Distilled Security Podcast

Join us as we reflect on:One Year of Podcasting: The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors.Audit Quality and Risk: A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and trustworthy.Third-Party Risk Management: How companies can assess vendor SOC 2 reports, triage risk among their vendors, and build defensible compliance practices.Operational vs. Commercial Risk: The importance of translating audit findings into business impact and strengthening vendor partnerships for long-term resilience.Bourbon Review – Jefferson’s Tropics: A tasting of a tropical-aged bourbon matured in Singapore’s climate, featuring notes of toffee and spice.BSides Pittsburgh Update: Details on ticket sales, sponsor opportunities, and how to get involved with the local security community’s flagship event.Entrepreneurship & Starting a Business: A thoughtful discussion on what it really takes to start your own business—when to consider it, how to prepare, and why it’s often more work (and growth) than expected.HostsJustin Leapline - LinkedInJoe Wynn - LinkedInRick Yocum - LinkedInConnect with UsWebsite: Distilled Security PodcastTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.com

Episode 10 of the Distilled Security Podcast is here!Join us as we explore:Security in Times of Budget Cuts: How organizations can navigate layoffs and reduced funding while maintaining a strong security posture.The Cybersecurity Talent Shortage: Why security hiring remains challenging, the need for apprenticeship models, and how organizations can develop internal talent pipelines.BSides Pittsburgh: Put this on your calendar and submit talks.Cyber Crisis Readiness: The importance of C-suite participation in tabletop exercises and cyber incident planning.References Early Education by David Barton - https://www.youtube.com/watch?v=io-O59eakMkBSides Pittsburgh CFP - https://www.bsidespgh.com/cfpSpirits: Lady of the Glen – A 10-year-old cask strength Scotch whisky finished in Oloroso sherry casks.HostsJustin Leapline - LinkedInJoe Wynn - LinkedInRick Yocum - LinkedInConnect with UsWebsite: Distilled Security PodcastTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.com

🎙️ Episode 8 of the Distilled Security Podcast is here! 🔐🥃🔎 Join us as we explore:The Whiskey Rebellion and Craft Distilling: A dive into the history of the Whiskey Rebellion and what it means for today’s distillers. Learn about Iron City Distilling, creating national brand-quality spirits, and the significance of the Bessemer brand name.Whiskey Craftsmanship: Insights into chamber still distillation, the balance of maturation versus aging, and premium craft whiskey production.Executive Protection and Privacy: Strategies for workplace safety, reducing online risks, and managing personal branding in crises.Quantum Computing Risks: A look at Google's Willow chip, the implications of quantum computing on cybersecurity, and the need for post-quantum cryptographic protocols.Modern Password Challenges: Discussing the future of passwordless login, phishing risks, dark web breaches, and the evolving standards of password compliance.🌟 Spirit: Iron City Distilling Distillers Reserve – A 6-Year Craft Masterpiece!🎙️ HostsJustin Leapline - LinkedInJoe Wynn - LinkedInRick Yocum - LinkedIn🤝 GuestEddie Kubit - LinkedIn 📲 Connect with UsWebsite: Distilled Security PodcastTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.com🕐 Time Stamps[00:00:00] Introduction[00:00:09] Eddie’s Career Transition[00:03:00] Whiskey Rebellion and Craft Distilling[00:06:00] Joining Iron City Distilling[00:10:00] Unique Approach at Iron City Distilling[00:19:00] Traditional Whiskey Making Process[00:28:30] Executive Protection and Privacy[00:39:00] Practical Security Measures for Executives[00:50:00] Google’s Quantum Computing and Cybersecurity Risks[00:57:00] Post-Quantum Cryptography[01:06:00] Modern Password Practices[01:20:00] Closing Thoughts

Episode 6: SEC Penalties, M&A Security, and Due DiligenceWelcome back to the Distilled Security Podcast! In this episode, hosts Justin, Rick, and Joe dive into the latest in cybersecurity, from regulatory challenges to pop culture:Topics CoveredSEC Penalties for Cybersecurity DisclosuresDiscussing recent SEC penalties due to lapses in cybersecurity disclosure, the implications for companies, and how organizations can stay compliant.Cybersecurity Materiality and Disclosure PracticesTips on navigating the materiality assessment of cybersecurity incidents and ensuring compliance with auditors' disclosure requirements.Preparedness Through Tabletop ExercisesExploring tabletop exercises as a method to enhance readiness for cybersecurity disclosures.Security in Mergers & AcquisitionsThe importance of aligning security philosophies, protecting supply chain integrity, and fast decision-making in M&A processes.Pre-Mortem Analyses for Risk MitigationUtilizing pre-mortem analyses to identify risks in acquisitions and ensure security compatibility before a merger.Best Practices for Selling a Company with Strong SecurityTips on audit readiness, maintaining a secure posture, and what security leaders should prioritize to avoid penalties or discounts during acquisitions.Information Control in Modern WarfareHow controlling information plays a strategic role, with examples from cyberpunk themes to illustrate the power of data control.Favorite Cybersecurity MoviesA fun review of iconic cybersecurity movies, highlighting elements like data movement, IP address inaccuracies, and common movie hacking tropes.Due Diligence Strategies for Small BusinessesKey steps for conducting effective due diligence, including using a risk-based approach to compliance and managing contracts efficiently.LinksCyber ScoopSpiritsBarrell Seagrass - A unique blend of American and Canadian rye whiskeys, each carefully selected and finished in Martinique Rhum, Madeira, and apricot brandy barrels.HostsJustin LeaplineJoe Wynn Rick Yocum Connect with UsWebsite: Distilled Security PodcastTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.comTime Stamps[00:01:25] SEC penalties for cybersecurity disclosure lapses[00:05:16] Working with external auditors on cybersecurity disclosures[00:09:30] Assessing cybersecurity materiality in disclosures[00:11:45] Tabletop exercises to improve disclosure preparedness[00:14:36] Cybersecurity considerations in M&A[00:19:12] Making fast, informed security decisions[00:23:06] Pre-mortems for assessing acquisition risks[00:25:12] Compatibility of security philosophies in M&A[00:30:20] Securing supply chains in acquisitions[00:34:23] Steps to sell a company securely[00:37:06] Preparing for audits in the sale process[00:42:07] Hosts discuss favorite cybersecurity movies[00:45:57] The strategic role of information in warfare[00:48:49] Data transport themes in cyberpunk films[00:52:36] The infamous fake IP addresses in movies[00:56:01] Due diligence for small businesses and startups[01:00:47] Centralized vs. decentralized security strategies[01:02:20] Adopting a risk-based approach for security questionnaires[01:06:05] Negotiating buyer risk assessments[01:10:11] Leveraging compliance automation tools[01:12:55] Managing contract risks effectively[01:16:10] Ensuring alignment between contract terms and security questionnaires

Episode 4: Ethics in Cybersecurity, Career Development, and Data ProtectionIn Episode 4, we are joined by Doug Salah to explore some critical topics in cybersecurity and career growth.Key TopicsDoug Salah’s Cybersecurity Journey: His transition into cybersecurity and current role in the industry.Networking in Cybersecurity: The value of building connections at cybersecurity conferences.TRISS (Three Rivers Information Security Symposium): Insights into TRISS, its scholarships, and its impact on the community.Mid-Career Development: Doug’s thoughts on transitioning mid-career, setting goals, and maintaining integrity.Cybersecurity Ethics: A deep dive into ethics in the industry, ethical decision-making, and creating a Cyber Code of Honor.The Four Agreements: How Doug relates his personal ethics to the principles in The Four Agreements.Featured Spirit – Compass Box Spice Tree Scotch: A review of this week’s featured Scotch.National Public Data Background Check Breach: Discussion of the recent breach and its implications for data protection.Data Protection Tips: Tips on freezing credit and using services like Delete Me to protect personal data.LinksThree Rivers Information Security Symposium (TRISS) - https://www.threeriversinfosec.com/The Four Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319Delete Me Service - https://joindeleteme.com/The Code Of Honor - Embracing Ethics in CybersecuritySpiritsCompass Box Spice Tree Scotch - https://www.compassboxwhisky.com/products/the-spice-treeHostsJustin Leapline - https://www.linkedin.com/in/justinleapline/Joe Wynn - https://www.linkedin.com/in/wynnjoe/Rick Yocum - https://www.linkedin.com/in/rickyocum/GuestDoug Salah - https://www.linkedin.com/in/dougsalah/Connect with UsWebsite: Distilled Security PodcastTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.com

Episode 2 of the Distilled Security Podcast is here!Join us this week as we jump into: Exploring the critical importance of tailoring security frameworks: Aligning with an organization's specific goals and objectivesHighlighting frameworks like NIST CSF and CIS to advance security programs effectivelyInsights on aligning KPIs with the NIST CSF frameworkComplementary use of frameworks like CIS to enhance security control measurementPerspective on compliance and regulatory requirementsThe role of AI in security programsThreats posed by deepfakes: Incorporating safeguards to protect organizations from deepfake risks and effectively leverage AI within security programsChapters00:00:00 - Introduction and Episode Overview00:00:44 - Discussion on Security Frameworks00:05:43 - Tailoring Frameworks00:08:19 - Mapping and Compliance Challenges00:17:16 - Tailoring for Small Organizations00:19:15 - Upcoming Conferences00:21:30 - Bourbon Review00:25:00 - Audit Preparation Tips00:27:02 - AI in Security00:35:09 - Privacy Concerns with AI Toys00:41:22 - Deepfakes in Security01:05:59 - Closing RemarksLinks and referenceshttps://securecontrolsframework.comhttps://www.nist.gov/cyberframeworkhttps://csrc.nist.gov/pubs/sp/1300/finalhttps://www.cisecurity.org/insights/white-papers/cis-controls-sme-guideDrinkWhiskey Thief Door KnockerHostsJustin Leapline - https://www.linkedin.com/in/justinleapline/Joe Wynn - https://www.linkedin.com/in/wynnjoe/Rick Yocum - https://www.linkedin.com/in/rickyocum/Connect with UsWebsite: https://distilledsecuritypodcast.comTwitter: @DisSecPodEmail: hello@distilledsecuritypodcast.com

Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.