Strategies for Managing Third Party Risks and Securing Partnerships in the Public Sector

State, local, Tribal, and territorial governments have unique challenges when it comes to managing third-party and supply chain risk. A lack of real regulatory requirements, increasing dependence on vendors, and threats capitalizing on third party vulnerabilities to reach “downstream” targets are at an all-time high.

Join us for a panel discussion where our experts will discuss the history of supply chain attacks and methods for managing your own risk. We will cover tools and techniques in vendor management, incident response-readiness, and risk management practices along with ideas to identify risk in key supplies, as well as suppliers.

Topics we will cover:

• The types of vendor relationships that pose the greatest risk to government.
• What a third-party risk management policy and process should encompass.
• Mitigating operational dependency risks and assessing vendor stability.
• Identifying key vendor-provided supplies and services and ensuring redundancy.
• Minimizing risk using appropriate contract language and transferring risk by obtaining the right insurance coverage.

Speaker Bios:

Dan Wordell serves as the Information Security Officer for the City of Spokane, overseeing strategic efforts to protect the city's IT systems and data. With over seven years in this role, he has been instrumental in formalizing security standards and mitigating risks. Dan's prior experience includes managing security at Kochava, where he developed corporate training programs and guided security strategy.

Mike Hamilton is the founder of Critical Insight, providing security services to local governments and other critical sectors. With a career spanning roles such as the CISO for Seattle and Vice-Chair of a DHS government coordinating council, he brings deep expertise in public sector cybersecurity. Mike is also a frequent media commentator and speaker on cybersecurity issues. Mike is also the founder of the PISCES project to support cyber monitoring and education.

Brad Swanson, CISSP is a Deputy CISO and Principal Consultant at Critical Insight, where he offers virtual CISO services and conducts comprehensive security assessments. With a robust background in network security, compliance, and IT management, Brad helps organizations across various industries achieve their unique security goals. He holds multiple certifications, including CISSP, and regularly shares his expertise at industry conferences and webinars.