All links and images for this episode can be found on CISO Series. It seems anything that's added to a business, like a new app or a third party vendor, just adds more risk. Risk definitely piles up faster than CISOs can reduce it. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Kurt Sauer (@kurtsauer), CISO, DocuSign (when we recorded the show, Kurt was the vp of security for Workday). Thanks to our podcast sponsor, Stairwell The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond. Learn about Inception. In this episode:  Does it seem like anything that's added to a business, like a new app or a third party vendor, just adds more risk? Does risk pile up faster than CISOs can reduce it? How do you avoid creating new risks when you add new applications, or even just update applications?