Third Party Therapy - Layla White - Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers
Third Party Therapy
Onboarding startups and speeding POCs
Layla recounts pain points onboarding startups and how TechPassport accelerates NDAs, trials and enterprise readiness checks.
Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers – with Layla White (TechPassport)
Episode overview
Season 2 opens with a practical deep dive into one of the hardest problems in modern third-party risk management: understanding what sits beyond your immediate suppliers. Mike is joined by Layla White, founder of TechPassport, to unpack why fourth- and fifth-party dependencies remain opaque, how early-stage suppliers change the risk profile, and why traditional questionnaires and web-scraping approaches struggle to keep up with today’s supply chains.
The conversation blends lived experience from financial services procurement and vendor management with a grounded look at how supply chain mapping actually works in the wild, where outages, cloud concentration, geopolitics, and cyber incidents collide.
What you’ll hear in this episode
- Why fourth- and fifth-party risk is still a blind spot for many organisations
- The limits of questionnaires and AI/web-scraped data for mapping supply chains
- How to identify critical dependencies deeper in the supply chain
- The problem of hidden concentration risk (especially with cloud and shared infrastructure)
- Why small suppliers and early-stage tech firms introduce different resilience risks
- The importance of validating supplier-provided data rather than guessing from public sources
- How outages propagate through unseen dependencies
- Why supply chain risk now stretches beyond cyber into resilience, data, ESG, and modern slavery
- Where regulation is pushing firms to understand and evidence extended dependencies
Key takeaways
- Supply chain risk is no longer a third-party problem. The real fragility often sits further down the chain.
- Public signals and scraped data are useful clues, not ground truth. Critical dependencies usually only emerge when suppliers confirm them directly.
- Concentration risk is rarely obvious until something breaks. Mapping dependencies before an incident is the difference between response and surprise.
- Early-stage suppliers need structure and support to meet enterprise expectations, not just scrutiny.
- Effective TPRM is a system of approaches, not a single tool. Questionnaires, live data, mapping, and supplier engagement all have different strengths.
Guest bio
Layla White is the founder of TechPassport, a platform focused on improving how organisations gather and manage supplier information, map extended supply chains, and engage early-stage technology providers. Layla previously worked in financial services procurement and vendor management, where she experienced first-hand the friction, delays, and blind spots that exist in traditional third-party onboarding and supply chain visibility.
Who this episode is for
- Third-Party Risk and Operational Resilience leaders
- Procurement and Vendor Management teams
- Cyber and Cloud risk practitioners
- Risk, Compliance, and Resilience professionals
- Anyone grappling with fourth-party visibility, concentration risk, or supplier onboarding in complex ecosystems
Listen to the episode
🎧 Full episode: https://thirdpartytherapy.com
Tags / themes
TPRM, Fourth-Party Risk, Supply Chain Mapping, Concentration Risk, Operational Resilience, Early-Stage Suppliers, Cloud Dependencies, Cyber Resilience
The AI-powered Podcast Player
