Atul Vashistha:
So, Vince, let’s move to the final piece of our discussion. And really, so whenever I’m talking to particular professionals that are starting out at risk or early in their profession, what resources, Vince, do you rely on? You talked about one of them, which is TPRA. What resources do you rely on to be a better leader?
There is a very defined body of knowledge, for instance, from ISACA on how to be a technology auditor. There really isn’t a lot of very cutting-edge, leading-edge type of information on third-party risk management out there. And learning from those who have done this has been the number one way that I have developed.
Vincent J. Scales:
Well, as the song goes, I get by with a little help from my friends. Industry partners, peers, and as you noted, groups like TPRA, and now risk board, they’ve really been invaluable in my development as a risk professional. I alluded to this earlier in our talk, but there are disciplines of risk management you can absolutely learn at school. You can go to school, you can get textbooks on how to be an auditor. There is a very defined body of knowledge, for instance, from ISACA on how to be a technology auditor. There really isn’t a lot of very cutting-edge, leading-edge type of information on third-party risk management out there. And learning from those who have done this has been the number one way that I have developed. I think about people in the industry, if you look on LinkedIn, there are a number of different folks in the industry who have blogs and publish articles.
Atul, on your LinkedIn, you’re always putting out very timely information on there that I’ve benefited from. But I probably would not be able to keep my skillset honed and relevant in these extremely, I would say, volatile times from a perspective of the risk landscape. Obviously, people want to say uncertain times, which I don’t even know what that means anymore. It’s like there are no more certain times ever. But when you think about how quickly the threat and risk landscape, the regulatory landscape has been changing, no one person is going to be able to stay on top of all this. So that’s my plug for the Third-Party Risk Association. I’m doing it right at the end. If you are a risk leader, you should definitely join because it’s the number one community now, I think, in terms of active engagement where people who are doing what I do, what hopefully y’all listening do, that’s where we congregate. That’s where the body of knowledge is being created now. And by being part of that, you’re at the forefront of the industry. You’re hearing these new ideas as they come up.
Atul Vashistha:
I would rewrite that song just a little bit, Vince, which is getting by with a little help from my network.
Focus on the intersectionality between soft skills, like negotiation, coalition building, and effective communication, and more technical skills.
Vincent J. Scales:
You know what? You’re not wrong. People are… My mother in the late ’80s talked about the importance of her network and of building a network, I don’t think that… This is something that ISACA really harps on. I don’t think that you can be a successful risk leader if you are not an effective networker. There are just too many, I would say, too many opposing thoughts within an enterprise to risk management. In order to really gain buy-in, to be successful with risk management initiatives, you have to be able to network. You have to be able to establish commonality with folks. There’s a guy on LinkedIn, I believe his name is Robert Wood, who is the CISO for, I believe, the Centers for Medicaid Services.
Robert, if you listen to this and I misquoted you there, sorry. But he has a podcast called The Soft Side of Cyber, and I think it’s awesome. It really does focus on the intersectionality between soft skills, like negotiation, coalition building, and effective communication, and more technical skills. I’ve seen, Atul, many risk management leaders who have come from technical backgrounds or technical disciplines. And while they understand the technical aspects of the business and the procedural aspects, they couldn’t soft skill their way out of a wet paper bag. They couldn’t sell ice to an Eskimo or whatever you want to say.
I’ve seen those people struggle because they approach risk management like a quantitative discipline where if risk vector X is above a certain level, this is what we do. And that’s obviously a sound approach and one that I execute on. But it’s unlikely to be successful in most enterprises unless you can wield the hammer of whether this is a regulation or a law. And that’s not often the case. Sometimes it’s a best practice, it’s understanding risk at a very holistic level, and it’s being able to see down the road and see this event here presaging this potential impact. As I know you and I have talked about before, you could have seen the SolarWinds thing if you were reading the tea leaves correctly. Imagine being able to do those multiple times a year. That’s how companies stay protected from risk.
Atul Vashistha:
Yeah. So, we’ll end this session, Vince, by singing along together, we get by with a little help from our network.
Vincent J. Scales:
Just a little help from our network.
Atul Vashistha:
That’s right. Vince, thank you so much. I really enjoyed this conversation, and I know the audience will. I really admire you for not only giving back to the industry, but the open mind that you have about constantly learning, and constantly being better. And I know, I’m sure your team is also lucky to have your leadership like we are at the TPRA. Thank you, Vince.
Vincent J. Scales:
No, thank you, Atul. It’s been a pleasure being on. And again, I’ll close by also reciprocating that. Thank you. Products like Supply Wisdom and they’ve really changed the game. Having full spectrum risk intelligence available in a way that is quantified in domains that align with our own risk model, it’s really pushing our ability forward to help inform the business and to make timely decisions. We used to have to, like I said earlier, rely on Google alerts and have people just scrubbing the net for information about our suppliers. And Supply Wisdom’s really upped our game and the ability to do more with less and to be more timely in our execution. So thank you, Atul. Thank you for what you do for our industry. I appreciate your support.
Atul Vashistha:
Oh, thank you, Vince. And Vince, I think for the industry, clients like you, teams like yours really help innovative players like us actually get better. So just this is advice to all. If you’ve understood the gist of this discussion, you can see how executives like Vince grow, and somebody like me grows because we learn from our network. We’re constantly thinking, we’re constantly sharing, we’re constantly asking. And even with our service providers, while we expect a lot from them, we’re also helping them be better. So again, hopefully, that’s good advice for all of us. And again, Vince, thank you so much. And I look forward to seeing you if not before, definitely at the TPRA event in Nashville in April.
Vincent J. Scales:
Absolutely. Thirdpartyriskroundup.org. If you haven’t signed up, be there or be square. We’d love to have you. That doesn’t go for Atul. Atul’s definitely going to be there. But anybody listening, if it’s interesting to you, we’ll welcome you.
Atul Vashistha:
Thanks, Vince.
Vincent J. Scales:
Thank you, Atul.
