The fastest way to get CISSP Certified. Join our bootcamp
How many vendors does your organization work with?
Now, how many vendors do those vendors work with?
Most security teams can answer the first question. Almost none can answer the second.
June 2025. UBS found out the hard way when 130,000 employee records appeared on the dark web. Names, emails, phone numbers, job titles, office locations. Even CEO Sergio Ermotti's direct phone number.
UBS didn't get hacked. A company called Chain IQ did, a procurement services vendor that handled things like supply chain due diligence and credit card administration. The kind of vendor you'd classify as low-risk.
The ransomware group stole 910GB of data across 19 companies. When ransom demands weren't met, everything went public. UBS, Pictet, Swiss Life, Axa, FedEx, IBM, Swisscom; all compromised through one vendor most of them had never flagged as critical.
The gap isn't in your security controls. It's in your visibility.
You know your direct vendors. You've assessed them. You have contracts that specify security requirements. You might even conduct annual reviews.
But Chain IQ wasn't managing UBS's core banking systems. They handled procurement. And somewhere in that procurement process, they accumulated access to 130,000 employee records without anyone realizing the risk exposure.
According to SecurityScorecard, 96% of Europe's largest financial institutions were hit by third-party breaches in the past two years. Up from 78% just two years earlier.
Your vendor assessments aren't keeping pace with how vendor relationships actually work.
CRISC teaches you to manage risk you can't directly control.
How do you map vendor relationships across your organization when different departments contract with different providers? How do you identify which vendors have access to what data when that access evolves over time? How do you assess fourth-party risks when you can't audit every vendor's vendor?
CRISC covers risk identification for complex ecosystems, assessment methodologies that work beyond compliance checkboxes, controls that extend through your supply chain, and monitoring frameworks that catch changes in vendor security posture before they become breaches.
Our CRISC bootcamp runs February 23-26, 2026. Kelly Handerhan is teaching; she holds her CRISC, she's a Top 100 Trainer, and she's trained thousands of security professionals on vendor risk management that actually works.
This is our first public CRISC bootcamp, and we're offering $200 off as a launch discount.
Stay secure,
The DestCert Team
The Fastest Path to Risk Management Certification (CRISC)
Master Enterprise Risk Management and Lead Risk Initiatives in Your Organization. We’ve designed this bootcamp for cybersecurity professionals ready to move into risk management leadership.
The Easiest Way to Pass Your Advanced in AI Security Management (AAISM) Exam
Master AI Security Leadership. We’ve designed this bootcamp for cybersecurity professionals ready to take their expertise into the AI era. You’ll master practical frameworks for securing real-world AI systems and earn the certification that proves you’re ahead of the curve.
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.