Episode 13 of the Distilled Security Podcast is here!

Join us as we explore:

• The Coinbase Breach: A breakdown of Coinbase’s recent insider-driven breach, including social engineering, bribery of offshore contractors, and how the company responded publicly and operationally.
• Building Insider Threat Programs: The crew shares practical approaches to detecting insider misuse, behavioral monitoring, and the potential for "job descriptions as code."
• CISO Liability and Insurance: Discussion on the evolving legal exposure for CISOs, personal liability, and whether directors and officers (D&O) insurance is a must-have.
• Board-Level Cyber Risk: Should cybersecurity roll up to the audit committee or its own risk committee? The team explores where security leadership best fits in organizational governance.
• Communication and Legal Risk: How careless comments—public or internal—can be used against organizations, and why CISOs and leaders must strike a balance between transparency and caution.
• Modern Risk Management: Turning technical issues into business risk conversations, why documentation matters, and how strong risk communication can help CISOs avoid being scapegoated.
• BSides Pittsburgh Update: With over 600 tickets already sold, the team gives updates on ticket tiers, t-shirts, speaker schedules, and why you should register by June 13.
• Bourbon Review – Widow Jane Lucky 13: To celebrate episode 13, the crew samples Widow Jane Lucky 13—a smooth, toffee-forward bourbon aged 13 years.
• Reporting Lines: Where and how security should be structured within the organization, from effectiveness to liability and more.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Join us as we reflect on:

• One Year of Podcasting: The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors.
• Audit Quality and Risk: A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and trustworthy.
• Third-Party Risk Management: How companies can assess vendor SOC 2 reports, triage risk among their vendors, and build defensible compliance practices.
• Operational vs. Commercial Risk: The importance of translating audit findings into business impact and strengthening vendor partnerships for long-term resilience.
• Bourbon Review – Jefferson’s Tropics: A tasting of a tropical-aged bourbon matured in Singapore’s climate, featuring notes of toffee and spice.
• BSides Pittsburgh Update: Details on ticket sales, sponsor opportunities, and how to get involved with the local security community’s flagship event.
• Entrepreneurship & Starting a Business: A thoughtful discussion on what it really takes to start your own business—when to consider it, how to prepare, and why it’s often more work (and growth) than expected.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 11 of the Distilled Security Podcast is here!

Join us as we cover:

• Signal, Encrypted Messaging, and Corporate Policy: A deep dive into the use of Signal in sensitive discussions—including a political mishap—and the implications for corporate communication policies, discovery, and compliance.
• Oracle Cloud Breach Allegations: Evaluating breach claims, early response tactics, and the value of proactive key and credential rotation.
• DNA Data, 23andMe, and Privacy Concerns: With 23andMe filing for bankruptcy, the team explores risks associated with sharing genetic data and broader privacy implications when personal information changes hands.
• Hospital Data as Business Assets: A surprising look at how some companies are buying bankrupt hospitals—primarily for access to their medical datasets.
• Vulnerability Management in the Real World: Tips on building practical, risk-based vulnerability management programs, understanding scanner severity versus real-world risk, and developing responsive processes that scale.

Spirits:

• Calumet Farm Small Batch Bourbon Whiskey https://www.calumetbourbon.com/smallbatch

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com