SecurityMetrics Podcast

In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss:How to determine which HITRUST Assessment type to chooseHow to prepare for a HITRUST Validation AssessmentWhat to expect from a SecurityMetrics HITRUST AssessmentReady to discuss your HITRUST needs? Request a quote here.Read our new HITRUST 101 White Paper here.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Learn more about cyber risks for small businesses: Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you.Learn how SecurityMetrics can help you navigate this regulatory landscape. We'll discuss:Why your processor is making you do PCI compliance: Did you know that nearly half of all cyberattacks target small businesses?What calling into SecurityMetrics looks like. Learn what information you need handy so you can get your compliance done as quickly as possible, and the questions you should ask to get the best service.Support Stories: Discover how other small businesses have successfully leveraged SecurityMetrics to achieve compliance.Tips and Tricks: Get practical advice on how to optimize your PCI compliance efforts and minimize risks, keeping your business and your customers more secure.Whether you're just starting your PCI compliance journey or looking to improve your existing processes, this video will provide valuable insights and actionable advice.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial.In this episode, our panelists discuss:Understanding PCI 4.0 for e-commerce: Learn about the key changes and their implications for your business, especially if you're a small or medium-sized enterprise.Combatting e-commerce skimmers: Discover how attackers target online transactions and the measures you can take to protect your customers' data.The power of script analysis: Understand how script scanning can help identify and mitigate vulnerabilities on your e-commerce website.Securing dynamic content: Explore the challenges of protecting websites with constantly changing content.Choosing the right security solution: Weigh the pros and cons of agent-based and agentless solutions, considering the specific needs of your business.Whether you're a seasoned PCI professional or just starting your compliance journey, learn this episode provides valuable insights to help you safeguard your e-commerce business and protect your customers' sensitive information.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activityAre you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss their journey of creating a guide designed to help families have conversations about online safety.In this episode, you'll learn:Why open communication is key: Discover how Sean and Emma fostered an environment of trust and understanding about online safety.Common online dangers: Understand the risks your child may face, such as sharing personal information, cyberbullying, and meeting strangers online.Practical tips for parents: Get actionable advice on how to set boundaries, have difficult conversations, and create a safe online space for your child.Whether you're a new parent or a seasoned digital native, this podcast will help you start conversations and find resources to help you protect your child in the ever-evolving online world.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Links from the episode:https://405d.hhs.gov/Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0.Learn which one is right for your business based on your payment processing environment.Learn about:Different SAQ types for merchantsEligibility criteria for each SAQ typeFactors to consider when choosing a SAQ typeSimplifying your PCI complianceListen now to learn what your business can do to protect itself from data breaches and be compliant.#PCIcompliance #paymentsecurity #merchant #smallbusiness #cybersecurityhttps://www.youtube.com/watch?v=XoR0Tt8uHl4 Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud environments.This episode dives deep into DevOps practices, the role of Terraform, Azure vs AWS, and the challenges organizations face when adopting cloud technologies. Kyler shares valuable insights on overcoming common hurdles, fostering a blameless culture, and the future of DevOps. Don't miss this engaging conversation!Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Worried about hotel hacking? This episode unveils the cybersecurity protocols of resorts like Atlantis. ️Dive deep into the unique challenges of cybersecurity in hospitality, from balancing guest convenience with ironclad defenses to training a diverse workforce.Tsega Thompson, Executive Director of Cybersecurity and Data Privacy at Atlantis Resorts, shares her insights on:Getting into CybersecuritySpecial Challenges of Cyber in the Hotel IndustryTraining your workforce effectivelyThis is your essential guide to cybersecurity in the hospitality industry, packed with valuable tips for travelers and hospitality professionals alike.