The Cyber5 Podcast

Third Party Risk Management in the View of Medium Size Businesses with AlixPartners Security Manager Bill Varhol

Episode 19 of the podcast covers third party risk management considerations for medium size businesses, including how to respond to larger enterprises who contact with alleged vulnerability exposure with Bill Varhol, Security Manager at Alix Partners.


  • (01:40) Question 1: There are tens of thousands of companies that have robust but resource constrained security operations centers (between 10-20 personnel). What are some instances when you get called by SOC’s of larger clients with vulnerabilities that are exposed?
  • (03:40) Question 2: Are those vulnerabilities accurate? If not, why not? What are they missing?
  • (07:48) Question 3: Understanding resources are limited with small and medium businesses, how should small to medium businesses be best prepared for getting the call from larger enterprises that they have an immediate vulnerability needing to be remediated? What can medium size businesses do to create threat intelligence programs to help alert to these vulnerabilities?
  • (12:06) Question 4: What should larger SOCs be doing, not only in the vendor management onboarding risk process, but in practice when potential vulnerabilities are discovered after onboarding is complete?
  • (15:18) Question 5: Do you think the current processes many companies have in place truly mitigate risk?

Episode 19 | August 13, 2020

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks