Alice in Supply Chains

Tenchi Security
  • 0,0 (0)
  • NEUES AUS DER TECHNIK
  • MONATLICH

In 2022, Tenchi Security created the Alice in Supply Chains newsletter to share and highlight stories on third-party and supply chain risks and attacks, their impacts on services and businesses, and how the industry is moving forward to manage these risks. Following the meteoric success of the newsletter, we've created a podcast! Every month, hosts Adrian Sanabria and Alexandre Sieira will discuss the top six stories from each monthly newsletter, and their thoughts on the future of third party cyber risk management.

  1. VOR 3 TAGEN

    Bonus episode with special guest Tony Martin-Vegue

    In this special interview episode, hosts Adrian Sanabria and Alexandre Sieira sit down with Tony Martin-Vegue, author of the upcoming book Heatmaps to Histadograms: A Practical Guide to Cyber Risk Quantification. Tony shares his journey from IT and cryptography to becoming a leading voice in cyber risk quantification, including his six years building Netflix's risk quantification program from the ground up. Tony Martin-Vegue brings over two decades of experience in IT and information security. With an economics degree that his mentor recognized as ideal for risk management, Tony has built cyber risk quantification programs at several large companies. Most recently, he spent six years at Netflix where he led approximately 3,000 FAIR-based risk assessments. He now runs his own consulting and advisory firm while promoting quantitative approaches to cyber risk.Resources Mentioned in the Episode: The website for Tony’s book: https://www.heatmapstohistograms.com/Link to Solar Winds breach: https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breachLink to Colonial Pipeline breach: https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attackThe Scoville Scale: https://en.wikipedia.org/wiki/Scoville_scaleHow to use Monte Carlo simulations in Excel: https://support.microsoft.com/en-us/office/introduction-to-monte-carlo-simulation-in-excel-64c0ba99-752a-4fa8-bbd3-4450d8db16f1The FAIR Institute: https://www.fairinstitute.org/The FAIR Framework: https://www.fairinstitute.org/blog/integrating-fair-models-a-unified-framework-for-cyber-risk-managementHow to Lie with Statistics: Information Security Edition https://www.youtube.com/watch?v=p3jJnl99LmcCyentia’s IRIS Retina Report https://www.cyentia.com/services/iris-risk-retina/Verizon’s 2025 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir

    47 Min.

  2. 30. JAN.

    Episode #13 | January 2026

    Alice in Supply Chains is a monthly podcast by based on the Alice in Supply Chains newsletter - that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanabria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape. 1. 2026 Outlook AI hits "put up or shut up" time—needs to prove enterprise value beyond demosGeopolitical fragmentation accelerating, impacting supply chain dependenciesChina signaling supply chain independence (banning US/Israeli security vendors, declining Nvidia H200s)Upcoming episode with Tony Martin-Vegue on cyber risk quantificationRSA Conference: Tenchi hosting events at Harlan Records, Sun–Wed, during RSA week2. Announcements Upcoming episode with Tony Martin-Vegue on cyber risk quantificationRSA Conference: Tenchi hosting events at Harlan Records, Sun–Wed, during RSA week3. Stories covered Story 1: ENISA NIS2 SurveySurvey of 1,080 professionals across 27 EU countries on cybersecurity investments. Top investment driver: Regulatory compliance (70%), far ahead of proactive risk management (42%)Hardest to implement: Vulnerability management (#1), TPRM (#2)Supplier inventory: Under 10% of companies maintain one—current TPRM approaches don't scaleTop 2026 concerns: Ransomware and supply chain attacks (~47%)https://www.enisa.europa.eu/publications/nis-investments-2025Story 1 Resources https://www.enisa.europa.eu/publications/nis-investments-2025Story 2: SOC 2 Fraud AllegationsSocial media discussions allege compliance platforms and auditors are rubber-stamping SOC 2 reports. Claims of nearly identical reports across different companiesNo AICPA enforcement—peer review doesn't verify actual control testingPost-breach cases (e.g., PowerSchool) reveal SOC 2s claiming controls that weren't implementedTakeaway: Don't over-trust SOC 2s for critical third parties; consider independent verificationStory 2 Resources https://www.linkedin.com/posts/troyjfine_details-have-emerged-regarding-a-widespread-activity-7415043499676483584-nI5Zhttps://www.linkedin.com/posts/sieira_details-have-emerged-regarding-a-widespread-activity-7415394996184424449-CSzOhttps://infosec.exchange/@AlexandreSieira/115865691003110478 Story 3: Japan & Korea Cybersecurity RegulationsBoth countries responding to major 2025 breaches (Asahi, SK Telecom, KT, Coupang) with new rules. Mandatory breach reporting with government actively assisting incident responseKorea: GDPR-style fines up to 3% of annual sales for repeat breachesJapan: Expanding cyber intelligence capabilities, reflecting reduced reliance on US protectionTPRM angle: Public breach disclosure would enable better third-party "background checks" than self-reported questionnairesStory 3 Resources https://www.centerforcybersecuritypolicy.org/insights-and-research/japans-new-active-cyber-defense-law-a-strategic-evolution-in-national-cybersecurityhttps://www.japantimes.co.jp/news/2025/12/23/japan/crime-legal/new-cybersecurity-strategy-police-sdf/https://www.koreatimes.co.kr/southkorea/20251212/science-minister-vows-punitive-fines-against-companies-with-repeated-security-breachesOther Resources Mentioned The Alice in Supply Chains Newsletter https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/Episode 440 of the Enterprise Security Weekly podcast: why cybersecurity predictions are so bad https://youtu.be/qyn7F2NPCMs?si=P0bhGQtwwHXrnIhWPrior episode with AJ Yawn discussing how the SOC 2 sausage gets made https://www.tenchisecurity.com/en/alice-in-supply-chains/episode-7-hoxz2"The Security Products We Deserve" talk https://www.youtube.com/watch?v=GHuQC1qLnJ4Stay safe and stay vigilant!

