Sign up to save your podcasts
Or
Share Episode 23: Nobody read the report
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 23: Nobody read the report
In this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.
We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry.
Topics Covered
- The Delve scandal—leaked reports, copy-pasted audits & pervasive deficiencies
- The AICPA peer review process & AC Corp's adverse findings
- SOC 2 vs ISO 27001—oversight models, witness audits & accreditation
- The incentive structure driving compliance to the bottom
- Compliance automation — what works, what doesn't & AI's real role
- What to ask your auditor before signing anything
- Trust centers — done right vs. compliance theater
- Is SOC 2 dead? What needs to change & who has to change it
Hosts
- Justin Leapline – @justinleapline
- Joe Wynn – @wynnjoe
- Rick Yocum – @rickyocum
Hosts
- Matthew J. Schiavone - (Sikich)
Connect with Us
- Website: distilledsecuritypodcast.com
- X: @DisSecPod
- Email: [email protected]
View all episodes
By Justin Leapline, Joe Wynn, and Rick YocumIn this episode of the Distilled Security Podcast, we break down the Delve scandal—flawed SOC 2 reports, copy-pasted content, and oversight failures that expose deeper issues in compliance-as-a-service. Joined by Matthew J. Schiavone, we examine auditor accountability, quality review gaps, and key differences between SOC 2 and ISO 27001.
We also cover what companies should demand from auditors, the role of automation, and whether this scandal will drive real change in the industry.
Topics Covered
- The Delve scandal—leaked reports, copy-pasted audits & pervasive deficiencies
- The AICPA peer review process & AC Corp's adverse findings
- SOC 2 vs ISO 27001—oversight models, witness audits & accreditation
- The incentive structure driving compliance to the bottom
- Compliance automation — what works, what doesn't & AI's real role
- What to ask your auditor before signing anything
- Trust centers — done right vs. compliance theater
- Is SOC 2 dead? What needs to change & who has to change it
Hosts
- Justin Leapline – @justinleapline
- Joe Wynn – @wynnjoe
- Rick Yocum – @rickyocum
Hosts
- Matthew J. Schiavone - (Sikich)
Connect with Us
- Website: distilledsecuritypodcast.com
- X: @DisSecPod
- Email: [email protected]