Free Daily Podcast Summary
Distilled Security Podcast: Daily Summaries Delivered
by Justin Leapline, Joe Wynn, and Rick Yocum
Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- May 14, 20261h 42m
Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI
In this episode, we celebrate our 2nd anniversary and Episode 24 of Distilled Security! We cover the Vercel breach, how a Roblox script led to compromised Google Workspace credentials via an unauthorized OAuth connection. Then we dive into HackerOne, pausing their own bug bounty program, overwhelmed by low-quality, AI-generated submissions. And we close out with the State of Vibe-Coded Security—4,783 AI-assisted apps scanned, 727 critical issues found, and the real question: are you vibe coding or vibe deploying? Plus, a quick look at Claude for Security dropping into public beta and what that means for the industry. All of that, and we crack open a Peerless Double Oak to toast two years of Distilled Security. 🥃⏱️ TIMESTAMPS:00:00 – Intro & 2-Year Anniversary 🎉01:26 – Behind the Scenes & Favorite Moments08:26 – Podcast Metrics & Global Reach24:20 – BSides Pittsburgh 2025 Update 🛡️34:31 – The Vercel Breach & OAuth Risk58:57 – HackerOne Pauses Bug Bounty1:16:05 – Spirit: Peerless Double Oak 🥃1:20:27 – Vibe Coding vs. Vibe Deploying1:26:46 – Claude for Security & AI News1:41:27 – Cheers to Two Years! 🥃🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum📬 Send Us Your Questions!ask@distilledsecuritypodcast.com🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com👍 Like, comment, and subscribe for monthly security and compliance insights
- Apr 14, 20262h 10m
Episode 23: Nobody read the report
In this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry. Topics CoveredThe Delve scandal—leaked reports, copy-pasted audits & pervasive deficienciesThe AICPA peer review process & AC Corp's adverse findingsSOC 2 vs ISO 27001—oversight models, witness audits & accreditationThe incentive structure driving compliance to the bottomCompliance automation — what works, what doesn't & AI's real roleWhat to ask your auditor before signing anythingTrust centers — done right vs. compliance theaterIs SOC 2 dead? What needs to change & who has to change itHostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocumHostsMatthew J. Schiavone - (Sikich) Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com
- Mar 9, 20261h 56m
Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About
In this episode of the Distilled Security Podcast, we tackle four topics shaping the cybersecurity landscape — from AI's real impact on defense to a wave of regulatory and market changes every security team needs to be tracking.🔹 Is AI Good for Security? — Anthropic's model finding hundreds of zero days, stock market panic after Claude Code's launch (CrowdStrike down 11%), the "hard things easy, easy things hard" reality of AI, why human-out-of-the-loop isn't ready yet, the coming spike in vulnerability disclosures, and how defenders should be using AI for better hygiene🔹 CIRCIA Final Rule (May 2026) — The federal incident reporting law hitting critical infrastructure, 72-hour incident and 24-hour ransom payment notification clocks, how "substantial cyber incident" triggers differ from materiality, mid-market companies falling in scope, overlapping timelines with HIPAA/SEC/state breach laws, and building your incident response playbook now🔹 Protecting Yourself Against a Changing Compliance Landscape — CMMC Phase 2, HIPAA overhaul, CCPA audits all converging, why a unified security program beats framework-by-framework chasing, evidence over policy in audits, engineering continuous compliance through automation, and the reality of doing this without dedicated staff🔹 Cybersecurity M&A / Consolidation Problem — Google acquiring Wiz for $32B, 10% of the cybersecurity industry changing hands, operational benefits of fewer vendors vs. pricing pressure and talent drain, the OneTrust "sticker on the side" integration warning, Cisco's Startup Studios model, and why consolidation only works if they don't break what made the acquisition special🥃 Spirit Review: WhistlePig 12 Year Old World RyePA Fine Wine & Good Spirits Select — Finished in Madeira, Sauternes & Port barrels, 86 proofhttps://www.whistlepigwhiskey.com/📬 Send Us Your Questions!ask@distilledsecuritypodcast.com🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com👍 Like, comment, and subscribe for weekly security and compliance insights.
- Feb 18, 20261h 50m
Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything
In this episode of the Distilled Security Podcast, we break down three converging forces reshaping how organizations manage AI risk — and what you need to do about it now.🔹 BIPA + AI Notetakers — A class action lawsuit exposes unauthorized biometric data collection, why a single Illinois meeting participant creates liability, the Shopify wiretapping dismissal, and the steps you should take today to audit your AI tools🔹 GRC Engineering Meets AI — Real AI compliance tools vs. vaporware, using LLMs for policy drafting and control mapping, the hallucination accountability problem, building AI guardrails as code, and the NIST RFI on AI Agent Security (comments due March 9, 2026)🔹 ISO 42001 Deep Dive — The first AI Management System standard, how it differs from ISO 27001, AI Impact Assessments vs. traditional risk assessments, stakeholder engagement requirements, and why certification is becoming essential for EU AI Act compliance🥃 Spirit Review: Redbreast 12 Cask Strengthhttps://www.redbreastwhiskey.com/en-us/whiskey-collections/redbreast-cask-strength-whiskey/⏱️ Timestamps0:00 Intro & Episode Overview2:04 BIPA & AI Notetakers25:08 GRC Engineering Meets AI1:07:15 🥃 Spirit Review: Redbreast 12 Cask Strength (Irish Whiskey)1:11:17 ISO 420011:49:30 Outro & wrap-up🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com👍 Like, comment, and subscribe for weekly security and compliance insights.
