Third Party Therapy

Great conversation with Nathan Hopkins from The ESCROW Company discussing the evolution of ESCROW, how it brings resilience to SaaS solutions and what happens when you invoke it

Will Cooke, senior consultant recruiting TPRM and procurement talent with a sports psychology angle, and Jack Birch, head of interim management placing risk and interim procurement pros. They unpack why TPRM roles are in short supply, spikes driven by regulation, hiring junior or sideways talent, procurement-to-TPRM pathways, and where demand is growing beyond financial services.

Charlie Jones, Director of Product Management at Reversing Labs with a background in supply chain security, talks about static binary analysis as a fresh way to assess software. He covers why commercial software evades classic controls, how to get and test binaries pre‑purchase, limitations of SBOMs, and the regulatory pressures reshaping software supply chain practices.

Stephen Boyer, co‑founder and Chief Innovation Officer at BitSight, draws on MIT cyber research to quantify and manage cyber risk. He discusses rising nation‑state sophistication, conflict-driven wiper attacks and ransomware economics. Conversation covers cloud concentration versus third‑party interdependence, continuous data-driven monitoring, automating responses, and practical steps for scaling supply-chain oversight.

Ian Ellis | The Emerging Tech companies view of TPRMEpisode Summary: What does your Third-Party Risk Management (TPRM) process look like from the other side of the table? In this episode of Third Party Therapy, Mike Day is joined by Ian Ellis, an innovation expert who has spent years working with Microsoft for Startups and various tech accelerators.Ian shares the "bruising" reality of how emerging tech companies experience corporate due diligence. They discuss why a "one-size-fits-all" questionnaire can paralyze a 5-person dev team and how organizations can adapt their risk appetite to foster innovation without compromising security.🕒 Timestamps 00:00 – Introduction: The challenge of assessing small, high-impact suppliers 04:20 – Ian’s Journey: From corporate innovation to the startup trenches 11:50 – The "Startup View": How a 100-question spreadsheet feels to a founder 19:15 – The Resource Gap: Why startups don't have "Compliance Departments" 27:40 – Litmus Test: Does your process actually measure risk or just persistence? 35:10 – Right-Sizing Risk: How to scale assessments for emerging tech 44:30 – The Human Element: Building respect and transparency into the onboarding flow 52:15 – Closing thoughts: Moving toward a more inclusive TPRM ecosystem💡 Key TakeawaysThe "Bruising" Effect: Understand the operational impact that heavy-handed corporate processes have on small, agile companies.Proportionality is Key: Why asking a 5-person startup for the same evidence as a global conglomerate is a barrier to entry for innovation.Contextual Due Diligence: Learn how to look past the "missing" controls to understand the actual risk profile of a niche technology provider.The Reputation Risk: How your onboarding process defines your company's reputation in the tech community—are you a partner or a hurdle?🔗 Connect & ResourcesOfficial Website: thirdpartytherapy.comJoin the Community: Sign up for our mailing list to receive our guide on "Right-Sizing TPRM for Startups."Guest Info: Connect with Ian Ellis and learn more about his work with emerging tech EnterpriseTech.London: Posts | LinkedInSearch & SEO Keywords: #TPRM #Startups #EmergingTech #Innovation #RiskManagement #ThirdPartyRisk #Procurement #FinTech #BusinessAgility #ThirdPartyTherapy #Podcast

A great conversation with an ex-colleague of mine from Zurich Insurance. Gemma Stewart has been designing and evolving their approach to concentration risk for a number of years and she joins me on the podcast to share that experience on what to do and what not to do...

Aki Eldar, entrepreneur and founder of Mirato with deep cybersecurity and data-protection roots, explains applying AI to tame TPRM data overload. He describes AI reading and validating vendor evidence, automating tedious analysis, managing shadow AI risks, and why start with a small MVP. Short, practical takes on making risk teams faster without losing human judgment.

