Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal

Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal

From Distilled Security Podcast by Justin Leapline, Joe Wynn, and Rick Yocum

October 13, 2025 · 1h 41m · Episode 17

About this episode

The episode discusses major cybersecurity updates, the challenges of third-party risk management, and negotiation strategies for security compliance.

🎙️ Welcome back to the Distilled Security Podcast - Episode 17! In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment. Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party! Please come say hi! 🔹 Topics Covered NY DFS Part 500: Final Requirements Take Effect November 1 The hosts unpack the final phase of New York’s cybersecurity regulation, what’s changing, and what companies must have in place before the enforcement deadline. Negotiating Security How smaller companies can push back or reframe due diligence requirements—substituting a SOC 2 or ISO 27001 certification with custom questionnaires, summaries, or shared evidence that reflect real security maturity instead of checklists. “TPRM Is Worthless” A candid discussion on the state of third-party risk management: why it’s often broken…

People in this episode

Hosts: Justin Leapline, Joe Wynn, Rick Yocum

Topics covered

  • cybersecurity regulation
  • third-party risk management
  • security negotiation
  • compliance updates
  • risk management framework

Keywords

  • TPRM
  • NY DFS Part 500
  • cybersecurity
  • risk environment
  • SOC 2
  • ISO 27001
  • compliance
  • security maturity

Mentioned in this episode

Organizations: New York Department of Financial Services, Department of Defense, CMMC, NIST

Places: Pittsburgh, PA

More episodes of Distilled Security Podcast

Explore listener stats, chart rankings, contacts and more on the Distilled Security Podcast podcast page.