Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Trust Your Vendors, Do You?

  • Tue, Mar 3, 2026
  • Duration: 1 Hour
  • English
  • Jan D'Herdt
  • Technical Presentation
Login to register
Webcast Hero

Organizations increasingly depend on vast ecosystems of thirdparty vendors, expanding their operational capacity—but also their attack surface and risk exposure. This talk challenges trustby-default approaches to vendor relationships and makes the case for a modern, thirdparty risk management (TPRM) program. We begin by framing why vendor risk matters, examine realworld breach case studies to illustrate how upstream dependencies and fourthparty links can amplify impact. The session will highlight regulatory drivers—NIS2, DORA, and GDPR—and translates them into practical expectations for supplychain security, continuous oversight, and incident reporting. We analyze limitations of traditional questionnaires (SIG/CAIQ), which are static, selfreported, and often out of date, and propose a continuous TPRM lifecycle: riskbased vendor tiering, due diligence proportional to criticality, automated external posture monitoring, corrective action tracking, and secure offboarding.

Participants will leave with actionable items to embed TPRM into procurement, legal, and IT workflows; strategies to require flowdown security in subcontractor chains; and pragmatic steps to start small, demonstrate value, and scale. Resulting in a repeatable approach that strengthens resilience, improves compliance, and replaces blind trust with verifiable assurance.

This Training is Recommended for a Diverse Range of Individuals, Including:

  • Security Managers
  • Security Leaders
  • Third Party Security Responsibles
  • CISOs

And more…

Learning Objectives

  • Understand and prioritize risk: Explain how third and fourthparty ecosystems expand the attack surface and regulatory exposure (NIS2, DORA, GDPR), and map key dependencies to prioritize vendor risks.
  • Implement a continuous TPRM lifecycle: Apply riskbased tiering, evidencebased due diligence, automated monitoring, correctiveaction tracking, and secure offboarding—embedded in procurement and legal workflows.

This webcast supports content and knowledge from LDR512: Security Leadership Essentials for Managers. To learn more about this course and explore upcoming sessions, Click Here.

Meet Your Speaker

Jan D'Herdt
Jan D'Herdt

Jan D'Herdt

CISO Advisor

Jan D’Herdt is a SANS Certified Instructor teaching LDR512 and SEC566. With experience across Deloitte, IBM, and UCB, he helps organizations implement and transform the CISO organization, and align cybersecurity with governance and business risk.

Read more about Jan D'Herdt