Let’s Go Shopping: Third-Party Vendors and CyberRisk
Unknown
BSides Las Vegas 2025 · Day 1
**Rafael Lyala** uses a **grocery shopping** metaphor to explain **third-party risk management (TPRM)** for mixed audiences: security professionals, coworkers, family, and friends. The talk explicitly warns security specialists it may feel “surface,” because the goal is **transferable mental models** rather than operational scoring formulas. The speaker defines TPRM simply as weighing **return on investment** against **risk of impact**, then maps grocery decisions onto **criticality (impact)**, **inherent risk (probability)**, and **residual risk after controls**.
AI review
Well-intentioned accessibility talk for non-specialists, but thin for a technical BSides track. The grocery metaphor is memorable; the cyber section is mostly headline history without new analysis or defender mechanics.