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments.Join Jen Stone and James Farnsworth as they discuss:The critical role of scoping: Learn how to align business needs with technical assessments for a truly impactful pen test.The difference between a vulnerability scan and a penetration testUnlocking report potential: Discover how to leverage pen testing reports for maximum security benefit.Tips for fostering a successful collaboration with your pen testing service.Stop seeing penetration testing as a checkbox exercise and transform it into a powerful tool for boosting your organization's security posture.Bonus Resources:PenTest FAQs:https://www.youtube.com/watch?v=EECUTDMn43U James' Previous Episode: Hacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Providers (MSPs) can empower healthcare organizations to achieve HIPAA compliance.Learn about:The challenges of data discovery and data sprawl in healthcare organizations.The importance of having a documented HIPAA compliance program.The difference between required and addressable HIPAA controls.Choosing the right MSP for your healthcare organizationHow to successfully collaborate with HIPAA compliance officers within healthcare organizations.Why HIPAA Compliance goes beyond a BAABonus Resources:David Sims and Donna Grindle's Podcast: Help Me With HIPAA (@Helpmewithhipaa) https://helpmewithhipaa.com/HIPAA for MSPs: https://www.hipaaformsps.com/American Institute of Healthcare Compliance (AIHC): https://aihc-assn.org/SM Podcast Episodes with Donna Grindle:HHS 405(d) Fundamentals: A Guide for Healthcare Providers and MSPs | SecurityMetrics Podcast 92HIPAA Basics: Where to Start with Practices and Training | SecurityMetrics Podcast 63HHS 405(d) - What You Need To Know | SecurityMetrics Podcast 45Business Continuity during Healthcare Crisis | SecurityMetrics Podcast 6Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Struggling to automate security tasks? Feeling overwhelmed by the process?This episode of the SecurityMetrics podcast dives deep into the world of automation with guest Molly Breen, founder and CEO of Perigee. Molly, a recognized cybersecurity and innovation expert, dismantles the myth of automation being a complex "one size fits all" solution.In this episode, you'll learn:How to identify the best manual processes to automate for maximum impactPractical steps to overcome common automation friction pointsHow to leverage AI to enhance automation efforts and make them even more efficientThe exciting future of automation and AI in the security landscapeReal-world use cases that showcase the power of automationWhether you're a security professional or simply looking to streamline workflows, this episode offers valuable insights and actionable tips to get you started.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chaudhuri, to discuss data security and data risk management.Listen to learn:Why automation is essential for effective data security.The importance of a "human-assisted" approach to data security.How Ani's company helps organizations achieve data security goals.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester.Listen to learn:The best tools to learn penetration testing skills.The numerous roles within the penetration testing umbrella.Possible paths of education to start your penetration testing career.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it.Listen to learn:How to attain an entry-level cybersecurity position.Why companies should focus more on employee trainings.The benefits of allowing employees time to learn during the workday.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors.Listen to learn:How to frame cybersecurity risks in a way that aligns with business objectives and priorities.How to break down complex security concepts for executives.How to create a healthy relationship with executives.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working together to provide free cybersecurity guidance to healthcare organizations.Listen to learn:How the HHS provides specific guidance for HIPAA compliance with HICUP.How the 405(d) program provides resources and guidance for HIPAA compliance.The upcoming HIPAA boot camp that is designed to teach healthcare professionals about HIPAA compliance and cybersecurity best practices.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understand acquirer roles in PCI compliance and gain insights into the broader payments industry.Listen to learn:-How acquirers aid merchants in PCI compliance.-The importance of collaboration within the payments industry-How PCI compliance serves as a strong foundation for overall security postureFilmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Founder of Privaxi, CISA, CISO, CISM, CCSFP) to discuss how organizations can better approach HITRUST compliance.Listen to learn:How HITRUST differs from HIPAAHow HITRUST can be beneficial to your organizationHow SecurityMetrics and Privaxi ensure organizations are well-equipped to navigate the HITRUST journey.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

