Skip to content

ANNOUNCEMENT: Get Software Supply Chain Accountability with a Software Bill of Materials (SBOM). Learn More >>

Speak with an Expert


Risky Business: Understanding Enterprise Third-Party Risk Management 

Tuesday, March 28 | 10am ET

Join us to discuss best practices, lessons learned, risk evaluation, and the regulatory environment associated with third-party risk management. 

Discovering, prioritizing, and monitoring cybersecurity risks across an ecosystem of third-party products is a complex undertaking for any business, let alone a large enterprise.

Join us for an in-depth discussion exploring best practices, lessons learned, and the regulatory environment associated with third-party risk management. Speakers will provide insight and tips into overcoming the challenges of defining and implementing a holistic risk management program. Whether your program is non-existent, just getting started, fully mature, or somewhere in between – this discussion will provide valuable perspective into how to increase security, ease the burden of compliance, and achieve your program goals efficiently and effectively.

In this webinar, our experts will be addressing questions such as...

  • Is there anything that the USG (perhaps the Commerce Dept) or non-gov organizations (such as NDIA) can do to make it easier for businesses to manage 3rd party risk?  
  • How is CMMC 2.0 likely to impact your Enterprise Third-Party Risk Management?
  • How do you handle client vulnerabilities that are driven by systems/black boxes you cannot access? Are there more specific strategies than just giving the client all the info you can?
  • I would like to conduct a CTT for my organization. How do I get started?  
  • How do you know what to include in a CTT?
  • With new regulations and directives coming out focused on securing the  supply chain, what is the best way to stay ahead and be proactive, rather than being reactive? 

Jacob Cox
Trideum Corporation, Solutions Architect

Dr. Jacob Cox is a Solutions Architect for Trideum Corporation, focusing on Cybersecurity and Electronic Warfare (EW), and an Adjunct Professor for Augusta University’s School of Computer and Cyber Sciences. Jacob also served in the U.S. Army for 22 years. During that time, he served as an Armament and Electrical Systems Repairer for the Apache Helicopter, a Signal Officer, a Company Commander, a Telecommunications Engineer, a United States Military Academy Assistant Professor, and a Cyberspace Operations Officer. His most recent assignment was as the Chief of Enterprise Operations at the Southwest Asia Cyber Center, Kuwait. Jacob’s roles following the Army include research scientist for an artificial intelligence research company and lead data scientist for Army Capability Manager – Cyber.

Jacob holds a B.S. in electrical engineering from Clemson University and an M.S. and Ph.D. in electrical and computer engineering from Duke University and the Georgia Institute of Technology. His certifications include CISSP, PMP, C|EH, C|HFI.


Andrea Schaumann
Fortress Information Security, Director of Federal Programs & Partnerships

Andrea is skilled in strategy development, cross-functional team leadership, evaluating operative accomplishments, and training. She has a background in working with federal programs as well as cybersecurity inspections and compliance. As an experienced business intelligence analyst, she has a demonstrated history of process improvement and performance to drive revenue and achieve program and operational goals. Andrea is a CMMC-AB Registered Practitioner (RP) and holds a Master of Business Administration (M.B.A.) focused in Management and Leadership.


Joe Hughes
Fortress Information Security, Vice President of Supply Chain Risk Management

As Vice President of Supply Chain Risk Management, Hughes is responsible for the execution of the vendor supply chain assessments for clients.

Prior to his current position, Hughes served as the Senior Manager – Risk & Compliance and leader of the 3rd Party Security program at General Electric, one of the largest global manufacturing suppliers in the energy, aviation, and healthcare industries. The program at General Electric focused on the identification and management of supply chain risk these critical industries. Prior to his work at General Electric, Hughes spent 10 years at Deloitte, evaluating cyber security and supply chain risks for the Department of Defense, Department of Education, Department of Transportation, and the Social Security Administration.

Hughes holds of Bachelor of Science in Accounting Information Systems and a Master of Information Systems from Virginia Tech.