Episode 23: Nobody read the report
Failed to add items
Sorry, we are unable to add the item because your shopping cart is already at capacity.
Add to basket failed.
Please try again later
Add to wishlist failed.
Please try again later
Remove from wishlist failed.
Please try again later
Adding to library failed
Please try again
Follow podcast failed
Unfollow podcast failed
-
Narrated by:
-
By:
In this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.
We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry.
Topics Covered
- The Delve scandal—leaked reports, copy-pasted audits & pervasive deficiencies
- The AICPA peer review process & AC Corp's adverse findings
- SOC 2 vs ISO 27001—oversight models, witness audits & accreditation
- The incentive structure driving compliance to the bottom
- Compliance automation — what works, what doesn't & AI's real role
- What to ask your auditor before signing anything
- Trust centers — done right vs. compliance theater
- Is SOC 2 dead? What needs to change & who has to change it
Hosts
- Justin Leapline – @justinleapline
- Joe Wynn – @wynnjoe
- Rick Yocum – @rickyocum
Hosts
- Matthew J. Schiavone - (Sikich)
Connect with Us
- Website: distilledsecuritypodcast.com
- X: @DisSecPod
- Email: hello@distilledsecuritypodcast.com
adbl_web_anon_alc_button_suppression_t1
No reviews yet