Episode 14 of the Distilled Security Podcast is here!

This week, the team welcomes guest John Zeolla, a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence.

Topics include:

• Shadow AI in the Enterprise: Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls.

• Third-Party AI Risk: Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security.

• Data Sprawl and Provenance: How uncontrolled data flows and poor identity scoping create dangerous exposure in generative AI platforms.

• Threat Modeling for AI: Why traditional frameworks like STRIDE still apply—and how techniques like “LLM as a judge” are reshaping modern risk analysis.

• Hallucinations, Misuse, and Insider Access: From AI-summarized HR documents to leaked board data, the team explores how improper permissions are amplified by intelligent agents.

• AI in Real Business Use: From customer support chatbots to code review tools, where AI adds value—and where it creates new points of failure.

• Governance and Culture: The role of CISOs, legal, and finance leaders in aligning AI ambition with responsible oversight.

• Bourbon Review – Elijah Craig Private Barrel Pick: A smooth 94-proof selection sponsored by Liberty Liquors (MD), bringing sweet caramel and balance to this week’s pour.

• BSides Pittsburgh Preview: With nearly 1,000 tickets sold, the team teases event highlights, panel interviews, and John's upcoming talk on "vibe coding."

Timestamps

00:00 – Welcome & Introductions
02:20 – What’s “Shadow AI”?
06:45 – Third-Party Risk & AI Integrations
11:10 – Contracts ≠ Security
14:00 – Data Sprawl & Identity Challenges
19:05 – Threat Modeling for AI
23:40 – “LLM as a Judge” in Risk Analysis
28:15 – Hallucinations & Misuse Scenarios
33:00 – Insider Access Amplified by AI
36:30 – Real-World Use Cases (Chatbots, Code Review, etc.)
41:55 – Governance, Culture & CISO Alignment
48:20 – Bourbon Review: Elijah Craig Private Barrel
52:30 – BSides PGH Preview & John’s “Vibe Coding” Talk
57:00 – Final Thoughts & Wrap-Up

Hosts

• Justin Leapline – LinkedIn
• Joe Wynn – LinkedIn
• Rick Yocum – LinkedIn
  
  

Guest

• John Zeolla – Zenable.io
  
  

Connect with Us

• Website: distilledsecuritypodcast.com
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 13 of the Distilled Security Podcast is here!

Join us as we explore:

• The Coinbase Breach: A breakdown of Coinbase’s recent insider-driven breach, including social engineering, bribery of offshore contractors, and how the company responded publicly and operationally.
• Building Insider Threat Programs: The crew shares practical approaches to detecting insider misuse, behavioral monitoring, and the potential for "job descriptions as code."
• CISO Liability and Insurance: Discussion on the evolving legal exposure for CISOs, personal liability, and whether directors and officers (D&O) insurance is a must-have.
• Board-Level Cyber Risk: Should cybersecurity roll up to the audit committee or its own risk committee? The team explores where security leadership best fits in organizational governance.
• Communication and Legal Risk: How careless comments—public or internal—can be used against organizations, and why CISOs and leaders must strike a balance between transparency and caution.
• Modern Risk Management: Turning technical issues into business risk conversations, why documentation matters, and how strong risk communication can help CISOs avoid being scapegoated.
• BSides Pittsburgh Update: With over 600 tickets already sold, the team gives updates on ticket tiers, t-shirts, speaker schedules, and why you should register by June 13.
• Bourbon Review – Widow Jane Lucky 13: To celebrate episode 13, the crew samples Widow Jane Lucky 13—a smooth, toffee-forward bourbon aged 13 years.
• Reporting Lines: Where and how security should be structured within the organization, from effectiveness to liability and more.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Join us as we reflect on:

• One Year of Podcasting: The crew celebrates a full year of episodes, favorite topics, behind-the-scenes production, and where the show is headed next—including a new studio setup and future sponsors.
• Audit Quality and Risk: A deep dive into the evolution of cybersecurity audits, the growing influence of low-cost providers, and what actually makes an audit valuable and trustworthy.
• Third-Party Risk Management: How companies can assess vendor SOC 2 reports, triage risk among their vendors, and build defensible compliance practices.
• Operational vs. Commercial Risk: The importance of translating audit findings into business impact and strengthening vendor partnerships for long-term resilience.
• Bourbon Review – Jefferson’s Tropics: A tasting of a tropical-aged bourbon matured in Singapore’s climate, featuring notes of toffee and spice.
• BSides Pittsburgh Update: Details on ticket sales, sponsor opportunities, and how to get involved with the local security community’s flagship event.
• Entrepreneurship & Starting a Business: A thoughtful discussion on what it really takes to start your own business—when to consider it, how to prepare, and why it’s often more work (and growth) than expected.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 11 of the Distilled Security Podcast is here!

Join us as we cover:

• Signal, Encrypted Messaging, and Corporate Policy: A deep dive into the use of Signal in sensitive discussions—including a political mishap—and the implications for corporate communication policies, discovery, and compliance.
• Oracle Cloud Breach Allegations: Evaluating breach claims, early response tactics, and the value of proactive key and credential rotation.
• DNA Data, 23andMe, and Privacy Concerns: With 23andMe filing for bankruptcy, the team explores risks associated with sharing genetic data and broader privacy implications when personal information changes hands.
• Hospital Data as Business Assets: A surprising look at how some companies are buying bankrupt hospitals—primarily for access to their medical datasets.
• Vulnerability Management in the Real World: Tips on building practical, risk-based vulnerability management programs, understanding scanner severity versus real-world risk, and developing responsive processes that scale.

