Shows
Distilled Security PodcastEpisode 12: One Year of Distilled Security, Auditor Quality, and Starting Your Own CompanyJoin us as we reflect on:One Year of Podcasting: The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors.Audit Quality and Risk: A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and trustworthy.Third-Party Risk Management: How companies can assess vendor SOC 2 reports, triage risk among their vendors, and build defensible compliance practices.Operational vs. Commercial Risk: The importance of translating audit findings into business impact an...2025-05-021h 38Distilled Security PodcastEpisode 11: Encrypted Messaging, Data Breaches, and Vulnerability ManagementEpisode 11 of the Distilled Security Podcast is here!Join us as we cover:Signal, Encrypted Messaging, and Corporate Policy: A deep dive into the use of Signal in sensitive discussions—including a political mishap—and the implications for corporate communication policies, discovery, and compliance.Oracle Cloud Breach Allegations: Evaluating breach claims, early response tactics, and the value of proactive key and credential rotation.DNA Data, 23andMe, and Privacy Concerns: With 23andMe filing for bankruptcy, the team explores risks associated with sharing genetic data and broader privacy implications when personal information changes hands.Hospital Data as Busi...2025-04-141h 30Distilled Security PodcastEpisode 10: Navigating Budget Cuts, Talent Shortages, and Cybersecurity ResilienceEpisode 10 of the Distilled Security Podcast is here!Join us as we explore:Security in Times of Budget Cuts: How organizations can navigate layoffs and reduced funding while maintaining a strong security posture.The Cybersecurity Talent Shortage: Why security hiring remains challenging, the need for apprenticeship models, and how organizations can develop internal talent pipelines.BSides Pittsburgh: Put this on your calendar and submit talks.Cyber Crisis Readiness: The importance of C-suite participation in tabletop exercises and cyber incident planning.References Early Education by David Barton - https://www.youtube.com/watch?v=io-O59e...2025-03-121h 34Distilled Security PodcastEpisode 9: Security Budgets, AI Risks, and Data SovereigntyEpisode 9 of the Distilled Security Podcast is here!Join us as we explore:Security on a Budget: How teams can optimize tools, manage resource constraints, and build an effective security strategy with limited funding.AI and Efficiency: The impact of AI on job performance, along with the risks of AI-powered note-taking and data classification.Data Breaches & Industry Challenges: Lessons from Marriott’s data breaches, security concerns in the hospitality industry, and evolving consumer protection mandates.Regulatory Shifts & Compliance: A discussion on HIPAA’s 2023 overhaul, required vs. addressable regulations, and the role of dual audits in comp...2025-02-061h 18Distilled Security PodcastEpisode 8: Whiskey, Quantum Computing, and Executive Protection🎙️ Episode 8 of the Distilled Security Podcast is here! 🔐🥃🔎 Join us as we explore:The Whiskey Rebellion and Craft Distilling: A dive into the history of the Whiskey Rebellion and what it means for today’s distillers. Learn about Iron City Distilling, creating national brand-quality spirits, and the significance of the Bessemer brand name.Whiskey Craftsmanship: Insights into chamber still distillation, the balance of maturation versus aging, and premium craft whiskey production.Executive Protection and Privacy: Strategies for workplace safety, reducing online risks, and managing personal branding in crises.Quantum Computing Risks: A look at Google's Willow chip, the...2025-01-071h 21Distilled Security PodcastEpisode 7: Certifications, Mentorship, and Auditor MisstepsWelcome to Episode 7 of the Distilled Security Podcast!In this episode, hosts Justin, Rick, and Joe are joined by special guest Brandon Eckert to explore his fascinating journey in cybersecurity, share industry insights, and enjoy a fun debate on Thanksgiving favorites. Here’s what’s in store:Topics Covered: 🔹 Navigating a Career in CybersecurityReflections on starting out in cybersecurity, overcoming challenges in small-town IT careers, and the role of certifications in shaping career success.