Shows
Distilled Security PodcastCloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security PodcastIn this episode, we break down a major Cloudflare outage, explore how a nation-state used AI agents to automate a cyberattack, and discuss the growing risks around MCP integrations. We also highlight why GRC Engineering is becoming essential to modern security programs and wrap up with key regulatory updates, including CMMC changes affecting thousands of contractors.Topics covered: • Cloudflare outage impact and root cause• Nation-state attack using AI agents to automate intrusion steps• MCP (Model Context Protocol): power, risks, and examples• Why GRC Engineering is the future of compliance and automation• Updates on GDPR, I...
2025-12-082h 12Distilled Security PodcastEpisode 18: TRISS Highlights, Cloud Chaos & SaaS Lessons LearnedIn Episode 18 of the Distilled Security Podcast, Justin Leapline, Joe Wynn, and Rick Yokum recap their time at TRISS, share lessons on storytelling and women in tech, and break down the recent AWS us-east-1 DNS/DynamoDB outage, the Microsoft Front Door global disruption, and the F5 BIG-IP incident. 🔍 We discuss:- TRISS highlights: panels, community & storytelling- “Breaking the glass ceiling” and unintentional bias in meetings- AWS & Microsoft outages: risk, resilience & when multicloud matters- F5 BIG-IP incident and supply chain risk- Launching a GRC SaaS: episki’s journey, lessons & tradeoffs
2025-11-101h 53Distilled Security PodcastEpisode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal🎙️ Welcome back to the Distilled Security Podcast - Episode 17!In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment.Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party...
2025-10-131h 40Distilled Security PodcastEpisode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRCEpisode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRCEpisode 16 of the Distilled Security Podcast is here!In this episode, Justin, Joe, and Rick christen the new studio and dive into some of the trickiest challenges in measuring, reporting, and governing security programs. From maturity models to board reporting, the conversation unpacks how scoring systems can mislead, how to communicate bad news effectively, and why boards need more than just “checkbox” cyber expertise.The team also explores the rise of vGRC (Virtual GRC) services—what t...
2025-09-081h 53Distilled Security PodcastEpisode 15: Community Building, Art of Convincing, and GTD Strategies🎙️ Welcome back to the Distilled Security Podcast!In this episode, hosts Justin Leapline, Joe Wynn, and Rick Yocum sit down with James Ringold (Senior Security Cloud Solution Architect at Microsoft and President of ISSA Pittsburgh) to talk all about building stronger cybersecurity communities.From the behind-the-scenes of BSides Pittsburgh 2025 to engaging the next generation through mentorship and student-led talks, this episode offers practical insights on how to grow inclusive, vendor-neutral spaces that truly support people in security.Topics CoveredBSides Pittsburgh 2025 HighlightsWhat made this year’s event stand out — from arcade ma...
2025-08-061h 54Distilled Security PodcastEpisode 14: AI Risks, Threat Modeling, and The Future of Vibe CodingEpisode 14 of the Distilled Security Podcast is here!This week, the team welcomes guest John Zeolla, a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence.Topics include:Shadow AI in the Enterprise: Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls.Third-Party AI Risk: Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security.Data Sprawl and Provenance: How uncontrolled data flows and poor iden...
2025-07-081h 22Distilled Security PodcastEpisode 13: Insider Threats, the CISO's Role, and Reporting LinesEpisode 13 of the Distilled Security Podcast is here!Join us as we explore:The Coinbase Breach: A breakdown of Coinbase’s recent insider-driven breach, including social engineering, bribery of offshore contractors, and how the company responded publicly and operationally.Building Insider Threat Programs: The crew shares practical approaches to detecting insider misuse, behavioral monitoring, and the potential for "job descriptions as code."CISO Liability and Insurance: Discussion on the evolving legal exposure for CISOs, personal liability, and whether directors and officers (D&O) insurance is a must-have.Board-Level Cyber Risk: Should cybersecurity roll up to the au...
2025-06-131h 22Distilled Security PodcastEpisode 12: One Year of Distilled Security, Auditor Quality, and Starting Your Own CompanyJoin us as we reflect on:One Year of Podcasting: The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors.Audit Quality and Risk: A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and trustworthy.Third-Party Risk Management: How companies can assess vendor SOC 2 reports, triage risk among their vendors, and build defensible compliance practices.Operational vs. Commercial Risk: The importance of translating audit findings into business impact an...
