Podcast Episode Details

Back to Podcast Episodes

Episode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRC

Episode 16


Episode 16: When Metrics Mislead: Security Scoring, Board Gaps, and vGRC



Episode 16 of the Distilled Security Podcast is here!


In this episode, Justin, Joe, and Rick christen the new studio and dive into some of the trickiest challenges in measuring, reporting, and governing security programs. From maturity models to board reporting, the conversation unpacks how scoring systems can mislead, how to communicate bad news effectively, and why boards need more than just “checkbox” cyber expertise.

The team also explores the rise of vGRC (Virtual GRC) services—what they are, how they differ from vCISO offerings, and when organizations should consider fractional models. And of course, no episode would be complete without a pour: this week, a rich Woodford Reserve Double Double Oaked bourbon.


Topics Covered

  • New Studio Upgrade: Behind-the-scenes on mics, cameras, and why the couch had to go.

  • Measuring to the Score: The dangers of chasing maturity numbers instead of real security outcomes.

  • Scoping, Rubrics & Auditor Whim: Why assessments are subjective and how leadership often misunderstands the results.

  • Cultural Incentives: How bonuses, compliance checkboxes, and “auditor shopping” distort security reporting.

  • Prepping for New Tools: Setting expectations with leadership when visibility spikes after deploying monitoring or vulnerability tools.

  • Boards and Cybersecurity Expertise: Should cyber knowledge be mandated at the board level—or does it risk creating the illusion of safety?

  • Virtual GRC vs. vCISO: What fractional GRC services really deliver, how they differ from vCISO roles, and why naming clarity matters.

  • Bourbon Review: Woodford Reserve Double Double Oaked — syrupy, smooth, and perfect for a holiday pour.

Hosts

  • Justin Leapline
  • Joe Wynn
  • Rick Yocum

Connect with Us
 🌐 Website: distilledsecuritypodcast.com
 🐦 Twitter: @DisSecPod
 📧 Email: hello@distilledsecuritypodcast.com


Published on 1 month ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait