Leanpub Header

Skip to main content
Go to Leanpub.com

Someone Else's Breach

A Practioner's Guide to Third-Party Incident Response

Yolonda Smith

You've got forty vendors, a hundred integrations, and a SOC 2 report that tells you exactly nothing about what happens when one of them gets compromised. Your dependency map lives in someone's head. Your exposure estimate is a shrug. Your decision process is whoever talks loudest in the emergency meeting. And when it's over, every lesson learned evaporates before the next incident hits. Someone Else's Breach is the framework that replaces all of it — a quantitative, repeatable system for knowing what you're exposed to, deciding what to do about it, and getting better every time. From proactive resilience design to AI-augmented detection, this is the practitioner's guide to surviving incidents you didn't cause but can't ignore.

Minimum price

$29.99

$39.99

You pay

$39.99

Author earns

$31.99
$
You can also buy this book with 2 book credits. Get book credits with a Reader Membership or an Organization Membership for your team.
PDF
About

About

About the Book

It's a Thursday afternoon when the Slack alert hits: your identity provider just published a blog post with carefully worded language that makes your stomach drop.

Three questions land simultaneously. Are we affected? What's our exposure? What should we do? You don't know the answer to any of them. Neither does anyone else.

This is vendor incident response — the urgent, high-stakes, and almost universally ad-hoc process of figuring out what someone else's security failure means for your organization. Despite the fact that 59% of companies have experienced a breach caused by a third party, almost no one has a structured methodology for the moment it happens.

This book gives you one.

Someone Else's Breach presents the DC-TPIR (Dependency-Centric Third-Party Incident Response) framework — a complete system for detecting vendor incidents, quantifying your exposure in financial terms, making defensible stay/exit/mitigate decisions under time pressure, and building institutional memory so every incident makes the next one faster and less painful.

What you'll learn:

• How to map vendor dependencies so you know exactly what's at stake before the alert arrives

• A three-component model for estimating exposure probability when your vendor says "a subset of customers may be affected"

• Bayesian updating techniques that refine your estimates as information emerges over hours and days

• Calibrated estimation methods from the superforecasting literature, adapted for incident response under pressure

• A structured decision framework that replaces gut feel and the loudest voice in the room with quantified cost-benefit analysis

• How to build institutional memory that compounds — so the second incident with the same vendor takes thirty minutes instead of six hours

• Proactive resilience design and vendor chaos engineering practices drawn from Kelly Shortridge's security chaos engineering work

• How to use AI to compress your detection-to-decision timeline from hours to minutes — and how to assess the AI-specific risks your vendors are introducing, informed by the Databricks AI Security Framework (DASF)

• SEC 8-K materiality determinations, board-ready reporting, and audit trails that satisfy regulators

Includes two full end-to-end worked examples (an identity provider breach and a cascading AWS availability incident), ready-to-use templates for decision records, chaos experiment specifications, and vendor AI risk assessments, plus a phased implementation roadmap you can start this week.

Written for CISOs, third-party risk managers, security architects, GRC professionals, and anyone who ends up in the emergency meeting when a vendor has a bad day.

Share this book

Categories

Computer SecurityBusiness and IT AlignmentStrategy

Feedback

Email the Author

Author

About the Author

Yolonda Smith

Yolonda Smith is a cybersecurity executive, startup founder, and U.S. Air Force veteran with over 20 years in the field. She has served as Head of Cybersecurity at Grubhub and sweetgreen — where she led security through the company's IPO — and as Business Information Security Officer at Target. She held product leadership roles at Pwnie Express and spent eight years as an Air Force Cyberspace Operations Officer. Yolonda is the founder and CEO of vCISO Lite, which delivers automated compliance and risk management for small and mid-size businesses. She holds a Certified CISO credential from Carnegie Mellon's Heinz College and maintains CISSP, CISM, GSEC, and GCIH certifications. She lives in Atlanta.

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDF

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub