CCT 355: Zapier Breach Lessons For Cloud Security and Setting Up TPRM Program in 15 Minutes

CCT 355: Zapier Breach Lessons For Cloud Security and Setting Up TPRM Program in 15 Minutes

From CISSP Cyber Training Podcast - CISSP Training Program by Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur

June 4, 2026 · 24 min · Season 3 · Episode 355

About this episode

The episode discusses lessons from a Zapier breach and how to quickly set up a Third Party Risk Management program.

Send us Fan Mail The breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and ultimately an NPM token that could enable a supply chain attack. From t...

People in this episode

Host: Shon Gerber

Topics covered

  • cloud security
  • TPRM program
  • supply chain attack
  • cybersecurity
  • integration risks

Keywords

  • Zapier breach
  • cloud security
  • TPRM
  • AWS Lambda
  • IAM role
  • supply chain attack
  • cybersecurity

Mentioned in this episode

Organizations: Zapier, AWS, NPM

More episodes of CISSP Cyber Training Podcast - CISSP Training Program

Explore listener stats, chart rankings, contacts and more on the CISSP Cyber Training Podcast - CISSP Training Program podcast page.