Identifying Third-Party Vendor Risks with Michael Magyar, Trava

This is a podcast episode titled, Identifying Third-Party Vendor Risks with Michael Magyar, Trava. The summary for this episode is: <p>"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael Magyar</p><p><br></p><p>Michael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security.&nbsp;</p><p>Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.</p><p><br></p><p>Key Takeaways:</p><p><br></p><ul><li>Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”</li><li>What to look out for when working with any vendor or third - party, namely Public Statements of Security</li><li>How to handle a situation if a vendor or third-party of yours is breached</li></ul><p><br></p><p>Timestamps:</p><p>[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava</p><p>[01:25 - 02:36] Expanding understanding of vendors and third parties</p><p>[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024</p><p>[02:36 - 03:59] How to identify risks associated with vendors and third parties</p><p>[05:25 - 07:53] Red flags to look out for, plus Microsoft breach&nbsp;</p><p>[07:54 - 09:16] Penetration testing and third-party security</p><p>[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party</p><p>[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor</p><p>[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts</p><p>[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor</p><p>[16:41 - 20:02] Jara's Receipts</p><p><br></p><p><strong>Connect with the Guest:</strong></p><p><a href="https://www.linkedin.com/in/michael-magyar-2a6506139/" rel="noopener noreferrer" target="_blank">Michael Magyar's LinkedIn</a></p><p><br></p><p><strong>Connect with the host:</strong></p><p><a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a></p><p><br></p><p><strong>Connect with Trava:</strong></p><p>Website <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a></p><p>Blog <a href="http://www.travasecurity.com/blog" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a></p><p>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a></p><p>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity&nbsp;</a></p>