Episode 4 - Caroline de Zorzi

Today, we launched the tenth episode of the Tenchi Insights series, created with a clear purpose: to share the essence of the discussions that took place on the Tenchi Conference stage and amplify the voices of the leaders shaping third-party cyber risk management in Brazil. In this episode, Nycholas Szucko sits down with Ticiano Benetti, Global CISO at Natura. For Ticiano, the main challenge is being prepared for an incident — with agile detection and an effective response. This is what distinguishes reactive organizations from those that are truly resilient. Another key point is that third-party risk goes beyond cybersecurity. It requires financial due diligence, data privacy assessments, compliance oversight, and coordinated action across different areas of the organization. Without collaboration among stakeholders, a TPCRM program cannot reach maturity.

Lançamos hoje o décimo episódio da série Tenchi Insights, criada com um propósito claro: compartilhar a essência das discussões que aconteceram no palco da Tenchi Conference e ampliar a voz dos líderes que estão moldando a gestão de riscos cibernéticos de terceiros no Brasil. Neste episódio, Nycholas Szucko conversa com Ticiano Benetti, Global CISO da Natura. Para Ticiano, o principal desafio é estar pronto para o incidente - com detecção ágil e resposta eficaz. É isso que diferencia organizações reativas de organizações verdadeiramente resilientes. Outro aspecto é que o risco de terceiros ultrapassa a área de cyber. Ele exige diligenciamento financeiro, avaliação de privacidade de dados, compliance e uma atuação coordenada entre diferentes áreas da organização. Sem a colaboração de stakeholders, um programa de TPCRM não alcança maturidade. Assista à entrevista aqui:is desafios relacionados aos riscos de terceiros.

In today’s Tenchi Insights episode, Nycholas Szucko sits down with Denis Nesi, Executive Director and CISO at Claro, one of the leaders—alongside Ticiano Benetti (Global CISO at Natura)—who presented the study “TPCRM – How 50 CISOs from Large Brazilian Companies Manage Third-Party Cyber Risk” at the latest Tenchi Conference. Conducted independently by the CISOs themselves, the study brought together representatives from 42 companies across 12 industry sectors to map the key challenges in third-party risk management and examine how they connect to the broader macro environment and global security discussions. In the interview, Nesi shares his professional journey—from consulting to international experience—and highlights how collaboration among CISOs is raising the bar for Brazil’s cybersecurity landscape. He also reinforces critical findings from the research, including the lack of dedicated teams and the need for specific budget allocation—now essential for organizations that take cyber risk seriously.

Our latest interviewee on Tenchi Insights is Erica Correa, Senior Information Security Manager at Banco Bradesco, with over 20 years of experience in the field. At the latest Tenchi Conference, Erica presented the Call for Papers session titled “Innovation and Security: Bradesco’s Journey in Managing Third-Party Cyber Risk,” where she shared how the bank structured and evolved its Third-Party Cyber Risk Management (TPCRM) program. In her presentation, she outlined the regulatory landscape shaped by Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados – LGPD) and Central Bank Resolution No. 4,893 issued by the Banco Central do Brasil. She also addressed the challenges of engaging business units and integrating procurement and risk management processes, as well as the importance of continuous monitoring and automation in overseeing critical third-party vendors.

The seventh guest on Tenchi Insights is Felipe Fernandes, Associate Director at Banco BTG Pactual. A CFP winner at the most recent Tenchi Conference, Felipe presented the session “Inside-out: Correlating Security Domains for Third-Party Cyber Risk Management,” where he demonstrated how different internal security teams can work in a coordinated manner to transform TPCRM (Third-Party Cyber Risk Management) into a strategic line of defense.

In the new episode of Tenchi Insights, Nycholas Szucko speaks with José Lama, Cybersecurity Manager – Offshore Branches at Itaú Unibanco, about the evolution of third-party cyber risk management—now at the core of strategy for large organizations. The conversation builds on the Call for Papers “The Journey of Cultural Change and Governance Centralization at Itaú,” presented by Lama at the Tenchi Conference, and dives into how the bank has been strengthening governance and risk management on a global scale, fostering integration, cultural alignment, and trust across its international units.

In this episode, we speak with Luiz Henrique Lobo, an Independent Board Member and seasoned executive with strong market experience. Lobo emphasizes that CISOs must act as “risk translators,” bringing clear and effective communication to the board.

We’ve just launched another brand-new episode of Tenchi Insights 2025. This series was created with a clear purpose: to distill, through focused conversations, the core of the discussions from the Tenchi Conference stage and amplify the voices of the leaders shaping third-party cyber risk management. In this episode, Nycholas Szucko speaks with Cristiano Adjuto e Campos, CISO at Banco Bradesco and moderator of the panel “From Silos to Synergy: How to Integrate TPCRM into Corporate Strategy,” which brought together leaders from Security, Tech Procurement, and Legal.

In this episode we chat to Dave Lewis, Global Advisory CISO at 1Password, to discuss the evolution of Third-Party Cyber Risk Management, the real-world challenges of applying AI to security, and the role of the community in building a more resilient ecosystem.

In the first episode, Nycholas Szucko interviews our CEO, Felipe Bouças, who shares his perspective on how the market has been maturing around TPCRM - and how Tenchi Conference has helped drive this conversation forward.