In this episode of the SecurityMetrics Podcast, Jen Stone chats with Keith O' Looney, an expert in multi-factor authentication (MFA) and PCI DSS compliance. They discuss the new requirements for MFA in PCI DSS 4.0, the challenges organizations face in implementing MFA, and how behavioral biometrics offer a unique solution. Learn how to navigate the changing landscape of cybersecurity and protect your data with robust authentication measures.Listen to learn:The new PCI DSS 4.0 requirements for multi-factor authentication (MFA), including: How traditional MFA methods are becoming less secure and can create friction for users.How behavioral biometrics offers a promising solution for frictionless and phishing-resistant MFA.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.#PCIDSS #PCI #MFA #multifactorauthentication #cybersecurity #BPO #remoteaccess #behavioralbiometrics #SecurityMetrics #SecurityMetrics Podcast

In this episode of the SecurityMetrics podcast, Jen Stone chats with Heidi Babi, an ISA, PCIP, and CISSP at Mars Corporation, about managing PCI compliance in a massive, complex organization with hundreds of data flows.Listen to learn:How to break down overwhelming requirements into manageable steps and design flexible solutions for future growth.How to utilize compensating controls and customized solutions to achieve robust security.How to build rapport with internal teams to create a more functional and effective PCI program for your company.Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Join Jen Stone of SecurityMetrics as she sits down with two industry veterans, Gary Glover (VP of Assessments at SecurityMetrics) and Andy Barratt (VP of Assurance Business at Coalfire), for a lively discussion about their careers, the challenges of PCI compliance, and the unique collaboration they share through the PCI Security Standards Council's GEAR program.Listen to learn:How this vital program that brings together leading QSA companies to provide feedback and influence on PCI standards.Get insights into where the PCI landscape is headed and how GEAR is shaping its evolution.Discover how Gary and Andy, despite representing rival companies, find common ground and work together to improve the industry.Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting.Listen to learn:How the community meeting provides a valuable opportunity to learn about the new requirements and get help with PCI implementation.How assessors are playing a critical role in helping organizations prepare for the transition.Why collaboration is a key theme of the PCI Community Meeting.The podcast can be helpful for:Merchants who are preparing for the PCI DSS version 4.0 transition.Assessors who are helping organizations with the transition.-Anyone who wants to learn more about PCI security standards.Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups. Listen to learn:How the PCI Security Standards Council is continuously evolving the SSF to keep pace with emerging threats and technologies.Why the SSF replaced the previous Payment Application Data Security Standard (PADSS).The recent updates to SSF to address the increasing use of cloud-based applications.Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:The mission of EMVCo and its key technical initiativesHow PCI SSC and EMVCo collaborate to ensure industry alignmentEMVCo's work on mobile payment acceptance and PCI SSC's work regarding securityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:How malicious actors use scripts to steal informationWhy PCI DSS requirements were added to deal with this threatJscrambler's approach to payment page script management Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:What an API isWhy APIs are targetsHow to keep APIs secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1What the risks are to payment page scripts in consumer browsersSome of the solutions available to meet these requirementsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:How Infosend approached the shift to being assessed against PCI DSS 4.0Why companies should make the shift to PCI DSS 4.0 nowAdvice offered to others making the transition to PCI DSS 4.0Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:Hackers vs. cybercriminalsVulnerability disclosure policies (VDPs) vs. bug bountiesPCI DSS post-disclosure obligations Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)Filmed at the 2023 PCI Community Meeting in Portland, Oregon.[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:His unique entry into cybersecurityHow he continually found non-traditional ways to forge forward in his careerHow introspection and communication make him a better technology professionalHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:The role of BT as a PCI Principle Participating Organization (PPO)PCI payment security groups BT is interested in collaborating onBT representation on the PCI Board of AdvisorsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:Elements of a mature regulatory compliance programSteps you can take to create a mature compliance program in your organizationChallenges you might face, and how to resolve themHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use.  Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Different types of machine learning-AI governance and cyber risk-Risks and rewards of artificial intelligenceResources:Privacy LabsStarrett LawHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Issues for companies developing or using AIConcerns about privacy, transparency, and accountabilityHow regulations or certifications could be appliedHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

