Episode 46: Navigating Third-Party Risk and Continuous Monitoring episode artwork

EPISODE · Apr 12, 2026 · 23 MIN

Episode 46: Navigating Third-Party Risk and Continuous Monitoring

from Zero Trust Journey · host Victor Monga

In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world.We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them.What You’ll Learn:◈ The Fallacy of the Checklist: Why passing an audit doesn't automatically equal operational security.◈ Continuous vs. Point-in-Time: The true value of SOC 2 audits and where continuous monitoring actually needs to step in (like catching missing 2FA).◈ Quantifying Risk for Leadership: How to move beyond dollar amounts and make cyber risk personal and relatable to the C-suite.◈ Silent Attack Vectors: The danger of stale OAuth tokens, unenforced SSO, and secrets left in commit histories.Key Moments:02:40 ➔ The Breach Reality: Why assessing vendors to completely avoid breaches is impossible, and why impact mitigation is the real goal.05:43 ➔ The Snowflake Example: How point-in-time audits often miss critical dynamic configurations like 2FA.10:53 ➔ Personalizing the Threat: How agentic AI integrations exposed a CEO's tax history—and why that changes the security conversation.16:36 ➔ The OAuth Danger: Why leaving unused OAuth tokens active is like leaving your front door open while on vacation.18:34 ➔ Warning Signs: How M&A activity, mass layoffs, and vendor evasiveness can predict upcoming security risks.🎙️ Meet the Guest:Rachel Curran is a GRC practitioner with over a dozen years of experience building SOC 2 and ISO security programs for startups. She is the founder of Locktivity, a platform focused on helping companies understand where their true third-party risk lies and how to proactively limit impact.➔ LinkedIn: Rachel Curran➔ Locktivity: locktivity.comAbout the Host:Host: Tiernan OMalley, Framework SecuritySubscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.https://ztjourney.comLinkedIn YouTubeDisclaimer: The views expressed are those of the speakers.

In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world. We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them. What You’ll Learn: ◈ The Fallacy of the Checklist: Why passin...

NOW PLAYING

Episode 46: Navigating Third-Party Risk and Continuous Monitoring

0:00 23:12

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Zero Trust Journey?

This episode is 23 minutes long.

When was this Zero Trust Journey episode published?

This episode was published on April 12, 2026.

What is this episode about?

In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world.We dive deep into why third-party risk...

Can I download this Zero Trust Journey episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!