Alice in Supply Chains

Episode #13 | January 2026


Listen Later

Alice in Supply Chains is a monthly podcast by based on the Alice in Supply Chains newsletter - that provides interesting discussions and insights on all things related to third-party cyber risk management (TPCRM).

It's hosted by two leading voices in the industry, Tenchi Security's Co-founder and CTO Alexandre Sieira & The Defender's Initiative Principal Researcher, Adrian Sanabria, and it promises expert opinions and takeaways to help audiences navigate the complex cybersecurity landscape.


1. 2026 Outlook

  • AI hits "put up or shut up" time—needs to prove enterprise value beyond demos
  • Geopolitical fragmentation accelerating, impacting supply chain dependencies
  • China signaling supply chain independence (banning US/Israeli security vendors, declining Nvidia H200s)
  • Upcoming episode with Tony Martin-Vegue on cyber risk quantification
  • RSA Conference: Tenchi hosting events at Harlan Records, Sun–Wed, during RSA week

2. Announcements

  • Upcoming episode with Tony Martin-Vegue on cyber risk quantification
  • RSA Conference: Tenchi hosting events at Harlan Records, Sun–Wed, during RSA week

3. Stories covered

Story 1: ENISA NIS2 Survey
Survey of 1,080 professionals across 27 EU countries on cybersecurity investments.

  • Top investment driver: Regulatory compliance (70%), far ahead of proactive risk management (42%)
  • Hardest to implement: Vulnerability management (#1), TPRM (#2)
  • Supplier inventory: Under 10% of companies maintain one—current TPRM approaches don't scale
  • Top 2026 concerns: Ransomware and supply chain attacks (~47%)
  • https://www.enisa.europa.eu/publications/nis-investments-2025

Story 1 Resources

  • https://www.enisa.europa.eu/publications/nis-investments-2025

Story 2: SOC 2 Fraud Allegations
Social media discussions allege compliance platforms and auditors are rubber-stamping SOC 2 reports.

  • Claims of nearly identical reports across different companies
  • No AICPA enforcement—peer review doesn't verify actual control testing
  • Post-breach cases (e.g., PowerSchool) reveal SOC 2s claiming controls that weren't implemented
  • Takeaway: Don't over-trust SOC 2s for critical third parties; consider independent verification

Story 2 Resources

  • https://www.linkedin.com/posts/troyjfine_details-have-emerged-regarding-a-widespread-activity-7415043499676483584-nI5Z
  • https://www.linkedin.com/posts/sieira_details-have-emerged-regarding-a-widespread-activity-7415394996184424449-CSzO
  • https://infosec.exchange/@AlexandreSieira/115865691003110478

Story 3: Japan & Korea Cybersecurity Regulations
Both countries responding to major 2025 breaches (Asahi, SK Telecom, KT, Coupang) with new rules.

  • Mandatory breach reporting with government actively assisting incident response
  • Korea: GDPR-style fines up to 3% of annual sales for repeat breaches
  • Japan: Expanding cyber intelligence capabilities, reflecting reduced reliance on US protection
  • TPRM angle: Public breach disclosure would enable better third-party "background checks" than self-reported questionnaires

Story 3 Resources

  • https://www.centerforcybersecuritypolicy.org/insights-and-research/japans-new-active-cyber-defense-law-a-strategic-evolution-in-national-cybersecurity
  • https://www.japantimes.co.jp/news/2025/12/23/japan/crime-legal/new-cybersecurity-strategy-police-sdf/
  • https://www.koreatimes.co.kr/southkorea/20251212/science-minister-vows-punitive-fines-against-companies-with-repeated-security-breaches

Other Resources Mentioned

  • The Alice in Supply Chains Newsletter https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/
  • Episode 440 of the Enterprise Security Weekly podcast: why cybersecurity predictions are so bad https://youtu.be/qyn7F2NPCMs?si=P0bhGQtwwHXrnIhW
  • Prior episode with AJ Yawn discussing how the SOC 2 sausage gets made https://www.tenchisecurity.com/en/alice-in-supply-chains/episode-7-hoxz2
  • "The Security Products We Deserve" talk https://www.youtube.com/watch?v=GHuQC1qLnJ4

Stay safe and stay vigilant!

...more
View all episodesView all episodes
Download on the App Store

Alice in Supply ChainsBy Tenchi Security