Sign up to save your podcasts
Or
Share Episode 46: Navigating Third-Party Risk and Continuous Monitoring
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 46: Navigating Third-Party Risk and Continuous Monitoring
In this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world.
We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them.
What You’ll Learn:
◈ The Fallacy of the Checklist: Why passing an audit doesn't automatically equal operational security.
◈ Continuous vs. Point-in-Time: The true value of SOC 2 audits and where continuous monitoring actually needs to step in (like catching missing 2FA).
◈ Quantifying Risk for Leadership: How to move beyond dollar amounts and make cyber risk personal and relatable to the C-suite.
◈ Silent Attack Vectors: The danger of stale OAuth tokens, unenforced SSO, and secrets left in commit histories.
Key Moments:
02:40 ➔ The Breach Reality: Why assessing vendors to completely avoid breaches is impossible, and why impact mitigation is the real goal.
05:43 ➔ The Snowflake Example: How point-in-time audits often miss critical dynamic configurations like 2FA.
10:53 ➔ Personalizing the Threat: How agentic AI integrations exposed a CEO's tax history—and why that changes the security conversation.
16:36 ➔ The OAuth Danger: Why leaving unused OAuth tokens active is like leaving your front door open while on vacation.
18:34 ➔ Warning Signs: How M&A activity, mass layoffs, and vendor evasiveness can predict upcoming security risks.
🎙️ Meet the Guest:
Rachel Curran is a GRC practitioner with over a dozen years of experience building SOC 2 and ISO security programs for startups. She is the founder of Locktivity, a platform focused on helping companies understand where their true third-party risk lies and how to proactively limit impact.
➔ LinkedIn: Rachel Curran
➔ Locktivity: locktivity.com
About the Host:
Host: Tiernan OMalley, Framework Security
Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.
- https://ztjourney.com
- YouTube
Disclaimer: The views expressed are those of the speakers.
View all episodes
By Victor MongaIn this episode, host Tiernan O'Malley sits down with Rachel Curran, GRC practitioner and founder of Locktivity, to unpack the complexities of Governance, Risk, and Compliance (GRC) in a cloud-first world.
We dive deep into why third-party risk management cannot just be a "check-the-box" compliance exercise and how organizations must shift their focus from merely assessing vendors to actively managing how they interact with them.
What You’ll Learn:
◈ The Fallacy of the Checklist: Why passing an audit doesn't automatically equal operational security.
◈ Continuous vs. Point-in-Time: The true value of SOC 2 audits and where continuous monitoring actually needs to step in (like catching missing 2FA).
◈ Quantifying Risk for Leadership: How to move beyond dollar amounts and make cyber risk personal and relatable to the C-suite.
◈ Silent Attack Vectors: The danger of stale OAuth tokens, unenforced SSO, and secrets left in commit histories.
Key Moments:
02:40 ➔ The Breach Reality: Why assessing vendors to completely avoid breaches is impossible, and why impact mitigation is the real goal.
05:43 ➔ The Snowflake Example: How point-in-time audits often miss critical dynamic configurations like 2FA.
10:53 ➔ Personalizing the Threat: How agentic AI integrations exposed a CEO's tax history—and why that changes the security conversation.
16:36 ➔ The OAuth Danger: Why leaving unused OAuth tokens active is like leaving your front door open while on vacation.
18:34 ➔ Warning Signs: How M&A activity, mass layoffs, and vendor evasiveness can predict upcoming security risks.
🎙️ Meet the Guest:
Rachel Curran is a GRC practitioner with over a dozen years of experience building SOC 2 and ISO security programs for startups. She is the founder of Locktivity, a platform focused on helping companies understand where their true third-party risk lies and how to proactively limit impact.
➔ LinkedIn: Rachel Curran
➔ Locktivity: locktivity.com
About the Host:
Host: Tiernan OMalley, Framework Security
Subscribe to our LinkedIn to never miss news, updates, and quizzes to earn digital badges.
- https://ztjourney.com
- YouTube
Disclaimer: The views expressed are those of the speakers.