- Jan 26, 20261h 20m
Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds
In the first episode of 2026, the Distilled Security team kicks off the year with a practical discussion on security priorities, key compliance dates to watch in 2026, and why misleading the government on cybersecurity compliance can have serious consequences.The conversation focuses on simplifying security programs, returning to core fundamentals, and learning from real-world enforcement and regulatory cases. The episode closes with a holiday pour and a preview of format changes coming next.⏱️ Timestamps0:00 Intro & episode overview0:33 2026 security resolutions: simplify & back to basics5:45 “Science projects”: removing emotion from decisions8:36 Justin’s goals: family, travel, business & AI workflows17:52 EOS + Atomic Habits workbook (goal planning)23:54 Key compliance dates to watch in 202631:45 California privacy updates & risk assessments (CCPA)35:39 EU AI Act + NIS2 enforcement ramp-up42:48 Drink break: High West “A Midwinter Night’s Dram.”45:04 Don’t mislead the feds: FedRAMP, SolarWinds, CMMC—wrap-up to 1:20:12 🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com🥃 Drink of the episode: High West A Midwinter Night’s Dram
- Dec 8, 20252h 12m
Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast
In this episode, we break down a major Cloudflare outage, explore how a nation-state used AI agents to automate a cyberattack, and discuss the growing risks around MCP integrations. We also highlight why GRC Engineering is becoming essential to modern security programs and wrap up with key regulatory updates, including CMMC changes affecting thousands of contractors.Topics covered: • Cloudflare outage impact and root cause• Nation-state attack using AI agents to automate intrusion steps• MCP (Model Context Protocol): power, risks, and examples• Why GRC Engineering is the future of compliance and automation• Updates on GDPR, ISO 27701, California AB 5866, and SEC rules• CMMC assessor shortages and what organizations must prepare forSpirit of the Episode• Knob Creek 21-Year Limited Release, rich caramel notes, heavy char, smooth for 100 proofTimestamps0:02—Cloudflare Outage Stories & Global Impact3:07—Root Cause, Not a Cyberattack & Third-Party Risk Reality10:38 - China Uses Anthropic’s Claude + MCP for Automated Cyberattacks14:17 - Full AI Attack Lifecycle Explained27:18 - MCP: The API for AI & Its Security Risks44:05 - Bourbon Break: Knob Creek 21-Year Review50:02 - GRC Engineering Deep Dive: Automation & Controls-as-Code1:24:13 - Regulatory Roundup: GDPR, ISO 27701, California AB 566, SEC SP1:44:27 - CMMC 2.0 Crisis: Auditor Shortages & DoD Contract Impact2:11:20 - Closing Thoughts & Episode Wrap-UpHostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocumGuestMatthew J. Schiavone - @SikitchConnect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com
- Nov 10, 20251h 53m
Episode 18: TRISS Highlights, Cloud Chaos & SaaS Lessons Learned
In Episode 18 of the Distilled Security Podcast, Justin Leapline, Joe Wynn, and Rick Yokum recap their time at TRISS, share lessons on storytelling and women in tech, and break down the recent AWS us-east-1 DNS/DynamoDB outage, the Microsoft Front Door global disruption, and the F5 BIG-IP incident. 🔍 We discuss:- TRISS highlights: panels, community & storytelling- “Breaking the glass ceiling” and unintentional bias in meetings- AWS & Microsoft outages: risk, resilience & when multicloud matters- F5 BIG-IP incident and supply chain risk- Launching a GRC SaaS: episki’s journey, lessons & tradeoffs🥃 Spirit of the episodePenelope Bourbon – Project X (sherry cask finish)⏱️ Timestamps00:00 – 🥃 Intro & TRISS Recap — Highlights from TRISS: panels, community, and a keynote with Edward Norton02:40 – 📖 The Power of Storytelling — Why empathy and narrative matter in cybersecurity leadership04:40 – 👩💻 Women in Tech & Bias in Meetings — Real talk about unintentional bias and everyday experiences20:34 – ☁️ AWS & Microsoft Outages — What happened and what it says about cloud resilience49:38 - 🥃 Bourbon Break — Enjoying a glass of Penelope Project X53:30 – 🔥 F5 BIG-IP Vulnerability — Supply chain risk and patching lessons1:09:50 – 🚀 Launching episki (GRC SaaS) — Building simply, shipping fast, and learning from users1:52:22 – 🧭 Reflections & Closing Thoughts — Culture, resilience, and what’s next🎧 HostsJustin Leapline Joe Wynn Rick Yocum 🌐 Connect with UsWebsite: distilledsecuritypodcast.comX : @DisSecPodEmail: hello@distilledsecuritypodcast.com
- Oct 13, 20251h 40m
Episode 17: TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal
