As I type the words of my very first blog, the weight of writing a blog worthy of your reading is heavy on my mind. You may have seen my name or watched one of my presentations where I hoped to influence companies to move away from compliance checklists to adopting shareable third-party assessment techniques.

Yet this blog isn’t about me. It’s about how third-party risk continues to crawl towards an economic approach across all industries.
My passion in life and career is to help companies resolve the snail pace of evolution from the vast frameworks and methodologies used across the globe to a standardized third-party risk governance using a flexible model for all companies, large and small. We all know that third-party governance is supposed to minimize risk in a fast-paced changing cyber landscape. It is beyond my comprehension why companies fail to understand that identifying and managing risk is necessary to minimize risk. Especially when we allow third-parties to handle our most sensitive data.