Munish develops and presents the Infrastructure Cyber Incident Scale, a model designed to measure the severity of operational technology cybersecurity incidents. The scale adapts concepts from natural disaster measurement tools such as the Richter Scale to quantify the magnitude, duration, and impact of OT events. His work focuses on giving OT operators, emergency response teams, public officials, and communicators a clear and intuitive way to understand and compare incident severity in real time, along with the underlying rationale and structure of the scale.

Steve analyzes ransomware activity from 2023 through 2025 through continuous monitoring of attacker communications, leaks, and victim disclosures. His work examines shifts in ransomware gang behavior, consolidation among top groups, evolving tactics, and the economic incentives driving attacker operations. The analysis highlights high impact trends across industries and regions and details the techniques emerging in 2025. The focus is on identifying how ransomware threats are changing and which patterns matter most for preparation and defense.

Andrew is the CEO of Shared Assessments, a global risk membership organization that supports hundreds of companies, risk programs, and thousands of their associated third-party, compliance, cyber, and other risk professionals. As a risk practitioner and executive with more than 25 years in risk management, Andrew promotes the creation of cultures of accountability for organizations and their third parties. Prior to joining Shared Assessments in 2022, Andrew served as Senior Vice President, Vendor Risk Management and Corporate Insurance at Blackstone for four years, where he led a team of risk professionals responsible for supporting all business teams through all phases of the vendor lifecycle. Prior to Blackstone, he worked at BlackRock from 2010-18, where he first joined and then eventually led the firm’s Vendor Risk Management team. He also worked at Citigroup nine years, finishing as a Senior Vice President and Business Information Security Officer in Global Fixed Income, leading onsite third-party risk assessments across the United States, Europe, and Asia.

Based in the UK, working with companies and individuals globally, Sean leads the International Sales Team for Shared Assessments. A natural partnership and relationship builder, Sean has a strong background in Data Privacy, Business Development....and Rugby!

Andrew Stimpson is a Sales Manager based in Atlanta, GA, with a passion for building relationships and helping organizations strengthen their third-party risk management (TPRM) programs. Known for his energy and enthusiasm, Andrew loves talking all things sales and TPRM—and when he’s not closing deals, you’ll probably find him courtside or shooting hoops.

Corinne is a successful builder of strategic opportunities and a cultivator of partnerships for Shared Assessments. With a natural understanding of the intricacies of systems and how they work, Corinne is a natural and adroit SIG user! Based in Minnesota, Corinne consistently wins the coldest working location and best soup recipe contests at Shared Assessments.

Based in the UK, working with companies and individuals globally, Sean leads the International Sales Team for Shared Assessments. A natural partnership and relationship builder, Sean has a strong background in Data Privacy, Business Development....and Rugby!

Sheria joins us from First Electronic Bank, where she was the Third-Party Risk Management AVP, with prior experience at Transamerica and Black Knight Financial Services. At Shared Assessments, Sheria gathers member feedback to help modernize our products and acts as a liaison between members and the Products team. An Albuquerque, NM native, Sheria enjoys cooking green chili chicken enchiladas and loves spending time with her family.

Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.

Andrew Stimpson is a Sales Manager based in Atlanta, GA, with a passion for building relationships and helping organizations strengthen their third-party risk management (TPRM) programs. Known for his energy and enthusiasm, Andrew loves talking all things sales and TPRM—and when he’s not closing deals, you’ll probably find him courtside or shooting hoops.

Corinne is a successful builder of strategic opportunities and a cultivator of partnerships for Shared Assessments. With a natural understanding of the intricacies of systems and how they work, Corinne is a natural and adroit SIG user! Based in Minnesota, Corinne consistently wins the coldest working location and best soup recipe contests at Shared Assessments.

Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.

Nasser Fattah is a senior leader and practitioner with more than 25 years of experience spanning third-party risk management, cybersecurity, and IT risk and assurance. Throughout his career, he has helped organizations design and mature resilient, enterprise-wide risk management programs by applying industry best practices, leveraging GRC frameworks, and breaking down organizational silos.

Nasser specializes in aligning third-party risk and cybersecurity programs with core business objectives—supporting growth, meeting regulatory and supervisory expectations, and enabling technology modernization. His work focuses on building programs that are both effective and pragmatic, balancing risk reduction with business enablement.

A long-time contributor to the Shared Assessments community, Nasser has been actively involved in advancing third-party risk management practices through instruction, collaboration, and knowledge sharing. As a CTPRA instructor, he brings deep technical expertise and real-world experience to help practitioners translate standards and regulations into actionable, sustainable programs.

In addition to his work with Shared Assessments, Nasser serves as an adjunct professor of cybersecurity at multiple institutions and is committed to ongoing professional education and practitioner development.