Podcast

Alice in Supply Chains - Episode 15

April 6, 2026

Episode description:

Hosts Adrian Sanabria (The Defenders Initiative) and Alexandre Sieira (CTO, Tenchi Security) reconvene — both recovering from the notorious con crud — to dig into the biggest stories from a packed month in third-party and supply chain security.

Show notes:

This month, we have two main stories:

  • The ongoing Delve controversy and data leaks
  • Our RSAC Conference 2026 takeaways

In addition, we’ve got links to some of the things we mentioned in the podcast!

  1. Alex’s ESW Appearance securityweekly.com/esw452
  2. The episode we did with AJ Yawn on issues with SOC 2 reports https://www.tenchisecurity.com/en/alice-in-supply-chains/episode-7-hoxz2
  3. Tony Martin-Vegue’s excellent “acting rationally, given the incentives” take on the Delve scandal https://www.linkedin.com/posts/tonymartinvegue_i-know-youre-tired-of-the-delve-discourse-activity-7441294170406891520-UtGg
  4. Adrian’s blog with his RSAC Conference 2026 takeaways https://www.defendersinitiative.com/p/i-watched-all-11-main-stage-keynotes
  5. Alex Sieira’s RSAC talk with Alex Pinto (login required to watch the recording) https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1755192044047001WRoa
  6. Adrian Sanabria and Adam Shostack’s talk on Breach Transparency from RSAC https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1756101254392001bKZA
  7. Tenchi’s ‘near miss’ report https://www.tenchisecurity.com/en/insights-news/secure-practices-trivy-supply-chain-attack

Show Transcript

Watch or listen to full episodes in English

Recent Episodes

Episode 14

The Alice in Supply Chains Podcast is back for another episode! On it, Adrian Sanabria and Alexandre Sieira share their expert opinions on the most pressing matters in the TPCRM world - as presented on issue #42 of our newsletter of the same name, also launched today! From cyber risk at scale in private equity portfolios, to the evolution of TPCRM in the AI era, to real-world regulatory scrutiny following a major education-sector breach in Canada - this discussion connects the dots between headlines and hard accountability. The takeaway? Third-party risk is no longer an operational checkbox. It’s financial exposure. It’s regulatory pressure. It's a board-level strategy. If you’re responsible for security, risk, compliance, or investment decisions, this episode is your pulse check on where the market is moving.

Bonus Episode - Cyber Risk Quantification with Special Guest Tony Martin-Vegue

Episode 13

In this month’s episode, Alexandre Sieira (CTO & Co-Founder, Tenchi Security) and Adrian Sanabria (Principal Researcher, Defenders Initiative) break down what’s really changing in cybersecurity and third-party risk as we head into 2026.

View all episodes