Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Breaking Down the Data: How Secure Are You and Your Supply Chain?

  • Wednesday, November 15, 2017 at 10:30 AM EST (2017-11-15 15:30:00 UTC)
  • Stephen Boyer, Jay Jacobs, G. Mark Hardy


  • Bitsight

You can now attend the webcast using your mobile device!



An increasing number of data breaches begin with the compromise of a key vendor or business partner. This was evident with the spread of NotPetya ransomware this past June, which first emerged when the software update process of an accounting software provider in Ukraine was hijacked. This highlighted to the world the importance of updating systems within corporate networks to prevent susceptibility to breach.

With digital services being increasingly outsourced, reducing cyber risk posed from vendors and suppliers is more important than ever; it's critical that businesses develop and embrace a strong vendor risk management program.

Join BitSight CTO Stephen Boyer and Senior Data Scientist Jay Jacobs as they analyze BitSight's findings on the prevalence of outdated systems and their correlation to breach, as well as common security issues found within the supply chain of the Financial Services industry. In this webinar, viewers will learn about:

  1. The risk of running outdated systems on your own network or a third party network and their correlation to system compromise and data breach.
  2. The security performance of over 5,000 Legal, Technology, and Business Services companies monitored by nearly 200 Financial Services firms on the BitSight Security Rating platform.
  3. Best practices for managing third party cyber risk and analyzing weak links in your supply chain.


Speaker Bios

Stephen Boyer

Stephen cofounded BitSight in 2011 and serves as the Chief Technology Officer. Prior to founding BitSight, Stephen was President and Co-Founder of Saperix, a company that was acquired by FireMon in 2011.

While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. Before MIT, he worked at Caldera Systems, an early Linux startup.

Stephen holds a Bachelor degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.

Jay Jacobs

Jay Jacobs is Senior Data Scientist at BitSight. He has over 15 years of experience within IT and information security with a focus on cryptography, risk, and data analysis. Previously, he was a Data Scientist at Verizon and a co-author on their annual Data Breach Investigation Report.

Jay is also the co-author of "Data-Driven Security" a book covering data analysis and visualizations for information security, and a co-founder of the Society of Information Risk Analysts.

He holds a bachelor's degree in technology and management from Concordia University in Saint Paul, Minnesota, and a graduate certificate in Applied Statistics from Penn State.

G. Mark Hardy

G. Mark Hardy, SANS analyst and certified instructor, is an internationally recognized expert in information security planning and policy development, management of security assessment and penetration teams, data encryption and authentication, software development and strategic planning for e-commerce. He has spoken at more than 250 events worldwide and has served government, military and commercial clients for more than 30 years. Founder of National Security Corporation and CardKill, Inc., G. Mark is a retired U.S. Navy Captain whose credentials include bachelor's degrees in computer science and mathematics, master's degrees in business administration and strategic studies, and the GSLC, CISSP, CISM and CISA certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.