If you haven’t already seen our 11th Annual Shared Risk Assessments Summit Day One recap, read it now. Day two of the Summit was equally educational and our line-up of all-star speakers did not disappoint as we dove deeper into exploring the theme of resilience within the third party risk community and beyond.
Breakfast with Bitsight
Day Two of our 11th Annual Shared Risk Assessments Summit began with a breakfast case study presented by Bitsight. The case study begged the question “Is it possible to improve security of existing vendors without contract changes or requirements?” This imperative question had us all thinking about how we should better communicate our initiatives to management, with the note that collaboration does not work with bad data.
Slow Down to Speed Up
After breakfast, we had the pleasure of hearing from Wafaa Mamilli, Executive Technology and Digital Leader, Eli Lilly, on Fostering Resiliency from Within Your Organization. One concept Wafaa stressed was the need to slow down in order to speed up. It’s crucial to our organizations and our teams to take the time to have development days, regardless of how busy things are at the office. In order to achieve operational excellence, we need to take a step back, examine our team of teams, and think on how we can best work together based on our strengths and weaknesses.
Next, we began our first panel discussion of the day on Privacy and GDPR. With the impending May 25th GDPR deadline, this panel could simply not be overlooked. Moderated by Linnea Solem, Founder and CEO, Solem Risk Partners, the panelists included: Lisa Berry-Tayman JD, Sr. Manager, Privacy and Information Governance, CyberScout; Nathan Johnson, Advisor – Global Privacy Office, Eli Lilly; and Andrew McDevitt, Senior Privacy Analyst – Global Privacy Office, Northrop Grumman. Some key takeaways from this panel discussion were that you can outsource your work, but you can’t outsource the responsibility that comes with it. In times of doubt, Lisa Berry-Tayman JD suggested that we ask ourselves, “What Would Data Subjects Want?” Half-jokingly, she mused that we make bracelets with WWDSW imprinted on them, serving as a constant reminder to put the data subjects first—there should never be anything unexpected happening to their data.
Following this entertaining, yet informative panel, we moved on to our second panel discussion of the day; Trends in Risk Rating and Continuous Monitoring. Emily Irving, Assistant Vice President, Manager, Enterprise Third Party Risk Management, Wellington Management, moderated the panel, which included Jonathan Dambrot, CEO and Co-Founder, Prevalent, Inc.; James Gellert, Chairman and CEO, Rapid Ratings; and Atul Vashistha, Chairman and CEO, Neo Group & Supply Wisdom. The panel stressed that risk doesn’t just happen in one part of a company in an isolated area. Particularly in a company that is weakening, they are going to be cutting corners and investing in other areas, which could expose them to more risks and negatively impact cyber security down the road. While there’s no way to catch everything, having the proper systems in place for addressing the monitoring of the company more closely is crucial—a community-driven effort is the only way to mitigate third party risk.
Following a brief Exhibitor Networking Break, we heard from our own Robin Slade, Executive Vice President and Chief Operating Officer, who moderated panelists Shawn Malone, Shared Assessments Chair and Founder and CEO, Security Dilligence, LLC and Glen Sgambati, Shared Assessments Program Vice-Chair and Customer and Industry Relations Executive, Early Warning Services, on Shared Assessments program updates. One of our main questions to attendees was their preference on the format of our Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments program—in-person, or online? If you have a strong opinion on this matter, feel free to contact us and let us know… we’d love to hear from you!
SAI Global Case Study
After learning more about our Shared Assessments program, we were presented with a case study from SAI Global, which focused on traceability in the supply chain, citing examples from the pharmaceutical industry.
The Bottom Line
The Day Two lunch buffet was just as delicious as the first, and during the break, attendees had the opportunity to check out two different Solutions Showcase sessions, one presented by Opus, and the other by RiskRecon. After the break, we began a panel discussion entitled, Third Party Risk Research Update, which was moderated by our own Gary Roboff, Senior Advisor, and included panelists, Rocco Grillo, Executive Managing Director, Stroz Friedberg; Charlie Miller, Senior Vice President, The Santa Fe Group; Paul Kooney, Managing Director, Protiviti, Inc.; and Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute. The panel focused on IoT and risk. When it comes to risk, it’s not just the regulatory data, it’s the disruption of business and availability. Nothing hits a company harder than the impact to its revenue. Whether you’re a fortune 500, a midsize company, or a mom and pop, if your bottom line is getting hit, your company will receive negative attention.
The Three C’s
Following the final exhibitor networking break of the Summit, we heard from an all-star female panel consisting of Wafaa Mamilli, Executive Technology and Digital Leader, Eli Lilly; Anne Lim O’Brien, Global CEO & Board Practice and Global Consumer Practice, Heidrick & Struggles; Ceree Eberly, Former Senior Vice President and Chief People Officer, Coca-Cola Company; and Elena Steinke, Director, Women’s Society of Cyberjutsu, which was moderated by Joyce Brocaglia, CEO, Alta Associates. One of the key takeaways from this panel discussion on Talent Management was how soft skills play a key role in team dynamics. Additionally, in order to be a part of the boardroom, employees need to exhibit the “three C’s”:
It is with these three “C” characteristics that employees can become agile learners who thrive in the workplace.
Will Machines Replace Us?
After this lively discussion, we moved on to the last panel discussion of the Summit on data science/analytics, AI, and ML with panelists Vicki O’Meara, President and CEO, Analytics Pros, and Stephen Boyer, Co-Founder and CTO, Bitsight Technologies.
While consumers enjoy the personalization of their shopping and living options thanks to marketing data, what’s the appropriate use of this data, who owns it, and how do we put a governance process in place? In addition to these questions, the panel had our attendees deep in AI speculation, asking the following questions:
- How will the essence of what we’re creating be helpful, not hurtful?
- How will human ethics be encoded into self-driving vehicles?
- Will machines replace us?
Concluding the 2018 Summit
The final panel definitely gave us a lot to think about as we concluded the day. The event ended just as it had begun, with remarks from our CEO, Catherine Allen. From there celebratory drinks, hors d’oeuvres, and even karaoke were enjoyed at the closing reception.
Save the date for April 10-11, 2019 for the 12th Annual Shared Assessments Summit.