In this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry. Topics CoveredThe Delve scandal—leaked reports, copy-pasted audits & pervasive deficienciesThe AICPA peer review process & AC Corp's adverse findingsSOC 2 vs ISO 27001—oversight models, witness audits & accreditationThe incentive structure driving compliance to the bottomCompliance automation — what works, what doesn't & AI's real roleWhat to ask your auditor before signing anythingTrust centers — done right vs. compliance theaterIs SOC 2 dead? What needs to change & who has to change itHostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocumHostsMatthew J. Schiavone - (Sikich) Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com
Podzilla Summary coming soon
Sign up to get notified when the full AI-powered summary is ready.
Free forever for up to 3 podcasts. No credit card required.
Listen to This Episode
More from Distilled Security Podcast
Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI
Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About
Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything
Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds
Get summaries like this every morning.
Free AI-powered recaps of Distilled Security Podcast and your other favorite podcasts, delivered to your inbox.
Free forever for up to 3 podcasts. No credit card required.