EPISODE · Apr 12, 2026 · 23 MIN
Episode 46: Navigating Third-Party Risk and Continuous Monitoring
from Zero Trust Journey · host Victor Monga
In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world.We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them.What You’ll Learn:◈ The Fallacy of the Checklist: Why passing an audit doesn't automatically equal operational security.◈ Continuous vs. Point-in-Time: The true value of SOC 2 audits and where continuous monitoring actually needs to step in (like catching missing 2FA).◈ Quantifying Risk for Leadership: How to move beyond dollar amounts and make cyber risk personal and relatable to the C-suite.◈ Silent Attack Vectors: The danger of stale OAuth tokens, unenforced SSO, and secrets left in commit histories.Key Moments:02:40 ➔ The Breach Reality: Why assessing vendors to completely avoid breaches is impossible, and why impact mitigation is the real goal.05:43 ➔ The Snowflake Example: How point-in-time audits often miss critical dynamic configurations like 2FA.10:53 ➔ Personalizing the Threat: How agentic AI integrations exposed a CEO's tax history—and why that changes the security conversation.16:36 ➔ The OAuth Danger: Why leaving unused OAuth tokens active is like leaving your front door open while on vacation.18:34 ➔ Warning Signs: How M&A activity, mass layoffs, and vendor evasiveness can predict upcoming security risks.🎙️ Meet the Guest:Rachel Curran is a GRC practitioner with over a dozen years of experience building SOC 2 and ISO security programs for startups. She is the founder of Locktivity, a platform focused on helping companies understand where their true third-party risk lies and how to proactively limit impact.➔ LinkedIn: Rachel Curran➔ Locktivity: locktivity.comAbout the Host:Host: Tiernan OMalley, Framework SecuritySubscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.https://ztjourney.comLinkedIn YouTubeDisclaimer: The views expressed are those of the speakers.
What this episode covers
In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world. We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them. What You’ll Learn: ◈ The Fallacy of the Checklist: Why passin...
NOW PLAYING
Episode 46: Navigating Third-Party Risk and Continuous Monitoring
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.