We’re proud to announce that Tenchi Security is sponsoring the @fsisac Americas Spring Summit 2026, taking place between March 1 - 4 in Orlando.

This is a members-only summit that brings together cybersecurity leaders from financial institutions to collaborate on emerging threats and strengthen sector-wide resilience.

If you’re attending, visit us at Booth #84 to see how Tenchi is advancing Third-Party Cyber Risk Management with Zanshin - the only global TPCRM solution that combining inside-out and outside-in visibility, linking external attack surface monitoring with automated, continuous, scalable, and non-intrusive assessments of cloud infrastructure (IaaS, PaaS, SaaS) and security controls across your entire ecosystem..

For more info regarding the event, click on the link in the first comment.

#TPCRM #TPRM #CyberSecurity #CyberEvents #FSISAC

If you are a CISO, a board member or an executive with responsibility over information security and compliance at an enterprise, stop and read this amazing article by CybersecurityHQ right now: https://newsletter.cybersecurityhq.com/p/the-interdependence-collapse-why-fortune-100-cisos-are-losing-control-of-their-security-outcomes

It very clearly articulates the major challenges security programs are suffering from right now. My favorite quotes:

"Your third-party risk program is theater. Point-in-time questionnaires and annual SOC 2 reviews do not detect the vulnerabilities that matter. They exist to satisfy auditors, not to prevent breaches. The Salesloft-Drift attackers operated for six months before detection. Annual assessments would not have found them."

"Sixty percent of your breach exposure now sits in domains you depend on but cannot control. Your security program is optimized for the 15% you own."

"Your board does not understand the ecosystem it is accountable for. Only 17% of organizations report their leadership fully understands third-party cyber risks. The SEC is watching. Disclosure requirements are tightening. Fiduciary exposure is expanding. Ignorance is not a defense—it is a liability."

#tprm #tpcrm #cyber #security #enterprise #risk #management #grc

The second episode of the Alice in Supply Chains podcast is out!

This is a podcast where @sawaba and I discuss what we consider some of most important news related to Third-Party Cyber Risk Management from the previous month.

You can check it out on the major podcast platforms.

Youtube: https://www.youtube.com/watch?v=CMYDeb56FWs

Spotify: https://open.spotify.com/episode/7qPB7IauZ1QGdmuczircB8?nd=1&dlsi=7972d56c585442c6

Apple Music: https://podcasts.apple.com/br/podcast/episode-2-february-2025/id1791990827?i=1000694446509

Amazon Music: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

This is based on the longer monthly newsletter of the same name published by @TenchiSecurity on LinkedIN. You can find the latest edition at https://www.linkedin.com/pulse/issue-30-february-2025-tenchisecurity-aejkf/

#tprm #tpcrm #cyber #risk #compliance #management

Happy to announce the launch of the Alice in Supply Chains #podcast, posted monthly, focusing on topical discussions on the top news relevant to Third-Party Cyber Risk Management.

"Plant a tree, have a child, and write a book. These all live on after us, insuring a measure of immortality." We all know that these days, the writing a book part would probably be replaced with "host a podcast".

Given that inevitability, I have finally decided to face my impostor syndrome and my non-native and accented English and give that a go. Standing on the shoulders of the collective effort we do at @TenchiSecurity on publishing high-quality content on Third-Party Cyber Risk Management in the Alice in Supply Chains newsletter, and counting on the vast experience and expertise of my good friend and co-host @sawaba .

Please check it out and let us know what you think, we are really at the beginning of the learning curve here and can use the feedback. Hope you like it!

Youtube: https://www.youtube.com/playlist?list=PL22qeD49pJIix3gpBoeYvzcdATBhCoGLR

Spotify: https://open.spotify.com/episode/2GLA4H22nRixBWMwSgfr2M?si=SuhuCiHtS92-O5KdvYeNMw&nd=1&dlsi=1bc786e899e14f09

Amazon: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

Apple: https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

If you haven't subscribed to the newsletter yet, you can do so now at https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

#tprm #tpcrm #cyber #security #risk #management

My thoughts on the Blue Yonder incident and the value of Security Scoring, as a follow-up and reflection of the conversation @riskybusiness and
@metlstorm had at the Risky Business podcast: https://www.youtube.com/watch?v=cstfm5FbRFI&t=1481s #tprm #tpcrm #cyber #security #risk

Since I am unable to upload my video here, I'll add the LinkedIN post link: https://www.linkedin.com/posts/sieira_tprm-tpcrm-cyber-activity-7270431264942215168-yZFm

Yet another reminder of the importance of Third-party Cyber Risk Management: https://cybersecuritynews.com/starbucks-hit-by-ransomware-attack/ #tprm #tpcrm #cyber #security #risk #management

It is worth pointing out that there are no shortcuts on how to manage the security of third-parties. Blue Yonder, the third-party involved in this incident, boast having SOC2 type II and ISO 27001 certifications. They surely answered all of the different self-assessment questionnaires it received to their customers' satisfaction. Their security ratings scores were certainly acceptable, if they were brought on as vendors.

And I know none of those things are strict guarantors of perfect security. Even companies that are mostly doing things well can be compromised. But at the same time, we need to wake up as an industry to the fact that the existing TPCRM practices are failing to protect us.

We need to work together to do better, go beyond the illusion of risk avoidance and risk transfer, and actually manage and mitigate third-party cyber risk.

Wow, @TenchiSecurity 's monthly newsletter of curated Third-Party Cyber Risk Management news has reached 12,000 subscribers!

This is a low-volume, high signal newsletter for the time strapped risk manager, highlighting breaches, regulatory changes and more.

Issue 27 is out, check it out and let me know what you think! https://www.linkedin.com/pulse/issue-27-november-2024-tenchisecurity-qhl8f/ #tprm #tpcrm #cyber #risk #compliance

The #CFP for @TenchiSecurity 's #TPCRM #Conference is open! If you have experience to share in this field, either with technical insights, GRC or privacy expertise we'd love for you to apply to our call for papers!

We would love to have international speakers join us with an audience of some of the leading financial services, telecom and healthcare providers in Latin America to a content-focused discussion Third-party Cyber Risk Management in São Paulo, Brazil this November 5th.

You can apply now at https://docs.google.com/forms/d/e/1FAIpQLSc9aK5UafStfv3QHH9tWfYjt0OPKhgbnG8CATowd6-BASxDIw/viewform

We are back with our Issue #21:  “Alice in Supply Chains Newsletter” - the most up-to-date content on third-party cyber risk management (TPCRM) curated by our team of experts.

In yet another packed edition, cloud issues are once again at the forefront. Our first headline this month is the Cyber Safety Review Board report on the breach that Microsoft (and, by extension, the US government) suffered last year when a Chinese threat actor gained access to cloud-hosted email accounts. Our second story is the Sisense breach, which has been oddly under-reported, in part due to how little information the company has decided to release publicly.

We also have our usual round-up of third-party breaches and government news, as well as some follow-ups on the ransomware attack against UnitedHealth Group and the XZ backdoor story (or, more generally, social engineering attacks against open-source project maintainers).

We hope you enjoy the read!

https://www.linkedin.com/pulse/issue-21-may-2024-tenchisecurity-ycjzf

#Cybersecurity #TPCRM