Praise for ZERO TRUST AND THIRD-PARTY RISK What I appreciate the most about this book is Greg's description of zero trust as a strategy (not a technology) and a journey that organizations must continually work towards. This book is a must read for anyone wanting to further enhance their Third Party Risk Management programs.--Julie Gaiaschi, CISM, CISA, Chief Executive Officer & Co-Founder, Third Party Risk Association Choose your own adventure: Whether it's the Solar Winds attack or the fictional KC Enterprises, Greg's anecdotes are a welcomed ice-bucket challenge to the cybersecurity and third-party risk management communities. This book offers a practical approach to effectively guide both cyber AND business leaders toward the intersection of cyber third-party risk and zero trust, with a goal of increasing security for all.--Clar Rosso, CC, CEO, ISC2, Inc. Rasner's Zero Trust and Third-Party Risk is essential reading for third-party risk analysts and security architects alike. At a strategic level, he raises the reality that zero-trust strategies and architectures are required to minimize vendor breach events and their impacts. At a tactical level, he lays out the zero-trust control requirements that should be foundational requirements for every high-risk vendor engagement.--Kelly White, Founder and former CEO, Risk Recon A breach of your third and fourth parties is mathematically inevitable. This first line of the book is perhaps one of the most important for CISO's and those who work with them to understand and come to grips with. If it's inevitable, the question then becomes, what are you going to do about it? This book is a fantastic bridge between the world of compliance-heavy third party risk management activities and practitioner-focused zero trust frameworks. CISO's should take this book, bring it to their teams, use it as a foundation for building an integrated security model across their organizations.--Robert Wood, CISO, Centers for Medicare & Medicaid Services