Alice in Supply Chains is a monthly podcast inspired by the Alice in Supply Chains newsletter, delivering sharp discussions and insights on all things related to third-party cyber risk management (TPCRM). Hosted by two of the industry’s leading voices - Alexandre Sieira, Co-founder & CTO of Tenchi Security, and Adrian Sanabria, Principal Researcher at The Defender’s Initiative - the show offers expert analysis and practical takeaways to help you navigate today’s complex cybersecurity landscape.

In this episode, they dive into three standout stories from issue #36 of the newsletter of the same name, Alice in Supply Chains:

• How third-party disruptions can derail operations;

• The unusual case of Clorox vs. Cognizant;

• Why relying on EU cloud regions may not guarantee data sovereignty - and Microsoft’s admission to French customers.

Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).

It's hosted by two leading voices in the industry, Alexandre Sieira, Tenchi Security's CTO and Co-Founder  & The Defender's Initiative Principal Researcher, Adrian Sanabria - and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of issue #35 of the newsletter and covers:

- Prolific cybercriminal group now targeting aviation and transportation Companies

- Patient's death linked to cyber attack on NHS, hospital trust says

- Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions;

We’re thrilled to announce a special bonus episode of the Alice in Supply Chains podcast featuring an insightful conversation you won’t want to miss.

In this episode, Alexandre Sieira, CTO and Co-founder of Tenchi Security, and Adrian Sanabria, Principal Researcher at the Defender's Initiative, sit down with AJ Yawn - Director of GRC Engineering at Aquia, author of GRC Engineering for AWS, and host of CyberTakes.

Together, they take a deep dive into SOC 2 and its fate - exploring challenges, limitations, why it’s become so popular - and what the future holds. It’s a timely and important discussion for anyone interested in cyber risk management.

Alice in Supply Chains is a monthly podcast by ⁠⁠Tenchi Security ⁠⁠based on the ⁠⁠Alice in Supply Chains newsletter, ⁠⁠that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).

It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder  ⁠⁠Alexandre Sieira ⁠⁠& The Defender's Initiative Principal Researcher, ⁠⁠Adrian Sanaria⁠⁠, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of issue #34 of the newsletter of the same name, and covers:

- Cyberattacker accessed R.I.’s benefits system five months before state officials discovered the hack

- M&S confirms month-long breach result of third-party vendor phishing attack

- How to Incentivize Security by Design

- DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers

Operational impacts top list of vendor risk worries, study finds

Alice in Supply Chains is a monthly podcast by ⁠Tenchi Security ⁠based on the ⁠Alice in Supply Chains newsletter, ⁠that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).

It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder  ⁠Alexandre Sieira ⁠& The Defender's Initiative Principal Researcher, ⁠Adrian Sanaria⁠, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of issue #33, published on May 16th, 2025, and covers the following stories:

- EU businesses looking to ditch US Cloud Companies

- Insights from the UK ICO Investigation into the 2022 NHS Breach

- The great Hanoi rat massacre and modern risk practices

- JPMorgan's CISO open letter: a call to action

Verizon’s 2025 Data Breach Investigations Report (DBIR) is out — and one of the top takeaways couldn’t be more clear: third-party risk is rapidly accelerating. This year, breaches involving third parties doubled compared to last year (from 15% to 30%), often driven by vulnerability exploitation and business disruptions. As the report puts it: when a vendor is hosting your data, the best strategy is to focus on how secure and resilient their environment truly is.

The DBIR also highlights a shift in how organizations are addressing third-party risk. While traditional risk questionnaires remain part of the equation, the report underscores a growing need for TPCRM solutions that deliver quantifiable, actionable insights — especially those that assess real-world security controls. At Tenchi, that’s exactly where we’re focused: helping organizations achieve continuous, cooperative, and comprehensive visibility into third-party cyber risk.

Tenchi CTO and Co-Founder, Alexandre Sieira, and Adrian Sanabria, Principal Researcher at the Defender's Initiative — both hosts of our Alice in Supply Chains podcast — had the great pleasure of speaking directly with Alex Pinto from Verizon Business, one of the key minds behind the DBIR, right as the report was released to the public.

Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter, that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).

It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder  Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of newsletter issue #32, published on April 17, 2025. Check out the full material for more stories, links and details!

Themes discussed in this episode:

- Oracle breaches: from denial to lawsuit

- GitHub Action Hacked: Lessons Learned

Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's CTO & Co-founder Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanabria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of newsletter issue #31, published on March 17th, 2025. Check out the full newsletter for more stories, links and details!

Here are the stories we discuss this month:

-Details on the Bybit Heist

-Surge in supply chain cyber attacks

-Ransomware trends and law enforcement success

-Exploiting abandoned resources in cloud storage

Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of newsletter issue #30, published on February 19, 2025. Check out the full newsletter & subscribe for more stories, links and details!

Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.

This episode is based on the content of newsletter issue #29, published on January 17, 2025. Check out the full newsletter for more stories, links and details!

Here are the six stories we discuss this month:

-Chinese hackers are deep inside America's telecoms -BeyondTrust incident hits US Treasury -Deloitte downplays breach affecting Rhode Island -US government to ban China Telecom and TP-Link -Are we overfocused on APTs? -76% of attacks in the mining industry linked to suppliers