When:    December 4 | 2025      Attend

From malware-laced updates to vulnerable open-source dependencies, attackers are increasingly targeting the vendor software that enterprises rely on to operate their business. According to a recent Gartner survey on Third Party Risk Management, 83% of Cyber risk professionals find risks embedded within vendor applications after deployment.

As a result, it is clear that the status quo for defending the enterprise from cyber threats originating in the software supply chain is no longer sufficient. Organizations must adopt new strategies to more effectively manage third party security risk, ensuring vendor software can be safely onboarded, while still maintaining business velocity.

During this session, our panelists will explore:

• What makes third party software inherently risky
• Actions you can take to identify risks before software is purchased or deployed
• How to work collaboratively with a vendor to address risks
• Protections that can be put in place to mitigate vendor software risks
• Best practices for continuously monitoring risk throughout the vendor lifecycle

Panel

Charlie Jones, CISA,(ChCSP, CISSP, CISA), Director, Product Management at ReversingLabs. Charlie is currently a Director of Product Management and subject matter expert (SME) in supply chain security, digital trust, and product strategy. Formerly a consultant at PwC, Charlie has 10 years experience delivering strategic transformation initiatives, specializing in cyber security, third-party risk management, and IT audit programs for Fortune and FTSE 100 financial service institutions. An active member of the global cyber security community, Charlie regularly publishes thought leadership, speaks at high-profile conferences, participates in industry working groups, and helps shape international standards through his position on the Technical Advisory Panel for the UK Cyber Security Council. Recently honored with the prestigious CSO 30 Award, Charlie is recognized as a top security leader in the UK, demonstrating outstanding business value, innovation, and contributions to the wider community. LinkedIn: https://www.linkedin.com/in/charlie-jones3/

Nicholas Geyer serves as the Sr. Product Marketing Manager for Third-Party Management at OneTrust. In his role, Nick guides go-to-market workstreams and product strategy across OneTrust’s third-party risk management solutions to help customers better understand the evolving risks posed by their third parties and how to leverage technology to take a data-centric and risk-based approach to create a resilient, secure, and scalable third-party ecosystem.

David Stapleton is the Chief Trust Officer at ProcessUnity, the global leader in third party risk management solutions. With over fifteen years of experience building and leading cybersecurity, risk, and compliance programs across both government and private sectors, David has held pivotal roles at the U.S. Food and Drug Administration, Indian Health Service, and was an early contributor to the development of the FedRAMP program. At ProcessUnity, he oversees trust, security, and risk functions, aligning internal operations with the evolving needs of customers and regulators. As a Certified Information Systems Security Professional (CISSP), David frequently writes and speaks on topics including third-party risk, security leadership, and building trust in modern SaaS environments.