🔹 The Value of CertificationsHow certifications like OSCP contribute to career grow...2024-12-111h 18Distilled Security PodcastEpisode 6: SEC Penalties, M&A Security, and Due DiligenceEpisode 6: SEC Penalties, M&A Security, and Due DiligenceWelcome back to the Distilled Security Podcast! In this episode, hosts Justin, Rick, and Joe dive into the latest in cybersecurity, from regulatory challenges to pop culture:Topics CoveredSEC Penalties for Cybersecurity DisclosuresDiscussing recent SEC penalties due to lapses in cybersecurity disclosure, the implications for companies, and how organizations can stay compliant.Cybersecurity Materiality and Disclosure PracticesTips on navigating the materiality assessment of cybersecurity incidents and ensuring compliance with auditors' disclosure requirements.Preparedness Through Tabletop ExercisesExploring tabletop...2024-11-081h 17Distilled Security PodcastEpisode 5: Resume Reviews, Counter-Espionage, and Incident ResponseJoin hosts Justin, Rick, and Joe as they cover:Resume Review Insights: Joe offers valuable tips on resume writing, focusing on showcasing accomplishments and using metrics to stand out.Passion Projects and Hobbies: The team discusses how personal projects and volunteer work can make resumes more compelling by demonstrating a passion for the field.Community Engagement at TRISS: The hosts invite listeners to their booth at the upcoming Three Rivers Information Security Symposium (TRISS), where they will be offering resume reviews and engaging with attendees.Counter-Espionage and Pagers: A fascinating look at the use of pagers in recent...2024-10-031h 03
The Seiso Side-Up PodcastEpisode 6 - PCI Compliance and PentestingOn this episode of the Seiso Side Up podcast, we welcome two guests - Jake Mayhew and Justin Leapline. Jake has decades of experience performing and teaching the ins and outs of penetration testing, at times performing tests for companies that handle cardholder data, and Justin is a subject matter expert in the world of PCI (Payment Card Industry) security & compliance. Join us as we dive into the gotchas of becoming PCI compliant and how to best approach penetration testing as part of the PCI compliance journey.
2024-10-0139 minDistilled Security PodcastEpisode 4: Ethics in Cybersecurity, Career Development, and Data ProtectionEpisode 4: Ethics in Cybersecurity, Career Development, and Data ProtectionIn Episode 4, we are joined by Doug Salah to explore some critical topics in cybersecurity and career growth.Key TopicsDoug Salah’s Cybersecurity Journey: His transition into cybersecurity and current role in the industry.Networking in Cybersecurity: The value of building connections at cybersecurity conferences.TRISS (Three Rivers Information Security Symposium): Insights into TRISS, its scholarships, and its impact on the community.Mid-Career Development: Doug’s thoughts on transitioning mid-career, setting goals, and maintaining integrity.Cybersecurity Ethics: A deep dive into ethi...2024-09-091h 13Distilled Security PodcastEpisode 3: Crowdstrike, North Korean Spies, and CISO ScapegoatsEpisode 3 of the Distilled Security Podcast is here!Join us this week as we jump into: CrowdStrike Incident Analysis: A deep dive into a recent mishap by CrowdStrike that led to significant financial losses and operational disruptions, including 5.4 billion in estimated losses.Vendor Accountability: Exploring the legal and financial repercussions of security vendor failures.Business Continuity Planning: The importance of preparing for security vendor failures, including considering alternate vendors and the complexities of implementing such strategies.Kernel-Level Security Risks: A discussion surrounding kernel-level operations in security software, focusing on the controversy between C...2024-08-121h 10Distilled Security PodcastEpisode 2: Tailoring Security Frameworks & Leveraging AIEpisode 2 of the Distilled Security Podcast is here!Join us this week as we jump into: Exploring the critical importance of tailoring security frameworks: Aligning with an organization's specific goals and objectivesHighlighting frameworks like NIST CSF and CIS to advance security programs effectivelyInsights on aligning KPIs with the NIST CSF frameworkComplementary use of frameworks like CIS to enhance security control measurementPerspective on compliance and regulatory requirementsThe role of AI in security programsThreats posed by deepfakes: Incorporating safeguards to protect organizations from deepfake risks and effectively leverage AI within security programsChapters00:00:00 - Introduction a...2024-07-081h 05Distilled Security PodcastEpisode 1: College, Exec Comp, and New CISOsWelcome to the first episode of Distilled Security!Join us as we dive into a variety of exciting topics, including:Is College Worth It?: We explore the value of higher education in today's world.Microsoft and Executive Compensation: Analyzing cybersecurity in executive pay at Microsoft.BSides Pittsburgh: Exciting talks are coming to BSidesPGH.Starting as a New CISO: Things to do first coming into a new company.Grab your favorite cocktail and tune in for an engaging and fun-filled discussion!HostsJustin Leapline - https://www.linkedin.com/in...2024-06-071h 05Distilled Security PodcastDistilled Security Podcast TrailerJoin us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.2024-06-0200 min