Episode Summary: Modern slavery isn’t just about chains and locks—it’s a hidden, systemic crisis embedded in global supply chains. In this episode of Third Party Therapy, host Mike Day sits down with Shayne Tyler from TylerBladon Practical Ethics, a supply chain expert with 20+ years of experience in worker exploitation. Shayne reveals why traditional audits often fail, how to spot the subtle signs of exploitation, and why TPRM professionals are uniquely positioned to save lives by looking beyond the paperwork.🕒 Timestamps 00:00 – Intro: Why Modern Slavery is a TPRM priority04:15 – Shayne’s story: From the food industry to the front lines 11:30 – The "Invisible" Victim: Defining modern slavery today 19:45 – Why your current audit process might be missing the truth 28:10 – The tiers of risk: Going deeper than your primary suppliers 36:50 – Practical advice for risk managers: Trusting your gut 45:20 – The human cost of the "race to the bottom" on price 52:00 – Final thoughts and where to start💡 Key TakeawaysBeyond Compliance: Moving from the "UK Modern Slavery Act" checklist to active, ethical risk management.The Audit Trap: Why pre-announced audits allow exploiters to coach victims and hide evidence.The Power of Curiosity: Why asking "How is this price possible?" is your best defence against slavery in your supply chain.Operational Reality: Understanding that exploitation often hides in the recruitment and labor agencies used by your suppliers.🔗 Connect & ResourcesOfficial Website: thirdpartytherapy.comJoin the Community: Sign up for our mailing list to receive episode deep-dives and TPRM resources.Guest Info: Connect with Shayne Tyler [Insert LinkedIn/Website Link].Search & SEO Keywords: #ModernSlavery #TPRM #SupplyChainEthics #RiskManagement #HumanRights #ThirdPartyRisk #ESG #Sustainability #ThirdPartyTherapy

Third Party Therapy - Series 1, Episode 1Paul Huggett: What Does Community Due Diligence Deliver?In this debut episode of Third Party Therapy, host Mike Day sits down with Paul Huggett, Managing Director at Hellios and former TPRM lead at major financial institutions like Nationwide and Lloyds Banking Group.Here is the optimized, "copy-paste" set of show notes for Episode 1: Paul Huggett, designed to perform across Spotify, Apple Podcasts, and YouTube.Show Notes: Paul Huggett | What Does Community Due Diligence Deliver?Episode Summary: TPRM has moved from a "check-the-box" exercise to a high-stakes regulatory requirement. In this debut episode of Third Party Therapy, Mike Day is joined by Paul Huggett, Managing Director at Hellios and former TPRM lead at Nationwide and Lloyds. Paul shares his journey from "poacher to gamekeeper" and explains how the Community Due Diligence model is solving the industry's biggest headache: the "many-to-many" web of repetitive supplier questionnaires.🕒 Timestamps (Clickable on YouTube)00:00 – Introduction: The evolution of TPRM since the 90s 05:20 – Paul’s Journey: From Practitioner to Managing Director 12:45 – The "Many-to-Many" Problem: Why the current model is broken 18:10 – What is Community Due Diligence? (The "Collect Once, Share Many" model) 26:30 – Big Banks vs. Small Firms: How different sized companies benefit 34:15 – Crisis Management: Using community data during the Russia-Ukraine conflict 42:50 – The Future of Tech: Why AI is the "new cloud" 51:10 – The Golden Rule: Why technology won't solve a data problem 55:30 – Closing thoughts and how to get started💡 Key TakeawaysThe Efficiency Win: In a community model, suppliers provide data once to a central "pool," which is then accessed by dozens of buying firms, saving thousands of hours in administrative work.Speed of Response: Learn how community models allowed firms to map their entire supply chain exposure to global conflicts in minutes rather than weeks.Avoid the "Shiny System" Trap: Paul warns against buying expensive workflow tools before you have a solid data strategy—don't just buy a "shinier problem" to grapple with.ESG & Pooled Audits: The next frontier is moving beyond data collection into virtual site visits and shared environmental, social, and governance assessments.🔗 Connect & ResourcesOfficial Website: thirdpartytherapy.comJoin the Community: Sign up for our mailing list for TPRM deep-dives.Guest Info: Learn more about Helios and Paul Huggett at [Insert Link].Search & SEO (Optimized for YouTube)Keywords: #TPRM #ThirdPartyRiskManagement #CommunityDueDiligence #SupplyChainRisk #Helios #FSQS #RiskManagement #FinancialServices #ThirdPartyTherapy #RegulatoryCompliance

Introduction to the Third Party Therapy podcast - an independent bi-weekly podcast bringing insights and ideas from different industries to the TPRM community.Why not visit www.thirdpartytherapy.com to sign up for more information