Third Party

Third Party

If you manage third-party cyber risk, you’ve seen it all: meaningless scorecards, black-box tools, and endless frameworks that never quite connect to business impact. Third-Party is the podcast built for the people behind the dashboards. The ones managing 5,000 vendors with a team of three. Hosted by Jeffrey Wheatman, Ferhat Dikbiyik, and Bob Maley, this show unpacks what actually works (and what doesn’t) in TPRM. No fear tactics. No buzzwords. Just unfiltered conversations, sharp insights, and the occasional roast of a really bad SIG questionnaire.

Episodes

  1. 1 DAY AGO

    The Biggest Lie in Cybersecurity

    Who owns cyber risk in third-party relationships? In this episode of Third Party, we tackle one of the most urgent questions facing security leaders today: who is actually accountable for third-party risk when something goes wrong? If you’re a CISO, risk leader, or executive trying to avoid blame, regulatory fallout, or career-ending mistakes, this conversation delivers clarity you can act on immediately. Hosted by Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik, this episode breaks down the real difference between ownership, responsibility, and accountability in third-party cyber risk. The hosts unpack why CISOs are often blamed for risks they don’t own, how boards and executives should be involved, and why documenting risk decisions matters more than ever as regulators and courts increase scrutiny. This discussion explains how misaligned risk ownership leads to firings, fines, and failures—and how to prevent that inside your organization. What you’ll learn in this episode: How to define ownership vs. accountability in third-party cyber riskWhy CISOs should inform risk, not silently absorb itWho actually owns financial risk when vendors failHow to document risk acceptance so it doesn’t come back on youWhy regulators and boards are forcing clearer risk decisionsHow to communicate third-party risk in business and financial termsDon’t risk being the one blamed when a third party breaches your ecosystem. Learn how to clearly assign ownership, document accountability, and protect both your organization and your career—before the next incident forces the issue.

    40 min

  2. 14 JAN

    The Truth About AI in Risk Management

    AI risk models are changing how organizations assess vendors, quantify cyber risk, and make high-stakes decisions, but most leaders don’t truly understand what’s happening under the hood. In this episode, AI risk models are stripped down and stress-tested to reveal where automation adds clarity, where it creates blind spots, and why overconfidence in models can quietly increase risk. If you’ve ever struggled to explain or defend an AI-driven decision, this conversation delivers the context you’ve been missing. Hosted by Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik, this episode of Third Party explores why all models are inherently flawed, how AI amplifies both insight and uncertainty, and why human judgment still matters in third-party risk management. The hosts unpack real-world examples from vendor scoring, cyber risk quantification, and executive decision-making to show why explainability, defensibility, and adaptability matter more than perfect accuracy. Don’t risk trusting models you can’t justify. Learn how to use AI without surrendering accountability before the wrong decision gets made for you.

    43 min

  3. 31/12/2025

    Why 2026 Might Be the Hardest Cyber Year Yet

    The 2026 cybersecurity predictions are here, and they’re more urgent than anyone expected. In this episode, hosts Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik break down what’s coming in the next 12 months, why AI risk is accelerating faster than anyone projected, and how security leaders can stay ahead instead of getting blindsided. If you want clarity (not hype) this conversation delivers real insight into the future of cyber, AI, and third-party risk. From AI vendors collapsing, to entry-level security roles disappearing, to third-party breaches overtaking direct attacks, the trio unpacks the shifts already shaping 2026. You’ll hear exactly what CISOs, boards, and security teams must rethink, and why the old playbook won’t survive what’s coming next. In this episode, you’ll learn: The biggest 2026 cybersecurity predictions and why experts expect things to get worse before they get better How AI risk is accelerating beyond traditional time horizons Why 50% of AI vendors may shut down in 2026, and what that means for your organization The real reason third-party breaches will outnumber direct attacks Where automation is being used incorrectly, and where it should be deployed Why boards still aren’t asking the right questions (and the questions they must ask in 2026) How AI is reshaping cybersecurity roles—from entry-level to the C-suite 2026 won’t reward teams who wait. Don’t risk falling behind. Learn what’s coming and how to prepare today.

    52 min

  4. 17/12/2025

    This Is Why Third-Party Risk Never Ends

    Third-party risk management is broken, and this episode of Third Party shows you exactly why. Discover the five biggest mistakes companies make when managing vendors and compliance programs, and learn how to fix them before they cost you trust, money, and reputation. If you work in cybersecurity, compliance, or risk, this episode gives you the roadmap to move from “checkbox” protection to real security that lasts. In this episode, Jeffrey Wheatman, Ferhat Dikbiyik, and Bob Maley break down: Why annual assessments fail the moment they’re finishedHow dashboards and “pretty charts” create dangerous blind spotsThe truth about compliance vs. real securityWhat “set it and forget it” gets wrong about cyber riskHow culture—not tools—decides whether your organization stays secureWhether you’re leading a TPRM team, building a compliance framework, or managing vendor relationships, this episode gives you actionable insight and real-world fixes from experts who’ve seen it all. Don’t risk another blind spot. Learn how to transform compliance checklists into true security confidence—before your next breach does it for you.

