Episode 13: Insider Threats, the CISO's Role, and Reporting Lines

Episode 13 of the Distilled Security Podcast is here!

Join us as we explore:

• The Coinbase Breach: A breakdown of Coinbase’s recent insider-driven breach, including social engineering, bribery of offshore contractors, and how the company responded publicly and operationally.
• Building Insider Threat Programs: The crew shares practical approaches to detecting insider misuse, behavioral monitoring, and the potential for "job descriptions as code."
• CISO Liability and Insurance: Discussion on the evolving legal exposure for CISOs, personal liability, and whether directors and officers (D&O) insurance is a must-have.
• Board-Level Cyber Risk: Should cybersecurity roll up to the audit committee or its own risk committee? The team explores where security leadership best fits in organizational governance.
• Communication and Legal Risk: How careless comments—public or internal—can be used against organizations, and why CISOs and leaders must strike a balance between transparency and caution.
• Modern Risk Management: Turning technical issues into business risk conversations, why documentation matters, and how strong risk communication can help CISOs avoid being scapegoated.
• BSides Pittsburgh Update: With over 600 tickets already sold, the team gives updates on ticket tiers, t-shirts, speaker schedules, and why you should register by June 13.
• Bourbon Review – Widow Jane Lucky 13: To celebrate episode 13, the crew samples Widow Jane Lucky 13—a smooth, toffee-forward bourbon aged 13 years.
• Reporting Lines: Where and how security should be structured within the organization, from effectiveness to liability and more.

Hosts

• Justin Leapline - LinkedIn
• Joe Wynn - LinkedIn
• Rick Yocum - LinkedIn

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: [email protected]