2025-05-021h 38Distilled Security PodcastEpisode 11: Encrypted Messaging, Data Breaches, and Vulnerability ManagementEpisode 11 of the Distilled Security Podcast is here!Join us as we cover:Signal, Encrypted Messaging, and Corporate Policy: A deep dive into the use of Signal in sensitive discussions—including a political mishap—and the implications for corporate communication policies, discovery, and compliance.Oracle Cloud Breach Allegations: Evaluating breach claims, early response tactics, and the value of proactive key and credential rotation.DNA Data, 23andMe, and Privacy Concerns: With 23andMe filing for bankruptcy, the team explores risks associated with sharing genetic data and broader privacy implications when personal information changes hands.Hospital Data as Busi...
2025-04-141h 30Distilled Security PodcastEpisode 10: Navigating Budget Cuts, Talent Shortages, and Cybersecurity ResilienceEpisode 10 of the Distilled Security Podcast is here!Join us as we explore:Security in Times of Budget Cuts: How organizations can navigate layoffs and reduced funding while maintaining a strong security posture.The Cybersecurity Talent Shortage: Why security hiring remains challenging, the need for apprenticeship models, and how organizations can develop internal talent pipelines.BSides Pittsburgh: Put this on your calendar and submit talks.Cyber Crisis Readiness: The importance of C-suite participation in tabletop exercises and cyber incident planning.References Early Education by David Barton - https://www.youtube.com/watch?v=io-O59e...
2025-03-121h 34Distilled Security PodcastEpisode 9: Security Budgets, AI Risks, and Data SovereigntyEpisode 9 of the Distilled Security Podcast is here!Join us as we explore:Security on a Budget: How teams can optimize tools, manage resource constraints, and build an effective security strategy with limited funding.AI and Efficiency: The impact of AI on job performance, along with the risks of AI-powered note-taking and data classification.Data Breaches & Industry Challenges: Lessons from Marriott’s data breaches, security concerns in the hospitality industry, and evolving consumer protection mandates.Regulatory Shifts & Compliance: A discussion on HIPAA’s 2023 overhaul, required vs. addressable regulations, and the role of dual audits in comp...
2025-02-061h 18Distilled Security PodcastEpisode 8: Whiskey, Quantum Computing, and Executive Protection🎙️ Episode 8 of the Distilled Security Podcast is here! 🔐🥃🔎 Join us as we explore:The Whiskey Rebellion and Craft Distilling: A dive into the history of the Whiskey Rebellion and what it means for today’s distillers. Learn about Iron City Distilling, creating national brand-quality spirits, and the significance of the Bessemer brand name.Whiskey Craftsmanship: Insights into chamber still distillation, the balance of maturation versus aging, and premium craft whiskey production.Executive Protection and Privacy: Strategies for workplace safety, reducing online risks, and managing personal branding in crises.Quantum Computing Risks: A look at Google's Willow chip, the...
2025-01-071h 21Distilled Security PodcastEpisode 7: Certifications, Mentorship, and Auditor MisstepsWelcome to Episode 7 of the Distilled Security Podcast!In this episode, hosts Justin, Rick, and Joe are joined by special guest Brandon Eckert to explore his fascinating journey in cybersecurity, share industry insights, and enjoy a fun debate on Thanksgiving favorites. Here’s what’s in store:Topics Covered: 🔹 Navigating a Career in CybersecurityReflections on starting out in cybersecurity, overcoming challenges in small-town IT careers, and the role of certifications in shaping career success.🔹 The Value of CertificationsHow certifications like OSCP contribute to career grow...
2024-12-111h 18Distilled Security PodcastEpisode 6: SEC Penalties, M&A Security, and Due DiligenceEpisode 6: SEC Penalties, M&A Security, and Due DiligenceWelcome back to the Distilled Security Podcast! In this episode, hosts Justin, Rick, and Joe dive into the latest in cybersecurity, from regulatory challenges to pop culture:Topics CoveredSEC Penalties for Cybersecurity DisclosuresDiscussing recent SEC penalties due to lapses in cybersecurity disclosure, the implications for companies, and how organizations can stay compliant.Cybersecurity Materiality and Disclosure PracticesTips on navigating the materiality assessment of cybersecurity incidents and ensuring compliance with auditors' disclosure requirements.Preparedness Through Tabletop ExercisesExploring tabletop...
