Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the roomToday, I’m joined by Rachel Curran, co-founder and CEO of Locktivity—a third-party risk management platform. She’s also the former Director of Risk and Compliance and Head of Infosec at Logik Systems.With over a decade of experience leading security and GRC initiatives, Rachel has built SOC 2 and security programs from the ground up, helping companies achieve security maturity. She’s also a frequent speaker at security conferences about this topic. Beyond her work in cybersecurity, Rachel co-hosts @shedoestech, a show dedicated to promoting women in tech and highlighting their career journeys.In this episode, we dive into whether we’re truly managing third-party risks or simply turning a blind eye to key issues. We also explore whether we should force vendors to disclose their vulnerabilities, how to continuously evaluate dependencies on third parties, why adopting an assumed breach posture helps frame due diligence, and why education about third-party risks should be integrated into security awareness programs.