Understanding the organizational environment and addressing blind spots is foundational in achieving cybersecurity resilience in any system, IT or OT. Many organizations struggle with vulnerability management, and even more so with vendor/supply chain risk management, often sacrificing vendor risk completely. Threat actors will look for the weakest attack surface of an organization to exploit, which often exists through the supply chain. Major cybersecurity events like the Target breach in 2013, and the NotPetya attack in 2017 were affected due to weaknesses in the supply chain, including unpatched vulnerabilities. F-Secure and Security Magazine UK have posted resources to assist organizations in prioritizing vulnerabilities and protecting their supply chain. Both posts offer steps to discover and properly manage vulnerabilities and risk posed from third party relationships. F-Secure, SC Magazine UK.