Podcast Episode Details

Back to Podcast Episodes

TPRM Is Worthless?! NY DFS Part 500, Security Negotiation Tips & Mezcal


Episode 17


🎙️ Welcome back to the Distilled Security Podcast - Episode 17!


In this episode, Justin, Joe, and Rick break down several major cybersecurity and compliance updates shaping the landscape this fall. From regulatory deadlines to the futility of checkbox TPRM exercises, the crew dives deep into what actually matters for security leaders and business owners navigating today’s risk environment.


Also, join us at TRISS in Pittsburgh, PA, at the David this October 29,2025! We have our own booth and will be doing something fun there. Also, we are sponsoring the After Party! Please come say hi!


🔹 Topics Covered


NY DFS Part 500: Final Requirements Take Effect November 1

The hosts unpack the final phase of New York’s cybersecurity regulation, what’s changing, and what companies must have in place before the enforcement deadline.


Negotiating Security

How smaller companies can push back or reframe due diligence requirements—substituting a SOC 2 or ISO 27001 certification with custom questionnaires, summaries, or shared evidence that reflect real security maturity instead of checklists.


“TPRM Is Worthless”

A candid discussion on the state of third-party risk management: why it’s often broken, what needs to change, and how to make it meaningful rather than bureaucratic.


Department of War Announces New Cybersecurity Risk Management Construct

The team explores the DoD’s latest cybersecurity framework announcement—what it means for contractors, how it overlaps with CMMC and NIST 800-171, and whether it will actually simplify or complicate compliance.


🥃 Spirit Review


One of Us Mezcal — This small-batch mezcal impresses with its earthy smoke, hints of citrus, and smooth finish. The guys compare it to other craft agave spirits they’ve tried and debate whether it pairs better with a quiet evening or post-recording celebration.


Find it here:

https://oneofusmezcal.com/products/cuishe-mezcal-the-wild-one


⏱️ Timestamps


0:00 – Introduction & Travel Mishap

6:25 – New Laptop Twins & Backup Strategies

11:35 – NY DFS Part 500 Updates

27:30 – DFS Reporting & Organizational Accountability

33:30 – Negotiating Security Requirements

47:46 – Cultural Nuances in Negotiation

50:20 – Spirit Review: One of Us Mezcal

52:55 – TPRM Is Worthless?

57:50 – Fixing Broken Vendor Risk Workflows

1:08:21 – Vendor Resilience vs. Security

1:18:20 – New DoW/DoD Cybersecurity Risk Management Construct

1:35:06 - BSides Pittsburgh Planning & Sponsorship

1:38:35 - DSP at TRISS

1:39:51 – Closing Remarks & Outro


🎧 Hosts


Justin Leapline – @justinleapline

Joe Wynn – @wynnjoe

Rick Yocum – @rickyocum


🌐 Connect with Us


Website: distilledsecuritypodcast.com

🐦 Twitter: @DisSecPod

📧 Email: hello@distilledsecuritypodcast.com


Published on 13 hours ago






If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate