What puts the “C” in TPCRM? As third-party risk management evolves, leaders are asking what the “C” in TPCRM really means, and why cyber risk now has an outsized impact on every other risk. We unpack what puts the “C” in TPCRM, why cyber is more than a checkbox, and how misunderstanding it can quietly put your entire business at risk.

In this episode of Third Party, hosts Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik break down the shift from traditional TPRM to TPCRM and explain why cyber risk can’t be treated as just another compliance item. From operational disruption and resilience to cascading supply-chain failures, the conversation explores how cyber risk intersects with financial, operational, and enterprise risk, and why boards and executives need a clearer, more connected view.

What this episode covers:

• What the “C” in TPCRM actually stands for… and what it doesn’t
• Why cyber risk isn’t just about data breaches or compliance
• How cyber creates cascading impact across operations, finance, and supply chains
• Why treating cyber as a point-in-time risk leaves organizations exposed
• How leaders should think about cyber in business and boardroom terms

Don’t risk treating cyber as a checkbox while it quietly drives your biggest exposures. Learn how to understand the real “C” in TPCRM and protect your business before cyber risk turns into operational and financial damage.

Whose Breach Is It Anyway? When a vendor gets breached and data is exposed, whose breach is it anyway, and who actually pays the price? In this episode, we break down why finger-pointing after every breach is becoming the default response and what that means for real security outcomes. You’ll learn how shared data creates shared damage, and how leaders can respond smarter when third-party risk becomes a crisis.

In this episode of Third Party, hosts Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik dig into the uncomfortable truth behind vendor breaches, accountability, and transparency. From supply-chain incidents to public disclosure, they explore why blame doesn’t fix breaches. And what actually helps organizations recover, protect customers, and reduce future risk.

What this episode covers:

• Why “whose breach is it anyway” is the wrong question—and the better ones to ask

• How finger-pointing delays response and increases long-term damage

• The hidden risks of third-party and supply-chain breaches

• When transparency helps—and when it can backfire

• Who ultimately bears the cost of a breach: vendors, companies, or customers

Don’t risk repeating the same mistakes after your next vendor incident. Learn how to move past blame, protect your customers, and respond to breaches the right way…before shared damage becomes permanent damage.

Who owns cyber risk in third-party relationships? In this episode of Third Party, we tackle one of the most urgent questions facing security leaders today: who is actually accountable for third-party risk when something goes wrong? If you’re a CISO, risk leader, or executive trying to avoid blame, regulatory fallout, or career-ending mistakes, this conversation delivers clarity you can act on immediately.

Hosted by Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik, this episode breaks down the real difference between ownership, responsibility, and accountability in third-party cyber risk. The hosts unpack why CISOs are often blamed for risks they don’t own, how boards and executives should be involved, and why documenting risk decisions matters more than ever as regulators and courts increase scrutiny. This discussion explains how misaligned risk ownership leads to firings, fines, and failures—and how to prevent that inside your organization.

What you’ll learn in this episode:

• How to define ownership vs. accountability in third-party cyber risk
• Why CISOs should inform risk, not silently absorb it
• Who actually owns financial risk when vendors fail
• How to document risk acceptance so it doesn’t come back on you
• Why regulators and boards are forcing clearer risk decisions
• How to communicate third-party risk in business and financial terms

Don’t risk being the one blamed when a third party breaches your ecosystem. Learn how to clearly assign ownership, document accountability, and protect both your organization and your career—before the next incident forces the issue.

AI risk models are changing how organizations assess vendors, quantify cyber risk, and make high-stakes decisions, but most leaders don’t truly understand what’s happening under the hood. In this episode, AI risk models are stripped down and stress-tested to reveal where automation adds clarity, where it creates blind spots, and why overconfidence in models can quietly increase risk. If you’ve ever struggled to explain or defend an AI-driven decision, this conversation delivers the context you’ve been missing.

Hosted by Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik, this episode of Third Party explores why all models are inherently flawed, how AI amplifies both insight and uncertainty, and why human judgment still matters in third-party risk management. The hosts unpack real-world examples from vendor scoring, cyber risk quantification, and executive decision-making to show why explainability, defensibility, and adaptability matter more than perfect accuracy.

Don’t risk trusting models you can’t justify. Learn how to use AI without surrendering accountability before the wrong decision gets made for you.

