Third Party Therapy - Haydn Brooks - Active Supply Chain Security: Paper Shield to Real Protection

First recorded in-studio for Third Party Therapy! In this episode, Mike sits down with Haydn Brooks, founder and CEO of Risk Ledger, for a wide-ranging conversation on why traditional third party risk management isn't enough — and what a fundamentally different approach to supply chain security looks like in practice. Haydn's background is anything but conventional: from neuroscience and brain cancer research to picking locks at KPMG, then Deloitte, before founding Risk Ledger — a platform built on the idea that supply chains are complex ecosystems, not just lists of vendors to assess. In this episode: 🌐 Why supply chains are now a systemic risk, not just an operational one — and how 30 years of globalisation is course-correcting in real time 🔍 The three fundamental problems Haydn saw in supply chain security — and why they led him to build something different 🤝 Why the most effective supply chain security teams are the ones that know the security team on the other side — and how to scale that human connection ⚠️ The "paper shield" problem: why compliance-driven assessments give false confidence — and what meaningful detection, response and recovery actually looks like 🤖 How AI is changing both the threat landscape and the tools available — including the hidden risk of engineers quietly plugging LLMs into your supply chain at the fourth-party layer 📊 Why Risk Ledger works more like a social network than a traditional assessment platform — and the honest trade-off between data granularity and breadth 🏛️ Why public sector and critical infrastructure often lead financial services on supply chain security maturity — and what FS firms could learn from that 🔗 The procurement-security relationship: why it's the single biggest blocker, and how fixing it unlocks everything else Haydn also makes the case that suppliers are the most overlooked stakeholder in TPRM — and that any process which doesn't deliver value to them will always underperform. Guest: Haydn Brooks, Founder & CEO, Risk Ledger Host: Mike Day 🎙️ First episode recorded in-studio — thanks to Vorboss for the space. 🔔 Subscribe for more | 🌐 thirdpartytherapy.com | 📧 Sign up to the mailing list #TPRM #SupplyChainSecurity #CyberSecurity #ThirdPartyRisk #RiskManagement #SupplyChainResilience #CISO #AI #podcast Timecode Chapter Title 00:00 Introduction & Welcome 00:40 Haydn's Journey: Neuroscience to Supply Chain Security 02:10 The Macro Shift: From Globalisation to Supply Chain Resilience 04:08 Beyond Individual Suppliers: Understanding the Ecosystem 06:06 Three Problems with Traditional TPRM 07:10 How Risk Ledger Works: A Security Social Network 09:05 Scaling Collaboration Across Hundreds of Suppliers 11:10 Incident Management & Mean Time to Detect/Respond 13:06 Compliance vs. Effective Risk Management 15:07 Detection, Response & the Pre-Incident Gap 17:27 AI in TPRM: The Benefits 18:42 Can We Predict a Supply Chain Attack? 19:54 Agentic AI and the Future of Supply Chain Security 22:01 Standardisation vs. Flexibility in a Community Platform 25:51 AI Risks: The Hidden Exposure Problem 29:10 Embedded AI in Services — the Risk You Don't See 30:50 The Security–Procurement Relationship 33:24 Supplier Engagement: The Biggest TPRM Challenge 35:06 Keeping the Human Element at Scale 38:13 Are Clients Ready for Modern TPRM Tools? 40:30 Sector Differences in Adoption 41:28 Data Quality & the Security–Procurement Friction 43:52 Three Types of Suppliers Security Teams Should Worry About 49:18 Practical First Steps: Where to Start 50:30 Closing Thoughts