Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it. Listen to learn: How to attain an entry-level cybersecurity position. Why companies should focus more on employee trainings. The benefits of allowing em…

Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors. Listen to learn: How to frame cybersecurity risks in a way that aligns with business objectives and priorities. How to break down complex security concepts for executives. How t…

Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working together to provide free cybersecurity guidance to healthcare organizations. Listen to learn: How the HHS …

Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understand acquirer roles in PCI compliance and gain insights into the broader payments industry. Listen to learn: …

HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Foun…

In this episode of the SecurityMetrics Podcast, Jen Stone chats with Keith O' Looney, an expert in multi-factor authentication (MFA) and PCI DSS compliance. They discuss the new requirements for MFA in PCI DSS 4.0, the challenges organizations face in implementing MFA, and how behavioral biometrics offer a unique solution. Learn how to navigate the…

In this episode of the SecurityMetrics podcast, Jen Stone chats with Heidi Babi (PCI Security Assurance & Compliance Sr. Lead at Mars Corporation) about managing PCI compliance in a massive, complex organization with hundreds of data flows. Listen to learn: How to break down overwhelming requirements into manageable steps and design flexible soluti…

Join Jen Stone of SecurityMetrics as she sits down with two industry veterans, Gary Glover (VP of Assessments at SecurityMetrics) and Andy Barratt (VP of Assurance Business at Coalfire), for a lively discussion about their careers, the challenges of PCI compliance, and the unique collaboration they share through the PCI Security Standards Council's…

In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting. Listen to learn: How the community meeting …

This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups. Listen to learn: How the PCI Security Standards…

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, an…

The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with…

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them. Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at…

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode. Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analy…

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: How Infosend approached the shift to be…

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP,…

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss…

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:…

Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Secur…

We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use. Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP…

Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: Issu…

If you’re a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions. Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: Common questions about PCI …

PCI DSS Version 4.0 includes several large changes and updates to the compliance space, especially for universities. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) do a deep dive on what universities need to know for PCI 4.0. Listen to learn: Updates relating to universitie…

Many organizations struggle to translate cyber risk to business risk. When organizations understand how to identify, quantify, and communicate risk, they give senior leadership the tools they need to apply resources to mitigate that risk. Ryan Leirvik, Founder and CEO of Neuvik Solutions and author of Understand, Manage, and Measure Cyber Risk: Pra…

Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: The importance of risk assessments in general Risk analys…

Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: -W…

With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Sieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: What SaaS means in the context of the cloud The risks third parties may introduce in…

Cybersecurity and risk management are often tossed to technical teams, but when these are driven by operations, the entire organization benefits.In today's episode, Jen Stone sits with Grant Elliott (CEO and co-founder of Ostendio, and Adjunct Professor at the Pratt Institute New York) to discuss: Communicating with upper-level management and set e…

It is axiomatic in our industry that you can’t protect what you don’t know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, …

Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security en…

Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current criti…

HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss: The work of 405(d) and how it can help your organization Exciti…

"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number." Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn: Most common breach type…

"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure." Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank acco…

Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO. Listen to Learn: What is an ISO? How can ISOs help their merchants? Tips for an ISO / ISO Program Best Practices [Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department…

"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share." Privacy rights are often unpinned from security, but they’re critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianu…

Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management. Listen to learn: What is an attack surface? Attack surface management VS vulnerability management VS endpoint security management. How can teams gain contextual awareness of their enviro…

"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish." There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this …

Subscribe to the SecurityMetrics Podcast Email! Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Chase Pettet (Chief Security Architect at Archer Integrated Risk Management) dive into cloud security 101. Listen to learn: What is driving the continued shift to the cloud? Does being in the cloud require organizations to think about their a…

"In order for us to meet our end objective of risk mitigation on software and applications, we have to get the developers on our side. If you do not collaborate with the developers, you're not going to be able to manage that risk" Tune in this week as Jen Stone and Harshil Parikh discuss how to eliminate friction between development and security. L…

"Not long ago, companies didn't allow employees to take their work devices home, or even out of the network. Companies relied on the network security for these devices. In the past few years, we have all been forced to shift and figure out - how do we still keep work secure?" Mobile device management is a heavy lift. Security teams recognize the ri…

"I feel like many data security professionals feel like they're doing the right thing and making a difference, but there was a huge amount that said they were burning out. 65% of cybersecurity workers said they plan on leaving their jobs in the next 12 months." Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Thomas Kinsella (COO…

"The PCI Data Security Standard is a set of about 330 security controls that are designed to protect credit card information. For most small businesses, many of the requirements don't apply in their environment. The Self Assessment Questionnaire is a subset of the full PCI DSS standard designed to help small businesses validate their PCI compliance…

"Don't jump into becoming a QSA for a year and think 'I'm now going to go somewhere else and make a ton of money.' Spend some time really learning. That's the advantage to this job you can get so much experience so quickly and get exposure to so many aspects of cybersecurity." Breaking the barrier to the cybersecurity workforce can be difficult, es…

"The threat environment is becoming more aggressive, and the footprint that businesses need to protect is huge. Businesses need to reframe their expectations and reframe their focus." Reading the future is hard, especially in relation to cybersecurity. However, looking at current cyber trends helps us have a better idea of what is around the corner…

"If we think back to 9 years ago when the previous version came out, the world was really different then. We now have loads of new criminals who have found new ways to steal card holder data. The way we do InfoSec has changed massively in 9 years, so we definitely needed a new standard." With PCI 4.0 just recently released, many are left with quest…

"Simply, point to point encryption is encrypting your data at the beginning, and not decrypting it until it reaches its endpoint. This protects your data while it is being transferred." P2PE or “point-to-point encryption” can be the best way for merchants to take card present payments. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks …

Subscribe to the SecurityMetrics Podcast! "Hackers don't solely go after Fortune 500 companies. Almost everyone I know has some story with their Facebook getting hacked, or their bank information getting stolen. The way to tackle that is cybersecurity for yourself." It's a common misconception that hackers only go after large companies or entities,…

"How do I navigate this market, serve customers, and protect my brand reputation? At the executive level, that's the stuff they're thinking about. That trickles down to security objectives and initiatives. As a security leader, if you're in the head of your executive - what they want to do and why - then you can speak that language and drive better…

HHS recently launched its new 405(d) website to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the healthcare sector. Donna Grindle of the “Help Me with HIPAA” Podcast, sits down with Host and Principal Security Analyst Jen Stone (…