Oct 2021

webinar: Threat Briefing: Real-world Cyberattacks on the Supply Chain

Tuesday, October 26, 2021 | 11:00am-12:00pm ET

Cybersecurity and third party risk professionals are growing increasingly concerned over the risk cyber attacks pose to supply chains. The fallout from a single attack on a supplier triggers a chain reaction impacting the entire network of providers leading to downtime of systems, monetary loss, and reputational damage. This session will impart strategies for mitigating the risk these devastating attacks pose to your organization.

Cost: Free / Credits:1 CPE


Mike Jackson, Cybersecurity Advisor (CSA), Cybersecurity and Infrastructure Security Agency (CISA)

Mike Jackson is a Cybersecurity Advisor with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Mr. Jackson is responsible for supporting the CISA mission of establishing and maintaining cybersecurity resilience for private and public critical infrastructure partners in the State of Oklahoma. His duties include conducting detailed management level assessments including Cybersecurity Resilience Reviews and External Dependency Management assessments. Mike Jackson is an Army veteran with extensive background and education in IT and cybersecurity.

Nasser Fattah, Senior Adviser, Shared Assessments

Nasser Fattah has 20+ years as a Cybersecurity, Supply Chain and IT leader. With a focus on customer-first and team building approaches, Fattah is able to align programs to support company strategies, regulatory requirements, and growth initiatives. He drives cybersecurity, supply chain and IT as enablers for enterprise-wide transformation initiatives. Nasser has a strong, consistent record working successfully with Business and IT executives, regulators, auditors, and risk partners. Nasser also teaches cybersecurity at several colleges, and is the chair for North America Shared Assessments – an industry best practices for supply chain.

Nov 2021

member forum call: Best Practices for Onsite or Virtual Assessments

Tuesday, November 2, 2021 | 11:00am-12:00pm ET

Learn current practices for performing assessments in today’s threat and regulatory environment. Shared Assessments’ experts will cover assessments with a practical, real-world lens, and review assessment best practices as outlined in the new Standardized Control Assessment (SCA) Guidelines.

Cost: Free For Members / Credits: 1 CPE


Colleen Milazzo, SVP TPRM Software Products, Shared Assessments

Colleen leads the TPRM software team in development of software products/tools for third party risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has lead programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet corporate strategy.

Angela Dogan, Founder and CEO, Davis Dogan Advisory Services

Versatile cybersecurity and risk management expert with the skills and experience necessary to drive highly complex risk management programs. Angela brings a proven capacity to develop and facilitate Enterprise Risk Management (ERM) programs as well as Third-Party Risk Management (TPRM) programs to thoroughly analyze and control critical data, proactively identify and mitigate risk, design, and introduce forward-thinking risk management guidelines, and pinpoint key areas for process improvement.

webinar: The 5 Most Important KRIs and KPIs to Effectively Manage Your TPRM Program

Wednesday, November 10, 2021 | 11:00am-12:30pm ET

Implementing key performance indicators (KPIs) and key risk indicators (KRIs) that are meaningful to leadership and the board – as well as truly actionable – are the backbone of a successful third party risk management (TPRM) program. However, defining and gathering these measurements has long been a complex task requiring you to manually collect and translate obscure metrics into potential business impacts and risk. How can metrics be better defined and communicated without all of the manual work?

We will explore the do’s and don’ts of KRI/KPI definitions for third party management and visit the top 5 most important KRIs and KPIs to help your team get a grasp of your third party estate. Learn how to demonstrate program success with KRIs/KPIs, how to avoid misrepresenting broader third party risk, and how to present metrics in a way stakeholders value.

Cost: Free / Credits:1.5 CPEs


Alastair Parr, SVP, Global Products & Risk, Prevalent

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 12 years’ experience in product management, consultancy and operations deliverables.

Tom Garrubba, Vice President, Shared Assessments

Tom Garrubba, Vice President, is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA,, and numerous eGRC websites.