The Cyber5 Podcast

EP19: The Cyber5 – Third Party Risk Management in the View of Medium Size Businesses with AlixPartners Security Manager Bill Varhol

Episode 19 | August 13, 2020

Episode 19 | August 13, 2020

Episode 19 of the podcast covers third party risk management considerations for medium size businesses, including how to respond to larger enterprises who contact with alleged vulnerability exposure with Bill Varhol, Security Manager at Alix Partners.


  • (01:40) Question 1: There are tens of thousands of companies that have robust but resource constrained security operations centers (between 10-20 personnel). What are some instances when you get called by SOC’s of larger clients with vulnerabilities that are exposed?
  • (03:40) Question 2: Are those vulnerabilities accurate? If not, why not? What are they missing?
  • (07:48) Question 3: Understanding resources are limited with small and medium businesses, how should small to medium businesses be best prepared for getting the call from larger enterprises that they have an immediate vulnerability needing to be remediated? What can medium size businesses do to create threat intelligence programs to help alert to these vulnerabilities?
  • (12:06) Question 4: What should larger SOCs be doing, not only in the vendor management onboarding risk process, but in practice when potential vulnerabilities are discovered after onboarding is complete?
  • (15:18) Question 5: Do you think the current processes many companies have in place truly mitigate risk?