CISO Talk by James Azar

CISO Talk by James Azar

Inherited Risk: The New Reality of Cybersecurity Leadership

Why supply chain security is no longer about protecting your vendors—it’s about operating a business built on technology you don’t control.

James Azar's avatar
James Azar
Jul 04, 2026
∙ Paid

There was a time when cybersecurity teams could reasonably understand most of what they were defending. Applications were developed internally, infrastructure lived inside company-owned data centers, and the technology stack was relatively contained. Security leaders focused on protecting assets they owned, controlled, and could inspect. Those days are over.

Today’s enterprise runs almost entirely on services someone else operates. Infrastructure is Infrastructure-as-a-Service. Applications are Software-as-a-Service. Identity depends on cloud providers. Security controls are delivered from the cloud. ERP platforms connect to payroll providers, banks, logistics companies, HR systems, suppliers, and thousands of APIs. Even the software we build ourselves is assembled from hundreds, sometimes thousands of open-source packages maintained by people we’ve never met. Modern business isn’t built anymore. It’s integrated.

User's avatar

Continue reading this post for free, courtesy of James Azar.

Or purchase a paid subscription.
© 2026 James Azar · Privacy ∙ Terms ∙ Collection notice
Start your SubstackGet the app
Substack is the home for great culture