3rd Party Risk Management
,
Events
,
Governance & Risk Management
4FOX Security CEO McPherson on Why Trust Is Essential for Vendor Risk Resilience
Third-party resilience begins with understanding which vendor relationships pose the greatest risk to an organization’s operations. Hazel McPherson, founder and CEO of 4FOX Security, urges leaders to focus on critical processes, contractual obligations and compliance requirements when evaluating supply chain vulnerabilities.
Security cannot be reduced to a checkbox exercise. McPherson described how real resilience comes from embedding security as a continuous process, supported by leadership and culture. It involves ongoing validation of controls, not just annual certifications. “You don’t MOT your car once and ignore it. You check tire pressure, oil and water,” she said. “[Compliance] has to be part of what you live and breathe in terms of security.”
See Also: AI, Zero Trust and SASE: Modernizing Security
McPherson added that teams with varied perspectives, backgrounds and experiences identify risks differently and respond more effectively. “Cybercriminals are diverse. If we’re just talking to ourselves, we’re an echo chamber.”
In this video interview with Information Security Media Group at Infosecurity Europe 2025, McPherson also discussed:
- Prioritizing supplier risks through critical process evaluation;
- Building trust-based, ongoing vendor relationships;
Fostering diverse, psychologically safe teams to enhance resilience.
McPherson is an award-winning CISO with more than 25 years of experience in finance, government and healthcare. Known for making cybersecurity clear and human, she builds resilient strategies, leads community initiatives like BSides Bristol and mentors women in tech and cyber.
