Identifying Third-Party Vendor Risks with Michael Magyar, Trava

Media Thumbnail
00:00
00:00
1x
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, Identifying Third-Party Vendor Risks with Michael Magyar, Trava. The summary for this episode is: <p>"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael Magyar</p><p><br></p><p>Michael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security.&nbsp;</p><p>Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.</p><p><br></p><p>Key Takeaways:</p><p><br></p><ul><li>Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”</li><li>What to look out for when working with any vendor or third - party, namely Public Statements of Security</li><li>How to handle a situation if a vendor or third-party of yours is breached</li></ul><p><br></p><p>Timestamps:</p><p>[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava</p><p>[01:25 - 02:36] Expanding understanding of vendors and third parties</p><p>[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024</p><p>[02:36 - 03:59] How to identify risks associated with vendors and third parties</p><p>[05:25 - 07:53] Red flags to look out for, plus Microsoft breach&nbsp;</p><p>[07:54 - 09:16] Penetration testing and third-party security</p><p>[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party</p><p>[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor</p><p>[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts</p><p>[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor</p><p>[16:41 - 20:02] Jara's Receipts</p><p><br></p><p><strong>Connect with the Guest:</strong></p><p><a href="https://www.linkedin.com/in/michael-magyar-2a6506139/" rel="noopener noreferrer" target="_blank">Michael Magyar's LinkedIn</a></p><p><br></p><p><strong>Connect with the host:</strong></p><p><a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a></p><p><br></p><p><strong>Connect with Trava:</strong></p><p>Website <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a></p><p>Blog <a href="http://www.travasecurity.com/blog" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a></p><p>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a></p><p>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity&nbsp;</a></p>
Expanding understanding of vendors and third parties
01:10 MIN
How to identify risks associated with vendors and third-parties
01:22 MIN
Real world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024
01:26 MIN
Red flags to look out for, plus Microsoft breach
02:27 MIN
Penetration testing and third-party security
01:21 MIN
Other ways that businesses can help evaluate the security practices of a third-party
02:02 MIN
Key cybersecurity measures to look for when working with a vendor
01:34 MIN
Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts
00:45 MIN
Cybersecurity steps my company needs to take when signing on with a new vendor
02:01 MIN
Jara's Receipts
03:20 MIN

DESCRIPTION

"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael Magyar


Michael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security. 

Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.


Key Takeaways:


  • Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”
  • What to look out for when working with any vendor or third - party, namely Public Statements of Security
  • How to handle a situation if a vendor or third-party of yours is breached


Timestamps:

[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava

[01:25 - 02:36] Expanding understanding of vendors and third parties

[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024

[02:36 - 03:59] How to identify risks associated with vendors and third parties

[05:25 - 07:53] Red flags to look out for, plus Microsoft breach 

[07:54 - 09:16] Penetration testing and third-party security

[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party

[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor

[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts

[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor

[16:41 - 20:02] Jara's Receipts


Connect with the Guest:

Michael Magyar's LinkedIn


Connect with the host:

Jara Rowe’s LinkedIn


Connect with Trava:

Website www.travasecurity.com

Blog www.travasecurity.com/blog

LinkedIn @travasecurity

YouTube @travasecurity