
Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal
From Distilled Security Podcast by Justin Leapline, Joe Wynn, and Rick Yocum
October 13, 2025 · 1h 41m · Episode 17
About this episode
The episode discusses major cybersecurity updates, the challenges of third-party risk management, and negotiation strategies for security compliance.
🎙️ Welcome back to the Distilled Security Podcast - Episode 17! In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment. Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party! Please come say hi! 🔹 Topics Covered NY DFS Part 500: Final Requirements Take Effect November 1 The hosts unpack the final phase of New York’s cybersecurity regulation, what’s changing, and what companies must have in place before the enforcement deadline. Negotiating Security How smaller companies can push back or reframe due diligence requirements—substituting a SOC 2 or ISO 27001 certification with custom questionnaires, summaries, or shared evidence that reflect real security maturity instead of checklists. “TPRM Is Worthless” A candid discussion on the state of third-party risk management: why it’s often broken…
People in this episode
Hosts: Justin Leapline, Joe Wynn, Rick Yocum
Topics covered
- cybersecurity regulation
- third-party risk management
- security negotiation
- compliance updates
- risk management framework
Keywords
- TPRM
- NY DFS Part 500
- cybersecurity
- risk environment
- SOC 2
- ISO 27001
- compliance
- security maturity
Mentioned in this episode
Organizations: New York Department of Financial Services, Department of Defense, CMMC, NIST
Places: Pittsburgh, PA
More episodes of Distilled Security Podcast
- Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI · May 14, 2026 · 1h 43m
- Episode 23: Nobody read the report · April 14, 2026 · 2h 10m
- Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About · March 9, 2026 · 1h 56m
- Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything · February 18, 2026 · 1h 51m
- Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds · January 26, 2026 · 1h 20m
- Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast · December 8, 2025 · 2h 12m
Explore listener stats, chart rankings, contacts and more on the Distilled Security Podcast podcast page.