When:    December 4 | 2025      Attend

From malware-laced updates to vulnerable open-source dependencies, attackers are increasingly targeting the vendor software that enterprises rely on to operate their business. According to a recent Gartner survey on Third Party Risk Management, 83% of Cyber risk professionals find risks embedded within vendor applications after deployment.

As a result, it is clear that the status quo for defending the enterprise from cyber threats originating in the software supply chain is no longer sufficient. Organizations must adopt new strategies to more effectively manage third party security risk, ensuring vendor software can be safely onboarded, while still maintaining business velocity.

During this session, our panelists will explore:

• What makes third party software inherently risky
• Actions you can take to identify risks before software is purchased or deployed
• How to work collaboratively with a vendor to address risks
• Protections that can be put in place to mitigate vendor software risks
• Best practices for continuously monitoring risk throughout the vendor lifecycle

Panel

Charlie Jones, CISA,(ChCSP, CISSP, CISA), Director, Product Management at ReversingLabs. Charlie is currently a Director of Product Management and subject matter expert (SME) in supply chain security, digital trust, and product strategy. Formerly a consultant at PwC, Charlie has 10 years experience delivering strategic transformation initiatives, specializing in cyber security, third-party risk management, and IT audit programs for Fortune and FTSE 100 financial service institutions. An active member of the global cyber security community, Charlie regularly publishes thought leadership, speaks at high-profile conferences, participates in industry working groups, and helps shape international standards through his position on the Technical Advisory Panel for the UK Cyber Security Council. Recently honored with the prestigious CSO 30 Award, Charlie is recognized as a top security leader in the UK, demonstrating outstanding business value, innovation, and contributions to the wider community. LinkedIn: https://www.linkedin.com/in/charlie-jones3/

Nicholas Geyer serves as the Sr. Product Marketing Manager for Third-Party Management at OneTrust. In his role, Nick guides go-to-market workstreams and product strategy across OneTrust’s third-party risk management solutions to help customers better understand the evolving risks posed by their third parties and how to leverage technology to take a data-centric and risk-based approach to create a resilient, secure, and scalable third-party ecosystem.

Ed Thomas is a Senior Vice President at ProcessUnity, with an extensive background in Third-Party Risk Management. A seasoned expert in the field, Ed has years of experience guiding organizations on their journey to establish efficient and effective risk management programs. Combining his deep industry knowledge with practical insights, Ed aims to assist organizations in realizing the full potential of their TPRM programs.