2024-11-081h 17Distilled Security PodcastEpisode 5: Resume Reviews, Counter-Espionage, and Incident ResponseJoin hosts Justin, Rick, and Joe as they cover:Resume Review Insights: Joe offers valuable tips on resume writing, focusing on showcasing accomplishments and using metrics to stand out.Passion Projects and Hobbies: The team discusses how personal projects and volunteer work can make resumes more compelling by demonstrating a passion for the field.Community Engagement at TRISS: The hosts invite listeners to their booth at the upcoming Three Rivers Information Security Symposium (TRISS), where they will be offering resume reviews and engaging with attendees.Counter-Espionage and Pagers: A fascinating look at the use of pagers in recent...
2024-10-031h 03
The Seiso Side-Up PodcastEpisode 6 - PCI Compliance and PentestingOn this episode of the Seiso Side Up podcast, we welcome two guests - Jake Mayhew and Justin Leapline. Jake has decades of experience performing and teaching the ins and outs of penetration testing, at times performing tests for companies that handle cardholder data, and Justin is a subject matter expert in the world of PCI (Payment Card Industry) security & compliance. Join us as we dive into the gotchas of becoming PCI compliant and how to best approach penetration testing as part of the PCI compliance journey.
2024-10-0139 minDistilled Security PodcastEpisode 4: Ethics in Cybersecurity, Career Development, and Data ProtectionEpisode 4: Ethics in Cybersecurity, Career Development, and Data ProtectionIn Episode 4, we are joined by Doug Salah to explore some critical topics in cybersecurity and career growth.Key TopicsDoug Salah’s Cybersecurity Journey: His transition into cybersecurity and current role in the industry.Networking in Cybersecurity: The value of building connections at cybersecurity conferences.TRISS (Three Rivers Information Security Symposium): Insights into TRISS, its scholarships, and its impact on the community.Mid-Career Development: Doug’s thoughts on transitioning mid-career, setting goals, and maintaining integrity.Cybersecurity Ethics: A deep dive into ethi...
2024-09-091h 13Distilled Security PodcastEpisode 3: Crowdstrike, North Korean Spies, and CISO ScapegoatsEpisode 3 of the Distilled Security Podcast is here!Join us this week as we jump into: CrowdStrike Incident Analysis: A deep dive into a recent mishap by CrowdStrike that led to significant financial losses and operational disruptions, including 5.4 billion in estimated losses.Vendor Accountability: Exploring the legal and financial repercussions of security vendor failures.Business Continuity Planning: The importance of preparing for security vendor failures, including considering alternate vendors and the complexities of implementing such strategies.Kernel-Level Security Risks: A discussion surrounding kernel-level operations in security software, focusing on the controversy between C...
2024-08-121h 10Distilled Security PodcastEpisode 2: Tailoring Security Frameworks & Leveraging AIEpisode 2 of the Distilled Security Podcast is here!Join us this week as we jump into: Exploring the critical importance of tailoring security frameworks: Aligning with an organization's specific goals and objectivesHighlighting frameworks like NIST CSF and CIS to advance security programs effectivelyInsights on aligning KPIs with the NIST CSF frameworkComplementary use of frameworks like CIS to enhance security control measurementPerspective on compliance and regulatory requirementsThe role of AI in security programsThreats posed by deepfakes: Incorporating safeguards to protect organizations from deepfake risks and effectively leverage AI within security programsChapters00:00:00 - Introduction a...
2024-07-081h 05Distilled Security PodcastEpisode 1: College, Exec Comp, and New CISOsWelcome to the first episode of Distilled Security!Join us as we dive into a variety of exciting topics, including:Is College Worth It?: We explore the value of higher education in today's world.Microsoft and Executive Compensation: Analyzing cybersecurity in executive pay at Microsoft.BSides Pittsburgh: Exciting talks are coming to BSidesPGH.Starting as a New CISO: Things to do first coming into a new company.Grab your favorite cocktail and tune in for an engaging and fun-filled discussion!HostsJustin Leapline - https://www.linkedin.com/in...
2024-06-071h 05Distilled Security PodcastDistilled Security Podcast TrailerJoin us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.
2024-06-0200 min