The 2026 cybersecurity predictions are here, and they’re more urgent than anyone expected. In this episode, hosts Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik break down what’s coming in the next 12 months, why AI risk is accelerating faster than anyone projected, and how security leaders can stay ahead instead of getting blindsided. If you want clarity (not hype) this conversation delivers real insight into the future of cyber, AI, and third-party risk.

From AI vendors collapsing, to entry-level security roles disappearing, to third-party breaches overtaking direct attacks, the trio unpacks the shifts already shaping 2026. You’ll hear exactly what CISOs, boards, and security teams must rethink, and why the old playbook won’t survive what’s coming next.

In this episode, you’ll learn:

• The biggest 2026 cybersecurity predictions and why experts expect things to get worse before they get better

• How AI risk is accelerating beyond traditional time horizons

• Why 50% of AI vendors may shut down in 2026, and what that means for your organization

• The real reason third-party breaches will outnumber direct attacks

• Where automation is being used incorrectly, and where it should be deployed

• Why boards still aren’t asking the right questions (and the questions they must ask in 2026)

• How AI is reshaping cybersecurity roles—from entry-level to the C-suite

2026 won’t reward teams who wait.

Don’t risk falling behind. Learn what’s coming and how to prepare today.

Third-party risk management is broken, and this episode of Third Party shows you exactly why. Discover the five biggest mistakes companies make when managing vendors and compliance programs, and learn how to fix them before they cost you trust, money, and reputation. If you work in cybersecurity, compliance, or risk, this episode gives you the roadmap to move from “checkbox” protection to real security that lasts.

In this episode, Jeffrey Wheatman, Ferhat Dikbiyik, and Bob Maley break down:

• Why annual assessments fail the moment they’re finished
• How dashboards and “pretty charts” create dangerous blind spots
• The truth about compliance vs. real security
• What “set it and forget it” gets wrong about cyber risk
• How culture—not tools—decides whether your organization stays secure

Whether you’re leading a TPRM team, building a compliance framework, or managing vendor relationships, this episode gives you actionable insight and real-world fixes from experts who’ve seen it all.

Don’t risk another blind spot. Learn how to transform compliance checklists into true security confidence—before your next breach does it for you.

Ransomware fatigue is real, and it’s putting organizations at risk. In this episode of Third Party, hosts Bob Maley, Ferhat Dikbiyik, and Jeffrey Wheatman unpack why ransomware fatigue has become as dangerous as ransomware itself. They break down how constant headlines and endless alerts are numbing CISOs and executives, and why ignoring this “background noise” could open the door to your next major breach.

From the psychology of cybercrime to the economics that keep ransomware alive, the hosts explore how attackers have evolved, why small and mid-sized businesses are increasingly targeted, and what real risk management looks like beyond compliance. You’ll learn how fatigue happens, how to fight it with automation and process, and how to strengthen both your internal culture and your third-party ecosystem.

Too often, businesses rely on simple grades or one-page summaries without the context needed to make informed decisions. In this episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik explore the dark side of cybersecurity report cards and vendor risk scores. The hosts break down why these scores can mislead, how conflicting results create confusion, and why transparency and context are critical for managing third party risk effectively. 

They share stories from their own experiences, discuss the dangers of oversimplifying complex risks, and outline how organizations can move from blame and black-box scoring to measurable, transparent practices that drive real resilience.

In today’s episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik dive into how artificial intelligence is reshaping third party risk management.  From generative AI tools to shadow AI, they explore both the opportunities and dangers of adopting AI across vendor ecosystems. The hosts discuss automation, governance councils, AI-driven vulnerabilities, and whether risk teams can truly scale with these new technologies. 

Listeners will gain insight into how CISOs, cyber risk managers, and security professionals can leverage AI as a partner rather than a replacement, while also preparing for the new attack surfaces it introduces. If you’re interested in third party cyber risk, AI governance, or the future of vendor security, this conversation will help you understand where things are headed and what to watch out for.

Cybersecurity metrics are one of the biggest challenges when reporting to executives and the board. In this episode of Third Party, Jeffrey Wheatman, Bob Maley and Ferhat Dikbiyik break down the cybersecurity metrics your board actually cares about. Not vanity numbers, not meaningless dashboards, but the ones that drive real business decisions. If you’ve ever struggled to get your board to engage with your risk reports, this conversation will show you exactly how to bridge the gap.

Whether you’re building your next board report, preparing for a budget conversation, or trying to get leadership buy-in, this episode gives you the exact strategies to make cybersecurity a business priority.