Successful first edition of #RiskbladeConnect: the new meeting point for third-party risk management in cybersecurity
- International experts analyzed today’s challenges in third-party connectivity from a cybersecurity, compliance, and business perspective
- Riskblade presented its innovative third-party management platform to a specialized audience during #RiskbladeConnect
- The event strengthens a community around the digital governance of suppliers and external connections
Madrid successfully hosted the first edition of #RiskbladeConnect | The Third-Party Connection Summit, a pioneering event promoted by A2SECURE that brought together key cybersecurity figures to debate one of today’s major challenges: managing risks associated with third parties. The event combined a high-level roundtable with the solutions offered by RISKBLADE, the platform developed by A2SECURE that enhances visibility and control over organizations’ external connection ecosystems.
Madrid, June 13, 2025 – Following opening remarks by Carlos Morell, CTO of A2SECURE and Partner at RISKBLADE, Serafí Vicent, KAM & Product Owner at A2SECURE, moderated the roundtable of the first edition of #RiskbladeConnect | The Third-Party Connection Summit.The discussion addressed key topics such as continuous third-party assessment, contractual transparency, technological dependency, innovation as a growth lever, and the role of automation and artificial intelligence in threat detection.
The speakers converged on a shared principle: “Cybersecurity strategy must expand its perimeter beyond the organization itself, and trust in third parties must be backed by data and professional, continuous monitoring. It can no longer be based on perception alone.”
Roundtable panelists included:
José Luis Nevado, CEO & Founder of Sipay, who shared his perspective on supplier management in the financial sector and highlighted the challenge of maintaining security standards without slowing innovation.
Nevado stated:
“From a regulatory standpoint, I would distinguish between mandatory regulations and certain recommendations, which are advisable. There is no alternative but to comply with evolving regulation. There is an asymmetry within the European Economic Area, and sometimes you cannot operate without adapting to regulatory requirements, all within a constantly changing environment.”
He added:
“The most important factor in preventing risk is being as informed as possible about everything happening around you, so you can act. Excessive technology or regulation can make it impossible to control everything. Staying up to date is what really matters.”
Ángel Modino, CEO of Lead Auditor Register Center, brought both a regulatory and operational perspective, explaining how third-party audits must evolve in response to frameworks such as DORA and NIS2.
Modino noted:
“Risk in third-party management is everywhere. For me, one of the key contributions of ISO 27001 is that it helps structure organizations. Risk exists because we have physical and personal assets. The ENS includes a very high percentage of ISO 27000 and, beyond risk level, defines requirements. We are tightly constrained by these frameworks.”
He added:
“Risk management must be identified based on stakeholders. It’s not the same dealing with a supplier, a partner, or another stakeholder. It depends on the ecosystem you operate in.”
Isabel María Gómez, Global CISO and independent advisor, shared her experience managing critical suppliers across different organizations. Her involvement in the development of key industry standards was instrumental in enriching the discussion.
Gómez emphasized:
“The key to third-party management is not just data—it’s the people who are part of your supply chain.”
“Real impact depends on the type of regulation and the sector. Any framework that helps structure processes is useful. ISO 27001 includes a specific section on third-party management. Regulation helps organize, but it doesn’t necessarily reflect the true level of cybersecurity maturity.”
On risk management, she added:
“It’s a leap of faith. Like in films where someone tells you ‘walk, there’s a bridge,’ but in your day-to-day work you can’t see it. Still, the bridge is there. You have to learn to operate with uncertainty.”
Víctor Oziel Martínez, CISO at Banregio Mexico, provided an international and Latin American market perspective.
Martínez stated:
“Depending on the asset we want to protect, Mexican banking regulation escalates requirements to the contractual level. We include clauses allowing the National Banking Commission or the government to audit or review a third party.”
He added:
“Risk management must be comprehensive and involve the entire supply chain. It’s not new, but today we approach it differently. It is now part of our service, and every supplier must fall under this risk management framework. That’s complex, and that’s the challenge we’re addressing.”
“For our bank, after people, information is the most important asset. That is our primary alignment and policy. Our focus is on third parties—and beyond them—because they operate over assets that are critical for us.”
The Riskblade solution
The #RiskbladeConnect agenda continued with Carlos Morell, who followed the roundtable by presenting Riskblade’s vision and solutions for addressing third-party risk management challenges.
He opened with a clear statement reflecting today’s cybersecurity landscape:
“Our cybersecurity world keeps expanding, and today an attack can affect us even if it wasn’t directly targeted at us.”
Riskblade enables efficient, agile, and continuous supply chain risk management based on data. It adds a threat intelligence layer, includes a third-party assessment module, and recognizes that third parties can also be internal units. The platform performs perimeter analysis, generates policies aligned with selected controls and regulatory frameworks, and empowers organizations to reduce risk through capability building.
Morell stressed that risk lies not only in the supplier itself, but in how it is managed:
“Amazon may be a very secure provider, but the way I manage it might not be.”
“We are scoring all third parties the same way, when we should individualize them to categorize risk in a coherent and efficient manner.”
How to integrate Riskblade
Riskblade integration is straightforward and enables the automation of third-party management processes that have traditionally been handled manually using unconnected spreadsheets.
Step one: define the framework and requirements, with a high level of customization for external assets (domains, IPs, and an auto-discovery module) and integrations (AWS, Azure, Google, GitHub, M365, Intune).
Step two: define the regulatory framework. The platform supports global standards such as ISO 27001, PCI DSS, SOC 2, ENISA, DORA, GDPR, HIPAA, SWIFT, and NIS2.
Step three: onboard suppliers. From that point onward, organizations can monitor data, indicators, KPIs, risk types, and determine the most effective mitigation actions.
#RiskbladeConnect has set a precedent as a high-level forum for reflection and networking around the shared challenge of third-party risk management.
