Episode 23: Nobody read the report
No se pudo agregar al carrito
Solo puedes tener X títulos en el carrito para realizar el pago.
Add to Cart failed.
Por favor prueba de nuevo más tarde
Error al Agregar a Lista de Deseos.
Por favor prueba de nuevo más tarde
Error al eliminar de la lista de deseos.
Por favor prueba de nuevo más tarde
Error al añadir a tu biblioteca
Por favor intenta de nuevo
Error al seguir el podcast
Intenta nuevamente
Error al dejar de seguir el podcast
Intenta nuevamente
Episode 23: Nobody read the report
-
Narrado por:
-
De:
In this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.
We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry.
Topics Covered
- The Delve scandal—leaked reports, copy-pasted audits & pervasive deficiencies
- The AICPA peer review process & AC Corp's adverse findings
- SOC 2 vs ISO 27001—oversight models, witness audits & accreditation
- The incentive structure driving compliance to the bottom
- Compliance automation — what works, what doesn't & AI's real role
- What to ask your auditor before signing anything
- Trust centers — done right vs. compliance theater
- Is SOC 2 dead? What needs to change & who has to change it
Hosts
- Justin Leapline – @justinleapline
- Joe Wynn – @wynnjoe
- Rick Yocum – @rickyocum
Hosts
- Matthew J. Schiavone - (Sikich)
Connect with Us
- Website: distilledsecuritypodcast.com
- X: @DisSecPod
- Email: hello@distilledsecuritypodcast.com
Todavía no hay opiniones