Ask Once, Use Many: Optimizing Third-Party Risk Management Decisions with Risk Exchanges

David Stapleton is an experienced Chief Information Security Officer (CISO) with a long history of working in both public and private sector cybersecurity programs. He has built and lead security risk & compliance teams for the Food and Drug Administration (FDA) and Indian Health Service (IHS) and contributed to the design and implementation of the Federal Risk and Authorization Management Program (FedRAMP). He is passionate about enabling business through thoughtful, balanced, and effective cyber leadership. David is currently the CISO at ProcessUnity, the global leader in third party risk management solutions.

I have over 17 years of experience in multiple areas of cyber security. These areas include computer forensics, incident response, penetration testing, physical security assessments and vendor assessments. I am a licensed private investigator and executive protection specialist, conducting traditional investigations melded with cyber security as well as providing protective services to clients. These two modalities augment my cyber security experience because they utilize real-world scenarios, which translate well when securing all aspects of a corporate environment. I have worked for fortune 100 companies in executive positions and currently I am the VP of Security for Momnt. I have completed many individual consulting jobs, from penetration testing to full gap assessments. Part of my volunteering consisted of providing computer forensic help to a local police department, as well as executive protection to local clergy. I was also the Executive Director of RECON, an all-volunteer organization that assisted local law enforcement with searching for missing and abducted children. I believes that security and business success can go hand in hand, and I have worked hard in every organization to provide security, yet help the business be successful.

Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Alliance. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.