Cybersecurity & ThirdParty Risk Management
As businesses continue to grow, working with third parties and partners has become essential to staying competitive and innovative. In this session, we’ll dive into how Artificial Intelligence (AI) is changing the game in cyber security with focus on third-party risk management (TPRM). We’ll look into how AI-driven tools are helping teams spot risks in real time, predict potential threats, and automate responses. We will also briefly touch upon what Genpact is doing in this space.
Enhancing Operational Resilience through Risk and Response Maturity
The session will cover a structured approach to assessing and improving an organization's risk and response maturity, ensuring that resilience is not just a compliance requirement but a strategic differentiator. We will use case studies, look at emerging risks, maturity models, and benchmarking a security program.
Smarter AI Procurement: A Cross-Functional Approach to Managing Risk
AI adoption is revolutionizing business, but each AI vendor brings risks like regulatory exposure, security vulnerabilities, biased models, and opaque supply chains. Traditional procurement and third-party risk management (TPRM) processes weren’t built for AI, creating critical blind spots for CISOs, CROs, GRC, Legal, and Procurement leaders. This session explores how organizations can adapt AI vendor risk management to balance innovation with security, transparency, and accountability. Attendees will gain actionable strategies for AI risk-aware sourcing, vendor due diligence, contracting for AI accountability, and continuous monitoring. Learn how to align AI procurement with compliance frameworks while strengthening vendor oversight and driving business success.
The Enterprise Impact of Third-Party Disconnect and Reconnect
Third-party supply chain attacks are a primary attack vector for threat actors. There is an increasing global trend of initiating third-party disconnects in response to a cyber incident at a third-party provider, as well as a preemptive risk mitigation strategy. Developing a robust third-party disconnect/reconnect program is necessary to enable a predictable path toward restoration of critical services.
Should I Trust My Supplier?
Thousands of vulnerabilities are announced every month. You're probably wondering why suppliers aren't doing better and why there are so many issues. Sometimes it's because they don't have end-to-end security lifecycle management. Join me to see how a very large Original Equipment Manufacturer has structured 13+ supply chain security initiatives including R&D security, secure development, SBOMs, vulnerability management and third party risk management. Learn how you can uplift your supplier risk management program to gain better transparency and build trusting relationships.
Navigating the Gray Areas: How Building a Compliance Culture Shapes Cybersecurity Success
This session will discuss innovative ways to use a compliance baseline like ISO 27001 or CMMC (cybersecurity maturity model certification) as a way to initiate change within an organization and create a security culture. There will be emphasis on using frameworks like NIST 800-171 and others to build a secure information system.
Diving Deep into Resilience
CISOs and C-Suite leaders need to communicate risks in terms of business resilience to boards and regulators. This includes cyber risks but must also include other material and emerging risks such as Artificial Intelligence, quantum computing, and geopolitical, for a holistic view and prioritization of resources. All of these risks represent both challenges as well as opportunities. Using stories from scuba diving and hiking, this session will get the audience up to speed and have them walk away with actionable items that will directly impact strategy, questions being asked, risk mitigation, and maximization of opportunities.
Rumi: Leveraging GenAI to protect Executive Travel in the current landscape
This session will cover Uber's AI mechanism (Rumi) for advanced threat detection, geopolitical rules and criteria to support and sustain safe travels in conflict ridden countries.
AI vs. Advanced Cyber Threats: Building a Resilient Ecosystem Amid Third-Party Risk
As cyber threats become more sophisticated and third-party risks continue to rise, traditional security approaches are no longer sufficient. This presentation explores how artificial intelligence is transforming threat detection, incident response, and risk mitigation across complex digital ecosystems. We’ll examine real-world applications of AI in identifying anomalies, predicting attacks, and strengthening defenses against supply chain vulnerabilities. Attendees will gain insights into building a resilient cybersecurity posture that leverages AI to stay ahead of emerging threats and evolving third-party risks.
You've Been Told You Have to Create a Third-Party Risk Program...Now What?
Creating a third-party risk program from scratch can be a daunting task. Where do you start? How do you assess your vendors? Which vendors do you prioritize? In this session, you will learn all of this, and more, in simple and straightforward terms. This session will give you the tools to get your program off the ground, and the knowledge on how to expand it in the future.
Supply Chain Security at Honeywell - Accelerating Compliance
Honeywell's Transformational Journey: Complexity to Convergence - See how Honeywell has streamlined complex and highly regulated supply chain risk management compliance requirements into a single intuitive solution. This session offers an in-depth discussion on Honeywell's ongoing supply chain security journey enabled by digital backbone. You will gain insights into how we are taking a risk-based approach in building data driven compliance automation, ensuring customer trust and what it takes to manage risks intelligently. Join us for this unique opportunity to hear directly from a business transformation leader and apply these insights to your own third-party risk management strategies.
Building Operational Resilience for the Digital Economy: Trends Shaping the Future
As the digital economy evolves, institutions face a critical imperative: adapting to rapid technological advancements while maintaining resilience in the face of emerging risks. This session will delve into the intersection of enterprise risk management and digital transformation, exploring how organizations can proactively build operational resilience to thrive in a digital-first world. Key topics include the role of risk frameworks in navigating advancements in digital infrastructure, the strategic integration of artificial intelligence and machine learning, and the use of data analytics to enhance decision-making. Attendees will gain insights on aligning risk management strategies with digital innovation to address both challenges and opportunities - along with actionable strategies to safeguard against vulnerabilities and improve business continuity in the dynamic digital landscape.