🎙️ Welcome back to the Distilled Security Podcast - Episode 17!In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment.Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party! Please come say hi!🔹 Topics CoveredNY DFS Part 500: Final Requirements Take Effect November 1The hosts unpack the final phase of New York’s cybersecurity regulation, what’s changing, and what companies must have in place before the enforcement deadline.Negotiating SecurityHow smaller companies can push back or reframe due diligence requirements—substituting a SOC 2 or ISO 27001 certification with custom questionnaires, summaries, or shared evidence that reflect real security maturity instead of checklists.“TPRM Is Worthless”A candid discussion on the state of third-party risk management: why it’s often broken, what needs to change, and how to make it meaningful rather than bureaucratic.Department of War Announces New Cybersecurity Risk Management ConstructThe team explores the DoD’s latest cybersecurity framework announcement—what it means for contractors, how it overlaps with CMMC and NIST 800-171, and whether it will actually simplify or complicate compliance.🥃 Spirit ReviewOne of Us Mezcal — This small-batch mezcal impresses with its earthy smoke, hints of citrus, and smooth finish. The guys compare it to other craft agave spirits they’ve tried and debate whether it pairs better with a quiet evening or post-recording celebration.Find it here:https://oneofusmezcal.com/products/cuishe-mezcal-the-wild-one⏱️ Timestamps0:00 – Introduction & Travel Mishap6:25 – New Laptop Twins & Backup Strategies11:35 – NY DFS Part 500 Updates27:30 – DFS Reporting & Organizational Accountability33:30 – Negotiating Security Requirements47:46 – Cultural Nuances in Negotiation50:20 – Spirit Review: One of Us Mezcal52:55 – TPRM Is Worthless?57:50 – Fixing Broken Vendor Risk Workflows1:08:21 – Vendor Resilience vs. Security1:18:20 – New DoW/DoD Cybersecurity Risk Management Construct1:35:06 - BSides Pittsburgh Planning & Sponsorship1:38:35 - DSP at TRISS1:39:51 – Closing Remarks & Outro🎧 HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum🌐 Connect with UsWebsite: distilledsecuritypodcast.com🐦 Twitter: @DisSecPod📧 Email: hello@distilledsecuritypodcast.com
Get Distilled Security Podcast summaries in your inbox
Free AI-powered daily recaps. Key takeaways, quotes, and mentions — in a 5-minute read.
Get Free Summaries →Free forever for up to 3 podcasts. No credit card required.
You Might Also Like
Listeners also like.
Security Now (Audio)
A weekly deep dive into cybersecurity threats, hacking trends, and practical defense strategies for individuals and businesses.
Cyberside Chats: Cybersecurity Insights from the Experts
Cybersecurity experts discuss emerging threats, defense strategies, and AI's role in protecting organizations.
Cyber Leaders
Explores cybersecurity trends and strategies through expert insights to help leaders navigate digital threats.
The Dark Web Diaries
Explores cybersecurity topics, hacker motivations, and weekly cyber news to demystify online safety and the dark web.
The Just Security Podcast
Expert analysis of national security, foreign policy, and rights from practitioners, academics, and affected individuals.
The Cloud Pod | Weekly AI & Cloud News on AWS, Azure & GCP
Covers weekly updates and AI innovations in cloud computing across AWS, Azure, and Google Cloud for tech professionals.
Whiskey Web and Whatnot
Developers discuss web technologies, AI coding tools, and software careers alongside casual talk about the human side of programming.
This Day in AI Podcast
Two friends discuss artificial intelligence, sharing casual insights, personal experiments, and humorous experiences with AI tools and technology.
Bourbon with Brad
Two friends discuss finance, technology, AI, and sports over weekly bourbon tastings, blending sharp insight with casual debate.
TechSurge: Deep Tech Podcast
Explores emerging technologies, startup challenges, and investment trends through conversations with founders, investors, and tech leaders.
The Digital Executive
A daily tech podcast exploring emerging technologies through interviews with Silicon Valley CEOs, influencers, and celebrities.
Unsupervised Learning with Jacob Effron
Conversations with leading AI experts to understand current breakthroughs and future implications for technology and business.
About Distilled Security Podcast
Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from Distilled Security Podcast in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's Distilled Security Podcast daily summary?
It's a free AI-powered email that summarizes new episodes of Distilled Security Podcast as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the Distilled Security Podcast podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official Distilled Security Podcast product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by Justin Leapline, Joe Wynn, and Rick Yocum.
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
How often does Distilled Security Podcast release new episodes?
Distilled Security Podcast publishes monthly. Our AI generates a summary within hours of each new episode.
What topics does Distilled Security Podcast cover?
Distilled Security Podcast covers topics including Technology, Business. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting Distilled Security Podcast summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.