If you're a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions.  Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Common questions about PCI DSS requirementsUnderstanding which requirements are applicable to youWhere to go for additional help filling out the SAQHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

If you're a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions.  Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Common questions about PCI DSS requirementsUnderstanding which requirements are applicable to you-Where to go for additional help filling out the SAQHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

PCI DSS Version 4.0 includes several large changes and updates to the compliance space, especially for universities. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) do a deep dive on what universities need to know for PCI 4.0. Listen to learn:Updates relating to universities for PCI v4.0 requirementsCybersecurity best practicesTips for universities to stay secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Many organizations struggle to translate cyber risk to business risk. When organizations understand how to identify, quantify, and communicate risk, they give senior leadership the tools they need to apply resources to mitigate that risk. Ryan Leirvik, Founder and CEO of Neuvik Solutions and author of Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What we mean by “risk”How to identify and measure risk across the organizationReal-world examples of how risk can inform decision makingHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:The importance of risk assessments in generalRisk analysis in the healthcare space How to successfully conduct a risk assessmentHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Why it's critical to know who is accessing patient data?-How to know who is accessing critical data-Real-world stories of unauthorized access and what to do about itHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Kieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone  (MCIS, CISSP, CISA, QSA) to discuss:What SaaS means in the context of the cloudThe risks third parties may introduce in terms of SaaSHow leaders can prepare to handle data leakage in these environmentsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Cybersecurity and risk management are often tossed to technical teams, but when these are driven by operations, the entire organization benefits.In today's episode, Jen Stone sits with Grant Elliott (CEO and co-founder of Ostendio, and Adjunct Professor at the Pratt Institute New York) to discuss:Communicating with upper-level management and set expectations on security success Managing security for the long term, as opposed to one-and-done complianceCreating an operational approach to cybersecurityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

It is axiomatic in our industry that you can't protect what you don't know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone  (MCIS, CISSP, CISA, QSA) to discuss:What asset management is and why it is importantFirst steps any organization should take to implement asset managementA high-level overview of some standard ways to manage asset inventory, and how runZero solves common problemsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security engineer, product builder and CEO of YouAttest) sit to discuss:What identity management is and why it is importantFirst steps to take to implement identity managementMulti-factor authentication, governance, and other critical aspects of identity securityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone  (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current critical infrastructure landscape.Listen to learn:What organizations are critical infrastructureCurrent threats to our critical infrastructureHow can CMMC can help strengthen an organization's cybersecurity stanceKatie ArringtonHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss:The work of 405(d) and how it can help your organizationExciting new training available through the PriSec BootcampWhy we start with risk management in the healthcare industryDonna's "Help Me With HIPAA" PodcastHHS WebsiteHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn:Most common breach types this yearTips to help your employees stay secureHow to respond to a data breachHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure."Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank accounts, or even your business. Tune in this week as Jen Stone and Noah Pack give you the essentials to keep your personal data safe.Listen to learn:-Essentials to keep data safe-How to help employees that are easily phished-Keeping a secure business beyond PCI complianceHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Noah Pack (Threat Hunter/SOC Analyst, Security+, ITF+, Sophos Certified Engineer).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO.Listen to Learn:What is an ISO?How can ISOs help their merchants?Tips for an ISO / ISO Program Best Practices[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share."Privacy rights are often unpinned from security, but they're critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianus Warmenhoven  (Defensive Strategist and Threat Intelligence Manager at NordVPN) in a wide-ranging conversation about privacy, security, risk, and compliance.Listen to learn:-How privacy and security are related-Who should make risk-based decisions-Regaining personal privacy in our increasingly connected world[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management.Listen to learn:What is an attack surface?Attack surface management VS vulnerability management VS endpoint security management.How can teams gain contextual awareness of their environments?Subscribe to the SecurityMetrics Podcast Email![Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.