The Cyber5 Podcast

Attributes of a Robust Third Party Risk Management Program

Episode 36 of the podcast covers the attributes of a robust third-party risk management program including how to use threat intelligence to inform actionable outcomes with third parties with CISO of Caterpillar Financial Ross Young.


  • Question 1 (01:25) Within your threats and safeguards matrix, you identify vendor and partner data as a major threat. How do you rank order each vendor and what are risk factors of vendors you assess?
  • Question 2 (05:33) How does cyber threat intelligence play a factor?
  • Question 3 (06:44) What are the critical, actionable outcomes you are looking for with threat intelligence as it pertains to TPRM?
  • Question 4 (11:15) Are you using threat intelligence to inform other threats to the business such as compliance, financial, HR, or legal?
  • Question 5 (14:00) What’s the best advice you would give to people coming out of the IC and want to be CISOs?

Episode 36 | December 17, 2020

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks