Say the Taboo: Vendor Risk Management is Bullsh*t
04/19/24 • 6 min
In today's episode we take a candid look at the efficacy of vendor risk management programs in the face of breaches. This time, we're reflecting on a conversation that pushed me out of my comfort zone and made me question the very fundamentals of vendor risk management. The startling realization that the well-trodden path of best practices might not hold all the answers spurred a much-needed debate on whether it's time to disrupt the status quo and embrace a more proactive stance in managing vendor risks.
We're challenging conventional wisdom, by evaluating the October 2023 breach of Okta despite the collective efforts of nearly 20,000 customers' vendor risk management programs. The episode takes you through a journey of introspection and industry critique, examining how traditional defensive strategies might not be enough and why a shift in perspective is crucial. We don't just outline the problems; we also explore what it means to safeguard against the inevitable issues and the importance of leading with the taboo in conversations that could redefine industry standards.
For show notes, please visit The GRC Podcast website.
Sign up for our Bi-Weekly Newsletter
In today's episode we take a candid look at the efficacy of vendor risk management programs in the face of breaches. This time, we're reflecting on a conversation that pushed me out of my comfort zone and made me question the very fundamentals of vendor risk management. The startling realization that the well-trodden path of best practices might not hold all the answers spurred a much-needed debate on whether it's time to disrupt the status quo and embrace a more proactive stance in managing vendor risks.
We're challenging conventional wisdom, by evaluating the October 2023 breach of Okta despite the collective efforts of nearly 20,000 customers' vendor risk management programs. The episode takes you through a journey of introspection and industry critique, examining how traditional defensive strategies might not be enough and why a shift in perspective is crucial. We don't just outline the problems; we also explore what it means to safeguard against the inevitable issues and the importance of leading with the taboo in conversations that could redefine industry standards.
For show notes, please visit The GRC Podcast website.
Sign up for our Bi-Weekly Newsletter
Previous Episode
Beyond the Numbers: Balancing Metrics with Intuition in GRC
Ever found yourself in a tug-of-war between hard numbers and gut instinct? Brace yourself for a candid journey into the world of data, as we uncover the truth behind the numbers that drive our decisions. This episode is not just another number crunching monologue; it's a story-rich exploration of how metrics can mislead and the power of anecdotal evidence, as demonstrated in a memorable moment with Jeff Bezos and Lex Friedman.
With a dynamic blend of personal anecdotes and professional insights, we uncover the double-edged sword of metrics. Dissecting the manipulation of data to fabricate success and the unintended consequences of metric-driven incentives, it’s a reality check for any business professional. And for those grappling with measuring the success of a GRC program, get ready for a thought-provoking discussion that will leave you reevaluating your approach. No graphs or spreadsheets needed—just a healthy dose of skepticism and a reminder that sometimes, the stories behind the stats are the real gold.
For show notes, please visit The GRC Podcast website.
Sign up for our Bi-Weekly Newsletter
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-grc-podcast-280367/say-the-taboo-vendor-risk-management-is-bullsht-49388620"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to say the taboo: vendor risk management is bullsh*t on goodpods" style="width: 225px" /> </a>
Copy