The Cyber5 Podcast

EP36: The Cyber5 – Attributes of a Robust Third Party Risk Management Program

Episode 36 | December 17, 2020

Episode 36 | December 17, 2020

Episode 36 of the podcast covers the attributes of a robust third-party risk management program including how to use threat intelligence to inform actionable outcomes with third parties with CISO of Caterpillar Financial Ross Young.


  • Question 1 (01:25) Within your threats and safeguards matrix, you identify vendor and partner data as a major threat. How do you rank order each vendor and what are risk factors of vendors you assess?
  • Question 2 (05:33) How does cyber threat intelligence play a factor?
  • Question 3 (06:44) What are the critical, actionable outcomes you are looking for with threat intelligence as it pertains to TPRM?
  • Question 4 (11:15) Are you using threat intelligence to inform other threats to the business such as compliance, financial, HR, or legal?
  • Question 5 (14:00) What’s the best advice you would give to people coming out of the IC and want to be CISOs?