Events
45 min

Moving Beyond Compliance Theater — Continuous Supply Chain Threat Modeling

Elasticito and Threatplane present a technical briefing on transitioning from static third-party risk management to continuous, graph-based supply chain threat modeling.

Jonny TyersJonny Tyers

45 min

Events
Webinar
Supply Chain
TPRM
Speaking
Moving Beyond Compliance Theater — Continuous Supply Chain Threat Modeling

As a CISO, your primary responsibility is the mitigation of systemic risk. Yet, traditional Third-Party Risk Management (TPRM) has largely degenerated into an exercise in compliance theater. Security teams dedicate massive allocations of capital and headcount to chasing vendor sign-offs, parsing static PDFs, and filing away point-in-time SOC 2 reports.

Let's be direct: An adversary does not compromise your network by auditing your documentation. They exploit runtime misconfigurations, slow patch velocity, and exposed authentication vectors. A signed questionnaire from six months ago will not stop an automated exploit today.

Join the engineering teams from Elasticito and Threatplane for an exclusive, fluff-free technical briefing. We will demonstrate how to move past administrative paperwork and transition to continuous, graph-based supply chain threat modeling. Discover how to stop evaluating what your vendors say they do, and start seeing what their infrastructure is actually doing.

About the session

This session is designed for security leaders and practitioners who are frustrated with the gap between what TPRM processes produce and what they actually need to understand about their supply chain risk. It's a technical briefing — we will show rather than tell.

The webinar runs on July 15, 2026 at 10:00 AM BST and is free to attend. Registration is open now.

What we will cover

  • Dismantling the GRC Illusion: Why "SOC 2-compliant" vendors routinely act as the primary ingress points for enterprise network intrusions.
  • Exposing the Identity Bridge: How unmanaged partner endpoints and poor SaaS console hygiene create silent, lateral access routes directly into your network.
  • Mapping the Blast Radius: A live technical demonstration to map active third-party vulnerabilities straight to your internal crown jewels.
  • The 80/20 Rule of TPRM: A practical blueprint to isolate the critical 20% of your vendor portfolio driving 80% of your systemic breach risk.

About Elasticito

Elasticito provides end-to-end cyber risk assessments and managed compliance services, helping organisations strengthen their cybersecurity and build business resilience. Their services span Microsoft 365 security, cyber threat intelligence, AI-powered compliance, network penetration testing, and supply chain cyber risk rating. More at elasticito.com.

Sign up here
In this article
1About the session2What we will cover3About Elasticito
About the speakers
Andrew Brown
Andrew BrownCo-Founder & CTO, Elasticito

Andrew has over 24 years of experience in cybersecurity, risk quantification, and GRC. As Co-Founder and CTO of Elasticito, he helps organisations identify threats and prioritise remediation to measurably improve their security posture.

Full bio →
Jonny Tyers
Jonny TyersFounder & Managing Director

Jonny founded Threatplane in 2017. With a background in offensive security, he has spent 15+ years helping organisations across defence, financial services, healthcare, and manufacturing understand and manage their technology risks.

Full bio →