Sweet Fish
Third Party
If you manage third-party cyber risk, you’ve seen it all: meaningless scorecards, black-box tools, and endless frameworks that never quite connect to business impact. Third-Party is the podcast built for the people behind the dashboards. The ones managing 5,000 vendors with a team of three. Hosted by Jeffrey Wheatman, Ferhat Dikbiyik, and Bob Maley, this show unpacks what actually works (and what doesn’t) in TPRM. No fear tactics. No buzzwords. Just unfiltered conversations, sharp insights, and the occasional roast of a really bad SIG questionnaire. If you’ve ever had to explain cyber vendor r
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
The #1 Mistake Boards Make on Cyber Risk 01.07.2026 32:30
Cyber risk communication with boards is broken—and most organizations don’t realize how much it’s costing them. In this episode, we unpack cyber risk communication with boards and reveal why even well-prepared security leaders fail to get buy-in where it matters most. If you’ve ever struggled to explain risk in a way executives actually understand, this conversation will show you how to fix it. Je...
The Hidden Signals Predicting Vendor Collapse 17.06.2026 37:12
Third-Party Risk Prediction is the future of cybersecurity, but can you actually predict when a vendor will fail? In this episode of Third Party, we explore third-party risk prediction and whether forecasting vendor failure is realistic or just another false promise. If you’ve ever wondered how to identify hidden risks before they explode, this conversation delivers practical insights you can act...
Mythos Hype Check: TPRM Paradigm Shift or Big Nothing Burger 04.06.2026 45:29
A new AI model called Mythos promises to find vulnerabilities faster than any human team. But what does that actually mean for the security leaders responsible for managing third-party risk? In this special episode, Jeffrey Wheatman is joined by Bob Maley, Ferhat Dikbiyik, and Black Kite co-founder and CTO Candan Bolukbas to break down what Mythos and Project Glasswing actually change, and what th...
Are You Measuring the Right Risks…Or Just the Easiest Ones? 20.05.2026 31:30
Are you measuring the right risks in your third party risk management program—or just the easiest ones? In this episode, we break down how most teams approach third party risk management metrics and why those metrics often fail to reflect real business risk. If you’ve ever wondered whether your TPRM strategy is actually driving better decisions or just producing reports, this conversation will cha...
Why Automation Is Creating More Cyber Risk 06.05.2026 34:13
Automation vs Accuracy in TPCRM is one of the biggest challenges in modern third-party risk management. In this episode, we break down how the push for faster automation is impacting accuracy, and what that means for your TPCRM program. If you’re relying on automation to scale vendor risk assessments, this conversation will help you avoid costly blind spots and make smarter decisions. Jeffrey Whea...
How to Calculate the Real Cost of a Third-Party Breach 22.04.2026 40:02
Calculating the real financial impact of a third-party breach is one of the hardest challenges in cybersecurity today. In this episode, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik explore how organizations can move beyond vague warnings about risk and start putting real numbers behind the potential cost of a third-party breach. If you want security leaders, executives, and boards to take thir...
Vendor Sprawl Is Out of Control (Here’s How the Best Teams Fix It) 08.04.2026 38:58
Vendor sprawl is out of control, and most organizations have far more third-party vendors than they realize. In this episode, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik unpack the growing problem of vendor sprawl and why it has quietly become one of the biggest sources of cyber risk. If your organization relies on dozens or hundreds of third parties, this conversation will help you understan...
What You Should NEVER Automate in Risk Programs 25.03.2026 37:39
TPCRM automation is rapidly becoming a priority for risk teams, but automating the wrong things can quietly increase exposure instead of reducing it. In this episode, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik unpack the reality of TPCRM automation and what you can safely automate versus what should never be automated inside a third-party cyber risk program. If you are responsible for managi...
Is Cybersecurity Regulation Actually Dangerous? 11.03.2026 56:12
Is cybersecurity regulation actually dangerous? In this episode, we examine whether cybersecurity regulation is improving real security or quietly making organizations less safe. If you have ever wondered whether compliance helps or hurts your defenses, this conversation breaks down what cybersecurity regulation gets right, where it fails, and how leaders should think about risk beyond checklists....