    51 min

  5. 03/12/2025

    How to Beat Ransomware Fatigue

    Ransomware fatigue is real, and it’s putting organizations at risk. In this episode of Third Party, hosts Bob Maley, Ferhat Dikbiyik, and Jeffrey Wheatman unpack why ransomware fatigue has become as dangerous as ransomware itself. They break down how constant headlines and endless alerts are numbing CISOs and executives, and why ignoring this “background noise” could open the door to your next major breach. From the psychology of cybercrime to the economics that keep ransomware alive, the hosts explore how attackers have evolved, why small and mid-sized businesses are increasingly targeted, and what real risk management looks like beyond compliance. You’ll learn how fatigue happens, how to fight it with automation and process, and how to strengthen both your internal culture and your third-party ecosystem.

    50 min

  6. 12/11/2025

    The Dark Side of Cyber Report Cards

    Too often, businesses rely on simple grades or one-page summaries without the context needed to make informed decisions. In this episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik explore the dark side of cybersecurity report cards and vendor risk scores. The hosts break down why these scores can mislead, how conflicting results create confusion, and why transparency and context are critical for managing third party risk effectively.  They share stories from their own experiences, discuss the dangers of oversimplifying complex risks, and outline how organizations can move from blame and black-box scoring to measurable, transparent practices that drive real resilience.

    46 min

  7. 29/10/2025

    AI’s Seismic Impact on Cybersecurity

    In today’s episode of Third Party, Jeffrey Wheatman, Bob Maley, and Ferhat Dikbiyik dive into how artificial intelligence is reshaping third party risk management.  From generative AI tools to shadow AI, they explore both the opportunities and dangers of adopting AI across vendor ecosystems. The hosts discuss automation, governance councils, AI-driven vulnerabilities, and whether risk teams can truly scale with these new technologies.  Listeners will gain insight into how CISOs, cyber risk managers, and security professionals can leverage AI as a partner rather than a replacement, while also preparing for the new attack surfaces it introduces. If you’re interested in third party cyber risk, AI governance, or the future of vendor security, this conversation will help you understand where things are headed and what to watch out for.

    44 min

  8. 15/10/2025

    Cybersecurity Metrics Boards Actually Care About

    Cybersecurity metrics are one of the biggest challenges when reporting to executives and the board. In this episode of Third Party, Jeffrey Wheatman, Bob Maley and Ferhat Dikbiyik break down the cybersecurity metrics your board actually cares about. Not vanity numbers, not meaningless dashboards, but the ones that drive real business decisions. If you’ve ever struggled to get your board to engage with your risk reports, this conversation will show you exactly how to bridge the gap. Whether you’re building your next board report, preparing for a budget conversation, or trying to get leadership buy-in, this episode gives you the exact strategies to make cybersecurity a business priority.

    42 min

  9. 01/10/2025

    You’ve Been Lied to About Cyber Risk Scores

    If you manage third-party cyber risk, you already know the pain of black-box scores and endless frameworks that miss the point. In this episode, hosts Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik expose the problem nobody talks about: lack of transparency. From regulatory pressure to boardroom confusion, they break down why today’s vendor risk assessments fail to deliver clarity and what to do about it.

    35 min
  10. The Untold Story of Third Party Risk

    17/09/2025

    The Untold Story of Third Party Risk

    Third Party is on a mission to pull risk out of the shadows and strip away the jargon, noise, and black-box tools that leave leaders guessing. It’s about clarity, not fear.Hosted by Bob Maley, Jeffrey Wheatman, and Ferhat Dikbiyik, this show blends decades of expertise with curiosity and candid conversation to reframe third party risk in plain English.Whether you’re a CISO, risk manager, or simply someone tasked with owning risks you can’t even see, this show helps you cut through the theater, see what really matters, and make decisions with confidence.

    1 min

Trailer

About

If you manage third-party cyber risk, you’ve seen it all: meaningless scorecards, black-box tools, and endless frameworks that never quite connect to business impact. Third-Party is the podcast built for the people behind the dashboards. The ones managing 5,000 vendors with a team of three. Hosted by Jeffrey Wheatman, Ferhat Dikbiyik, and Bob Maley, this show unpacks what actually works (and what doesn’t) in TPRM. No fear tactics. No buzzwords. Just unfiltered conversations, sharp insights, and the occasional roast of a really bad SIG questionnaire.

Information

  • Creator
    Third Party
  • Years Active
    2025 - 2026
  • Episodes
    10
  • Rating
    Clean
  • Copyright
    © Third Party
  • Show Website
    Third Party