In this episode, Richard Seiersen, Chief Risk Technology Officer from Qualys, joins us to talk about the critical topic of third-party risks in business operations. Richard emphasizes the need for risk management professionals to measure and mitigate these risks, as well as understand the necessity of business resilience through risk transfer and capital reserves, particularly in the context of increasing third-party usage. He advocates for a shift in the security industry towards a more business-aligned approach, stressing the need for better measurement practices and the integration of concepts such as understanding the impact of breaches on customer attrition and brand trust.

Richard is focused on cybersecurity risk management – as a modern enterprise practice and leadership skill. His books, speaking, and work support security leaders who need to align security practice with business goals. That alignment is at the heart of cybersecurity risk management.

As the Chief Risk Technology Officer at Qualys, Richard helps customers and the broader security community measure, communicate, and eliminate risk. With over 10 years of experience as a CISO, he has led and supported security strategy, operations, and governance across various industries and orgs, including Twilio, GE, and LendingClub.

He is also a published author and a faculty member at IANS, where he share his insights and knowledge on security metrics and risk management. His books, “How To Measure Anything In Cybersecurity Risk” and “The Metrics Manifesto: Confronting Security With Data”, provide practical and innovative approaches to quantifying and reducing security risk.