Justin Leapline, Joe Wynn, and Rick Yocum
Distilled Security Podcast
Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.
Author
Justin Leapline, Joe Wynn, and Rick Yocum
Category
Podcast website
Latest episode
Jul 8, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Episode 26: How to Run a Conference, Why Most Pen Tests Fail, and HIPAA's Ransomware Reckoning 08.07.2026 1:56:00
In this episode, we're joined by Jon Buhagiar, Director of Information Technology at RareMed Solutions; a published Sybex/Wiley author of Cisco and Microsoft certification guides; and a longtime amateur radio enthusiast. We get into what it actually takes to run a security conference from the ground up, why so many penetration tests end up wasting everyone's money, and how compliance and cyber ins...
Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI 14.05.2026 1:42:31
In this episode, we celebrate our 2nd anniversary and Episode 24 of Distilled Security! We cover the Vercel breach, how a Roblox script led to compromised Google Workspace credentials via an unauthorized OAuth connection. Then we dive into HackerOne, pausing their own bug bounty program, overwhelmed by low-quality, AI-generated submissions. And we close out with the State of Vibe-Coded Security—4,...
Episode 23: Nobody read the report 14.04.2026 2:10:10
In this episode of the Distilled Security Podcast , we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001. We also cover what companies should demand from auditors, t...
Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About 09.03.2026 1:56:23
In this episode of the Distilled Security Podcast, we tackle four topics shaping the cybersecurity landscape — from AI's real impact on defense to a wave of regulatory and market changes every security team needs to be tracking. 🔹 Is AI Good for Security? — Anthropic's model finding hundreds of zero days, stock market panic after Claude Code's launch (CrowdStrike down 11%), the "hard things easy,...
Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything 18.02.2026 1:50:38
In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now. 🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today...
Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds 26.01.2026 1:20:25
In the first episode of 2026, the Distilled Security team kicks off the year with a practical discussion on security priorities, key compliance dates to watch in 2026, and why misleading the government on cybersecurity compliance can have serious consequences. The conversation focuses on simplifying security programs, returning to core fundamentals, and learning from real-world enforcement and reg...
Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast 08.12.2025 2:12:09
In this episode, we break down a major Cloudflare outage, explore how a nation-state used AI agents to automate a cyberattack, and discuss the growing risks around MCP integrations. We also highlight why GRC Engineering is becoming essential to modern security programs and wrap up with key regulatory updates, including CMMC changes affecting thousands of contractors. Topics covered: • Cloudflare o...
Episode 18: TRISS Highlights, Cloud Chaos & SaaS Lessons Learned 10.11.2025 1:53:17
In Episode 18 of the Distilled Security Podcast, Justin Leapline, Joe Wynn, and Rick Yokum recap their time at TRISS, share lessons on storytelling and women in tech, and break down the recent AWS us-east-1 DNS/DynamoDB outage, the Microsoft Front Door global disruption, and the F5 BIG-IP incident. 🔍 We discuss: - TRISS highlights: panels, community & storytelling - “Breaking the glass ceili...
Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal 13.10.2025 1:40:42
🎙️ Welcome back to the Distilled Security Podcast - Episode 17! In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment. Also, j...
Episode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRC 08.09.2025 1:53:57
Episode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRC Episode 16 of the Distilled Security Podcast is here! In this episode, Justin, Joe, and Rick christen the new studio and dive into some of the trickiest challenges in measuring, reporting, and governing security programs. From maturity models to board reporting, the conversation unpacks how scoring systems can mislead, how to...
Episode 15: Community Building, Art of Convincing, and GTD Strategies 06.08.2025 1:54:21
🎙️ Welcome back to the Distilled Security Podcast! In this episode, hosts Justin Leapline, Joe Wynn, and Rick Yocum sit down with James Ringold (Senior Security Cloud Solution Architect at Microsoft and President of ISSA Pittsburgh) to talk all about building stronger cybersecurity communities. From the behind-the-scenes of BSides Pittsburgh 2025 to engaging the next generation through mentorship...
Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding 08.07.2025 1:22:30
Episode 14 of the Distilled Security Podcast is here! This week, the team welcomes guest John Zeolla , a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence. Topics include: Shadow AI in the Enterprise : Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls. Third-P...
Episode 13: Insider Threats, the CISO's Role, and Reporting Lines 13.06.2025 1:22:42
Episode 13 of the Distilled Security Podcast is here! Join us as we explore: The Coinbase Breach : A breakdown of Coinbase’s recent insider-driven breach, including social engineering, bribery of offshore contractors, and how the company responded publicly and operationally. Building Insider Threat Programs : The crew shares practical approaches to detecting insider misuse, behavioral monitoring,...
Episode 12: One Year of Distilled Security, Auditor Quality, and Starting Your Own Company 02.05.2025 1:38:10
Join us as we reflect on: One Year of Podcasting : The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors. Audit Quality and Risk : A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and t...