    58 Min.

  3. 18.12.2025

    Episode #12 | December 2025

    Join Alexandre Sieira (CTO & Cofounder, Tenchi Security) and Adrian Sanabria (Principal Researcher, The Defender's Initiative) as they unpack the most relevant stories from our latest Alice in Supply Chains newsletter (issue #40) - and discuss what they mean for third-party cyber risk management. Topics approached on the last podcast of 2025: - Trends in Supply Chain Attacks in general, as observed through this year; - The Risks of Ignoring Corporate Culture in Third-Party Due Diligence - CISOs Are Losing Control of Their Security Outcomes - Cyber Insurance

    1 Std. 3 Min.

  4. 26.11.2025

    Episode #11 | November, 2025

    Join Alexandre Sieira (CTO & Cofounder, Tenchi Security) and Adrian Sanabria (Principal Researcher, The Defender's Initiative) as they unpack the most relevant stories from our latest Alice in Supply Chains newsletter (#39) - and discuss what they mean for third-party cyber risk management. In this episode, the duo dive into: Liability in the Age of AI: Who is truly accountable when AI "hallucinates" and causes reputational or financial damage? The Fog of War in Breach Reporting: Why early breach disclosures are often highly inaccurate ? The Cloud Availability Crisis: It’s not just AWS and Azure. We analyze the recurring, major outages impacting global infrastructure - and the critical dependencies putting your entire digital supply chain at risk. Don't miss their expert discussion on navigating modern digital supply chain risks!

    47 Min.

  5. 25.09.2025

    Episode #9 | September 2025

    In this episode, Alexandre Sieira (CTO & Cofounder of Tenchi Security) and Adrian Sanabria (Principal Researcher at The Defender's Initiative) celebrate the 3rd anniversary of the Alice in Supply Chains newsletter - the very starting point for this podcast. Together, they revisit key highlights from issue #37, unpacking the stories shaping today’s supply chain security landscape: -The Salesloft “Perfect One Attack, Use Many” case-Vendors charging customers to complete security questionnaires-New CISA tools for supply chain security-The Sinqia compromise and the HSBC BRL theftStay tuned, every month, for in-depth insights, expert analysis, and key discussions on TPCRM challenges.

    1 Std. 4 Min.

  6. 29.08.2025

    Episode #8 | August, 2025

    Alice in Supply Chains is a monthly podcast inspired by the Alice in Supply Chains newsletter, delivering sharp discussions and insights on all things related to third-party cyber risk management (TPCRM). Hosted by two of the industry’s leading voices - Alexandre Sieira, Co-founder & CTO of Tenchi Security, and Adrian Sanabria, Principal Researcher at The Defender’s Initiative - the show offers expert analysis and practical takeaways to help you navigate today’s complex cybersecurity landscape. In this episode, they dive into three standout stories from issue #36 of the newsletter of the same name, Alice in Supply Chains: How third-party disruptions can derail operations; The unusual case of Clorox vs. Cognizant; Why relying on EU cloud regions may not guarantee data sovereignty - and Microsoft’s admission to French customers.

    59 Min.

  7. 28.07.2025

    Episode #7 | July, 2025

    Alice in Supply Chains is a monthly podcast by Tenchi Security based on the Alice in Supply Chains newsletter that provides interesting discussions and expert insights on all things related to third-party cyber risk management (TPCRM). It's hosted by two leading voices in the industry, Alexandre Sieira, Tenchi Security's CTO and Co-Founder  & The Defender's Initiative Principal Researcher, Adrian Sanabria - and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape. This episode is based on the content of issue #35 of the newsletter and covers: - Prolific cybercriminal group now targeting aviation and transportation Companies - Patient's death linked to cyber attack on NHS, hospital trust says - Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions;

    52 Min.

  8. 14.07.2025

    The Limitations of SOC 2 with AJ Yawn (bonus episode)

    We’re thrilled to announce a special bonus episode of the Alice in Supply Chains podcast featuring an insightful conversation you won’t want to miss. In this episode, Alexandre Sieira, CTO and Co-founder of Tenchi Security, and Adrian Sanabria, Principal Researcher at the Defender's Initiative, sit down with AJ Yawn - Director of GRC Engineering at Aquia, author of GRC Engineering for AWS, and host of CyberTakes. Together, they take a deep dive into SOC 2 and its fate - exploring challenges, limitations, why it’s become so popular - and what the future holds. It’s a timely and important discussion for anyone interested in cyber risk management.

    51 Min.
Alle anzeigen (15)

Info

In 2022, Tenchi Security created the Alice in Supply Chains newsletter to share and highlight stories on third-party and supply chain risks and attacks, their impacts on services and businesses, and how the industry is moving forward to manage these risks. Following the meteoric success of the newsletter, we've created a podcast! Every month, hosts Adrian Sanabria and Alexandre Sieira will discuss the top six stories from each monthly newsletter, and their thoughts on the future of third party cyber risk management.

Informationen

  • Erstellt von
    Tenchi Security
  • Jahre aktiv
    2025 - 2026
  • Folgen
    15
  • Bewertung
    Unbedenklich
  • Copyright
    © Tenchi Security
  • Sendungswebsite
    Alice in Supply Chains