Distilled Security Podcast cover art

Distilled Security Podcast

Distilled Security Podcast

By: Justin Leapline Joe Wynn and Rick Yocum
Listen for free

Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.

2026 Justin Leapline, Joe Wynn, and Rick Yocum
Economics
Episodes
  • Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything
    Feb 18 2026

    In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now.

    🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools
    🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026)
    🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance

    🥃 Spirit Review: Redbreast 12 Cask Strength
    https://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/

    ⏱️ Timestamps

    0:00 Intro & Episode Overview
    2:04 BIPA & AI Notetakers
    25:08 GRC Engineering Meets AI
    1:07:15 🥃 Spirit Review: Redbreast 12 Cask Strength (Irish Whiskey)
    1:11:17 ISO 42001
    1:49:30 Outro & wrap-up

    🎙️ Hosts
    Justin Leapline – @justinleapline
    Joe Wynn – @wynnjoe
    Rick Yocum – @rickyocum

    🌐 Connect with Us
    Website: distilledsecuritypodcast.com
    X: @DisSecPod
    Email: hello@distilledsecuritypodcast.com

    👍 Like, comment, and subscribe for weekly security and compliance insights.

    Show More Show Less
    1 hr and 51 mins
  • Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI
    May 14 2026

    In this episode, we celebrate our 2nd anniversary and Episode 24 of Distilled Security! We cover the Vercel breach, how a Roblox script led to compromised Google Workspace credentials via an unauthorized OAuth connection. Then we dive into HackerOne, pausing their own bug bounty program, overwhelmed by low-quality, AI-generated submissions. And we close out with the State of Vibe-Coded Security—4,783 AI-assisted apps scanned, 727 critical issues found, and the real question: are you vibe coding or vibe deploying? Plus, a quick look at Claude for Security dropping into public beta and what that means for the industry.

    All of that, and we crack open a Peerless Double Oak to toast two years of Distilled Security. 🥃

    ⏱️ TIMESTAMPS:

    00:00 – Intro & 2-Year Anniversary 🎉
    01:26 – Behind the Scenes & Favorite Moments
    08:26 – Podcast Metrics & Global Reach
    24:20 – BSides Pittsburgh 2025 Update 🛡️
    34:31 – The Vercel Breach & OAuth Risk
    58:57 – HackerOne Pauses Bug Bounty
    1:16:05 – Spirit: Peerless Double Oak 🥃
    1:20:27 – Vibe Coding vs. Vibe Deploying
    1:26:46 – Claude for Security & AI News
    1:41:27 – Cheers to Two Years! 🥃

    🎙️ Hosts
    Justin Leapline – @justinleapline
    Joe Wynn – @wynnjoe
    Rick Yocum – @rickyocum

    📬 Send Us Your Questions!
    ask@distilledsecuritypodcast.com

    🌐 Connect with Us
    Website: distilledsecuritypodcast.com
    X: @DisSecPod
    Email: hello@distilledsecuritypodcast.com

    👍 Like, comment, and subscribe for monthly security and compliance insights

    Show More Show Less
    1 hr and 43 mins
  • Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal
    Oct 13 2025

    🎙️ Welcome back to the Distilled Security Podcast - Episode 17!


    In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment.


    Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party! Please come say hi!


    🔹 Topics Covered


    NY DFS Part 500: Final Requirements Take Effect November 1

    The hosts unpack the final phase of New York’s cybersecurity regulation, what’s changing, and what companies must have in place before the enforcement deadline.


    Negotiating Security

    How smaller companies can push back or reframe due diligence requirements—substituting a SOC 2 or ISO 27001 certification with custom questionnaires, summaries, or shared evidence that reflect real security maturity instead of checklists.


    “TPRM Is Worthless”

    A candid discussion on the state of third-party risk management: why it’s often broken, what needs to change, and how to make it meaningful rather than bureaucratic.


    Department of War Announces New Cybersecurity Risk Management Construct

    The team explores the DoD’s latest cybersecurity framework announcement—what it means for contractors, how it overlaps with CMMC and NIST 800-171, and whether it will actually simplify or complicate compliance.


    🥃 Spirit Review


    One of Us Mezcal — This small-batch mezcal impresses with its earthy smoke, hints of citrus, and smooth finish. The guys compare it to other craft agave spirits they’ve tried and debate whether it pairs better with a quiet evening or post-recording celebration.


    Find it here:

    https://oneofusmezcal.com/products/cuishe-mezcal-the-wild-one


    ⏱️ Timestamps


    0:00 – Introduction & Travel Mishap

    6:25 – New Laptop Twins & Backup Strategies

    11:35 – NY DFS Part 500 Updates

    27:30 – DFS Reporting & Organizational Accountability

    33:30 – Negotiating Security Requirements

    47:46 – Cultural Nuances in Negotiation

    50:20 – Spirit Review: One of Us Mezcal

    52:55 – TPRM Is Worthless?

    57:50 – Fixing Broken Vendor Risk Workflows

    1:08:21 – Vendor Resilience vs. Security

    1:18:20 – New DoW/DoD Cybersecurity Risk Management Construct

    1:35:06 - BSides Pittsburgh Planning & Sponsorship

    1:38:35 - DSP at TRISS

    1:39:51 – Closing Remarks & Outro


    🎧 Hosts


    Justin Leapline – @justinleapline

    Joe Wynn – @wynnjoe

    Rick Yocum – @rickyocum


    🌐 Connect with Us


    Website: distilledsecuritypodcast.com

    🐦 Twitter: @DisSecPod

    📧 Email: hello@distilledsecuritypodcast.com

    Show More Show Less
    1 hr and 41 mins
adbl_web_anon_alc_button_suppression_t1
No reviews yet