Spirits:

• Calumet Farm Small Batch Bourbon Whiskey https://www.calumetbourbon.com/smallbatch

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 10 of the Distilled Security Podcast is here!

Join us as we explore:

• Security in Times of Budget Cuts: How organizations can navigate layoffs and reduced funding while maintaining a strong security posture.
• The Cybersecurity Talent Shortage: Why security hiring remains challenging, the need for apprenticeship models, and how organizations can develop internal talent pipelines.
• BSides Pittsburgh: Put this on your calendar and submit talks.
• Cyber Crisis Readiness: The importance of C-suite participation in tabletop exercises and cyber incident planning.

References

• Early Education by David Barton - https://www.youtube.com/watch?v=io-O59eakMk
• BSides Pittsburgh CFP - https://www.bsidespgh.com/cfp

Spirits: Lady of the Glen – A 10-year-old cask strength Scotch whisky finished in Oloroso sherry casks.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 9 of the Distilled Security Podcast is here!

Join us as we explore:

• Security on a Budget: How teams can optimize tools, manage resource constraints, and build an effective security strategy with limited funding.
• AI and Efficiency: The impact of AI on job performance, along with the risks of AI-powered note-taking and data classification.
• Data Breaches & Industry Challenges: Lessons from Marriott’s data breaches, security concerns in the hospitality industry, and evolving consumer protection mandates.
• Regulatory Shifts & Compliance: A discussion on HIPAA’s 2023 overhaul, required vs. addressable regulations, and the role of dual audits in compliance assurance.
• Data Sovereignty & Government Oversight: How security teams navigate data sovereignty risks, government requests for information, and evolving security standards.
• Multi-Factor Authentication & Risk Mitigation: The importance of MFA and its role in strengthening security posture is increasing.

Spirits

• Heigold Single Barrel Cask Strength https://www.rabbitholedistillery.com/pages/single-barrel-release

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

References

2025 HIPAA Security Rule Guide and Compliance Checklist // https://www.seisollc.com/insights/2025-hipaa-rule-guide

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

🎙️ Episode 8 of the Distilled Security Podcast is here! 🔐🥃

🔎 Join us as we explore:

• The Whiskey Rebellion and Craft Distilling: A dive into the history of the Whiskey Rebellion and what it means for today’s distillers. Learn about Iron City Distilling, creating national brand-quality spirits, and the significance of the Bessemer brand name.
• Whiskey Craftsmanship: Insights into chamber still distillation, the balance of maturation versus aging, and premium craft whiskey production.
• Executive Protection and Privacy: Strategies for workplace safety, reducing online risks, and managing personal branding in crises.
• Quantum Computing Risks: A look at Google's Willow chip, the implications of quantum computing on cybersecurity, and the need for post-quantum cryptographic protocols.
• Modern Password Challenges: Discussing the future of passwordless login, phishing risks, dark web breaches, and the evolving standards of password compliance.

🌟 Spirit: Iron City Distilling Distillers Reserve – A 6-Year Craft Masterpiece!

🎙️ Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn
  
  

🤝 Guest

• Eddie Kubit - LinkedIn

📲 Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

🕐 Time Stamps

[00:00:00] Introduction
[00:00:09] Eddie’s Career Transition
[00:03:00] Whiskey Rebellion and Craft Distilling
[00:06:00] Joining Iron City Distilling
[00:10:00] Unique Approach at Iron City Distilling
[00:19:00] Traditional Whiskey Making Process
[00:28:30] Executive Protection and Privacy
[00:39:00] Practical Security Measures for Executives
[00:50:00] Google’s Quantum Computing and Cybersecurity Risks
[00:57:00] Post-Quantum Cryptography
[01:06:00] Modern Password Practices
[01:20:00] Closing Thoughts

Welcome to Episode 7 of the Distilled Security Podcast!

In this episode, hosts Justin, Rick, and Joe are joined by special guest Brandon Eckert to explore his fascinating journey in cybersecurity, share industry insights, and enjoy a fun debate on Thanksgiving favorites. Here’s what’s in store:

Topics Covered:

🔹 Navigating a Career in Cybersecurity
Reflections on starting out in cybersecurity, overcoming challenges in small-town IT careers, and the role of certifications in shaping career success.

🔹 The Value of Certifications
How certifications like OSCP contribute to career growth, practical knowledge, and their relationship with networking and formal education.

🔹 Mentorship and the Pittsburgh Cybersecurity Community
The importance of fostering growth, mentoring local talent, and giving back to the Pittsburgh security community.

🔹 Networking vs. Certifications
A discussion on what matters more for career advancement and the unique benefits of each.

🔹 Auditor Stories and Lessons Learned
Hear hilarious and insightful tales from hospital audits, ethical dilemmas, and tips for managing challenging auditor experiences.

🔹 Business Continuity Challenges
How organizations can prepare for rare but impactful events, like solar flares, while building strong auditor relationships.

🔹 Thanksgiving Favorites
A lighthearted wrap-up featuring turkey tips, stuffing recipes, and the ultimate leftover turkey sandwich.

🔸 Links
Widow Jane Black Opal: https://widowjane.com/

🔸 Spirits
Widow Jane Black Opal
A rare blend of bourbons, each aged for at least 20 years and finished in Japanese Mizunara oak. Notes of toffee, plum, and tobacco make this whiskey an extraordinary treat.

🔸Hosts

• Justin Leapline
• Joe Wynn
• Rick Yocum

🔸 Guest
🙋🏻‍♂️ Brandon Eckert

🎙 Connect with Us
Website: Distilled Security Podcast
X: @DisSecPod
Email: hello@distilledsecuritypodcast.com