Episode 11: Encrypted Messaging, Data Breaches, and Vulnerability Management 14.04.2025 1:30:02
Episode 11 of the Distilled Security Podcast is here! Join us as we cover: Signal, Encrypted Messaging, and Corporate Policy: A deep dive into the use of Signal in sensitive discussions—including a political mishap—and the implications for corporate communication policies, discovery, and compliance. Oracle Cloud Breach Allegations: Evaluating breach claims, early response tactics, and the value of...
Episode 10: Navigating Budget Cuts, Talent Shortages, and Cybersecurity Resilience 12.03.2025 1:34:24
Episode 10 of the Distilled Security Podcast is here! Join us as we explore: Security in Times of Budget Cuts: How organizations can navigate layoffs and reduced funding while maintaining a strong security posture. The Cybersecurity Talent Shortage: Why security hiring remains challenging, the need for apprenticeship models, and how organizations can develop internal talent pipelines. BSides Pitts...
Episode 9: Security Budgets, AI Risks, and Data Sovereignty 06.02.2025 1:18:10
Episode 9 of the Distilled Security Podcast is here! Join us as we explore: Security on a Budget: How teams can optimize tools, manage resource constraints, and build an effective security strategy with limited funding. AI and Efficiency: The impact of AI on job performance, along with the risks of AI-powered note-taking and data classification. Data Breaches & Industry Challenges: Lessons fro...
Episode 8: Whiskey, Quantum Computing, and Executive Protection 07.01.2025 1:21:34
🎙️ Episode 8 of the Distilled Security Podcast is here! 🔐🥃 🔎 Join us as we explore: The Whiskey Rebellion and Craft Distilling : A dive into the history of the Whiskey Rebellion and what it means for today’s distillers. Learn about Iron City Distilling, creating national brand-quality spirits, and the significance of the Bessemer brand name. Whiskey Craftsmanship : Insights into chamber still d...
Episode 7: Certifications, Mentorship, and Auditor Missteps 10.12.2024 1:18:50
Welcome to Episode 7 of the Distilled Security Podcast! In this episode, hosts Justin, Rick, and Joe are joined by special guest Brandon Eckert to explore his fascinating journey in cybersecurity, share industry insights, and enjoy a fun debate on Thanksgiving favorites. Here’s what’s in store: Topics Covered: 🔹 Navigating a Career in Cybersecurity Reflections on starting out in cybersecurity, o...
Episode 6: SEC Penalties, M&A Security, and Due Diligence 08.11.2024 1:17:21
Episode 6: SEC Penalties, M&A Security, and Due Diligence Welcome back to the Distilled Security Podcast ! In this episode, hosts Justin, Rick, and Joe dive into the latest in cybersecurity, from regulatory challenges to pop culture: Topics Covered SEC Penalties for Cybersecurity Disclosures Discussing recent SEC penalties due to lapses in cybersecurity disclosure, the implications for compani...
Episode 5: Resume Reviews, Counter-Espionage, and Incident Response 02.10.2024 1:03:39
Join hosts Justin, Rick, and Joe as they cover: Resume Review Insights: Joe offers valuable tips on resume writing, focusing on showcasing accomplishments and using metrics to stand out. Passion Projects and Hobbies: The team discusses how personal projects and volunteer work can make resumes more compelling by demonstrating a passion for the field. Community Engagement at TRISS : The hosts invite...
Episode 4: Ethics in Cybersecurity, Career Development, and Data Protection 09.09.2024 1:13:25
Episode 4: Ethics in Cybersecurity, Career Development, and Data Protection In Episode 4, we are joined by Doug Salah to explore some critical topics in cybersecurity and career growth. Key Topics Doug Salah’s Cybersecurity Journey : His transition into cybersecurity and current role in the industry. Networking in Cybersecurity : The value of building connections at cybersecurity conferences. TRIS...
Episode 3: Crowdstrike, North Korean Spies, and CISO Scapegoats 12.08.2024 1:10:52
Episode 3 of the Distilled Security Podcast is here! Join us this week as we jump into: CrowdStrike Incident Analysis: A deep dive into a recent mishap by CrowdStrike that led to significant financial losses and operational disruptions, including 5.4 billion in estimated losses. Vendor Accountability: Exploring the legal and financial repercussions of security vendor failures. Business Continuity...
Episode 2: Tailoring Security Frameworks & Leveraging AI 08.07.2024 1:05:20
Episode 2 of the Distilled Security Podcast is here! Join us this week as we jump into: Exploring the critical importance of tailoring security frameworks: Aligning with an organization's specific goals and objectives Highlighting frameworks like NIST CSF and CIS to advance security programs effectively Insights on aligning KPIs with the NIST CSF framework Complementary use of frameworks like CIS...
Episode 1: College, Exec Comp, and New CISOs 07.06.2024 1:05:09
Welcome to the first episode of Distilled Security! Join us as we dive into a variety of exciting topics, including: Is College Worth It? : We explore the value of higher education in today's world. Microsoft and Executive Compensation : Analyzing cybersecurity in executive pay at Microsoft. BSides Pittsburgh : Exciting talks are coming to BSidesPGH. Starting as a New CISO : Things to do first com...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.