Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter, that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).
It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of issue #34 of the newsletter of the same name, and covers:
- Cyberattacker accessed R.I.’s benefits system five months before state officials discovered the hack
- M&S confirms month-long breach result of third-party vendor phishing attack
- How to Incentivize Security by Design
- DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
Operational impacts top list of vendor risk worries, study finds
Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter, that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).
It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of issue #33, published on May 16th, 2025, and covers the following stories:
- EU businesses looking to ditch US Cloud Companies
- Insights from the UK ICO Investigation into the 2022 NHS Breach
- The great Hanoi rat massacre and modern risk practices
- JPMorgan's CISO open letter: a call to action
Verizon’s 2025 Data Breach Investigations Report (DBIR) is out — and one of the top takeaways couldn’t be more clear: third-party risk is rapidly accelerating. This year, breaches involving third parties doubled compared to last year (from 15% to 30%), often driven by vulnerability exploitation and business disruptions. As the report puts it: when a vendor is hosting your data, the best strategy is to focus on how secure and resilient their environment truly is.
The DBIR also highlights a shift in how organizations are addressing third-party risk. While traditional risk questionnaires remain part of the equation, the report underscores a growing need for TPCRM solutions that deliver quantifiable, actionable insights — especially those that assess real-world security controls. At Tenchi, that’s exactly where we’re focused: helping organizations achieve continuous, cooperative, and comprehensive visibility into third-party cyber risk.
Tenchi CTO and Co-Founder, Alexandre Sieira, and Adrian Sanabria, Principal Researcher at the Defender's Initiative — both hosts of our Alice in Supply Chains podcast — had the great pleasure of speaking directly with Alex Pinto from Verizon Business, one of the key minds behind the DBIR, right as the report was released to the public.
Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter, that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM).
It's hosted by two leading voices in the industry, Tenchi Security's CTO and Co-Founder Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of newsletter issue #32, published on April 17, 2025. Check out the full material for more stories, links and details!
Themes discussed in this episode:
- Oracle breaches: from denial to lawsuit
- GitHub Action Hacked: Lessons Learned
Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's CTO & Co-founder Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanabria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of newsletter issue #31, published on March 17th, 2025. Check out the full newsletter for more stories, links and details!
Here are the stories we discuss this month:
-Details on the Bybit Heist
-Surge in supply chain cyber attacks
-Ransomware trends and law enforcement success
-Exploiting abandoned resources in cloud storage
Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of newsletter issue #30, published on February 19, 2025. Check out the full newsletter & subscribe for more stories, links and details!
Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanaria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.
This episode is based on the content of newsletter issue #29, published on January 17, 2025. Check out the full newsletter for more stories, links and details!
Here are the six stories we discuss this month:
-Chinese hackers are deep inside America's telecoms -BeyondTrust incident hits US Treasury -Deloitte downplays breach affecting Rhode Island -US government to ban China Telecom and TP-Link -Are we overfocused on APTs? -76% of attacks in the mining industry linked to suppliers