The Real Meaning of “C” in TPCRM 25.02.2026 42:08
What puts the “C” in TPCRM? As third-party risk management evolves, leaders are asking what the “C” in TPCRM really means, and why cyber risk now has an outsized impact on every other risk. We unpack what puts the “C” in TPCRM, why cyber is more than a checkbox, and how misunderstanding it can quietly put your entire business at risk. In this episode of Third Party, hosts Jeffrey Wheatman, Bob Mal...
Whose Breach Is It Anyway? 11.02.2026 42:39
Whose Breach Is It Anyway? When a vendor gets breached and data is exposed, whose breach is it anyway, and who actually pays the price? In this episode, we break down why finger-pointing after every breach is becoming the default response and what that means for real security outcomes. You’ll learn how shared data creates shared damage, and how leaders can respond smarter when third-party risk bec...
The Truth About AI in Risk Management 14.01.2026 43:20
AI risk models are changing how organizations assess vendors, quantify cyber risk, and make high-stakes decisions, but most leaders don’t truly understand what’s happening under the hood. In this episode, AI risk models are stripped down and stress-tested to reveal where automation adds clarity, where it creates blind spots, and why overconfidence in models can quietly increase risk. If you’ve eve...
Why 2026 Might Be the Hardest Cyber Year Yet 31.12.2025 51:34
The 2026 cybersecurity predictions are here, and they’re more urgent than anyone expected. In this episode, hosts Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik break down what’s coming in the next 12 months, why AI risk is accelerating faster than anyone projected, and how security leaders can stay ahead instead of getting blindsided. If you want clarity (not hype) this conversation delivers re...
This Is Why Third-Party Risk Never Ends 17.12.2025 50:48
Third-party risk management is broken, and this episode of Third Party shows you exactly why. Discover the five biggest mistakes companies make when managing vendors and compliance programs, and learn how to fix them before they cost you trust, money, and reputation. If you work in cybersecurity, compliance, or risk, this episode gives you the roadmap to move from “checkbox” protection to real sec...
How to Beat Ransomware Fatigue 03.12.2025 50:14
Ransomware fatigue is real, and it’s putting organizations at risk. In this episode of Third Party, hosts Bob Maley, Ferhat Dikbiyik, and Jeffrey Wheatman unpack why ransomware fatigue has become as dangerous as ransomware itself. They break down how constant headlines and endless alerts are numbing CISOs and executives, and why ignoring this “background noise” could open the door to your next maj...
The Dark Side of Cyber Report Cards 12.11.2025 46:19
Too often, businesses rely on simple grades or one-page summaries without the context needed to make informed decisions. In this episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik explore the dark side of cybersecurity report cards and vendor risk scores. The hosts break down why these scores can mislead, how conflicting results create confusion, and why transparency and cont...
AI’s Seismic Impact on Cybersecurity 29.10.2025 44:29
In today’s episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik dive into how artificial intelligence is reshaping third party risk management. From generative AI tools to shadow AI, they explore both the opportunities and dangers of adopting AI across vendor ecosystems. The hosts discuss automation, governance councils, AI-driven vulnerabilities, and whether risk teams can tr...
Cybersecurity Metrics Boards Actually Care About 15.10.2025 41:38
Cybersecurity metrics are one of the biggest challenges when reporting to executives and the board. In this episode of Third Party, Jeffrey Wheatman, Bob Maley and Ferhat Dikbiyik break down the cybersecurity metrics your board actually cares about. Not vanity numbers, not meaningless dashboards, but the ones that drive real business decisions. If you’ve ever struggled to get your board to engage...
You’ve Been Lied to About Cyber Risk Scores 01.10.2025 35:23
If you manage third-party cyber risk, you already know the pain of black-box scores and endless frameworks that miss the point. In this episode, hosts Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik expose the problem nobody talks about: lack of transparency. From regulatory pressure to boardroom confusion, they break down why today’s vendor risk assessments fail to deliver clarity and what to do...
The Untold Story of Third Party Risk 17.09.2025 1:05
Third Party is on a mission to pull risk out of the shadows and strip away the jargon, noise, and black-box tools that leave leaders guessing. It’s about clarity, not fear. Hosted by Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik, this show blends decades of expertise with curiosity and candid conversation to reframe third party risk in plain English. Whether you’re a CISO, risk manager, or simp...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet