Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial. In this episode, our panelists discuss:…

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activity Are you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss…

Links from the episode: https://405d.hhs.gov/ Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data. Request a Quote for a PCI Audit ► https…

Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0. Learn which one is right for your business based on your payment processing environment. Learn about: Different SAQ types for merchants Eligibilit…

Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud…

Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments. Join Jen Stone and James Farnsworth as they discuss: The critical role of scoping: Learn how to align business needs with technical assessments…

This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Providers (MSPs) can empower healthcare organizations to achieve HIPAA compliance. Learn about: The challeng…

Struggling to automate security tasks? Feeling overwhelmed by the process? This episode of the SecurityMetrics podcast dives deep into the world of automation with guest Mollie Breen, founder and CEO of Perygee. Mollie, a recognized cybersecurity and innovation expert, dismantles the myth of automation being a complex "one size fits all" solution. …

There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chaudhuri, to discuss data security and data risk management. Listen to learn: Why automation is essential for…

Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester. Listen to learn: The best tools to le…

Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it. Listen to learn: How to attain an entry-level cybersecurity position. Why companies should focus more on employee trainings. The benefits of allowing em…

Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors. Listen to learn: How to frame cybersecurity risks in a way that aligns with business objectives and priorities. How to break down complex security concepts for executives. How t…

Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working together to provide free cybersecurity guidance to healthcare organizations. Listen to learn: How the HHS …

Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understand acquirer roles in PCI compliance and gain insights into the broader payments industry. Listen to learn: …

HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Foun…

In this episode of the SecurityMetrics Podcast, Jen Stone chats with Keith O' Looney, an expert in multi-factor authentication (MFA) and PCI DSS compliance. They discuss the new requirements for MFA in PCI DSS 4.0, the challenges organizations face in implementing MFA, and how behavioral biometrics offer a unique solution. Learn how to navigate the…

In this episode of the SecurityMetrics podcast, Jen Stone chats with Heidi Babi (PCI Security Assurance & Compliance Sr. Lead at Mars Corporation) about managing PCI compliance in a massive, complex organization with hundreds of data flows. Listen to learn: How to break down overwhelming requirements into manageable steps and design flexible soluti…

Join Jen Stone of SecurityMetrics as she sits down with two industry veterans, Gary Glover (VP of Assessments at SecurityMetrics) and Andy Barratt (VP of Assurance Business at Coalfire), for a lively discussion about their careers, the challenges of PCI compliance, and the unique collaboration they share through the PCI Security Standards Council's…

In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting. Listen to learn: How the community meeting …

This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups. Listen to learn: How the PCI Security Standards…

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, an…

The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with…

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them. Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at…

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode. Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analy…

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: How Infosend approached the shift to be…

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP,…

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss…

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:…

Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Secur…

We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use. Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP…

Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: Issu…

If you’re a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions. Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: Common questions about PCI …

PCI DSS Version 4.0 includes several large changes and updates to the compliance space, especially for universities. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) do a deep dive on what universities need to know for PCI 4.0. Listen to learn: Updates relating to universitie…

Many organizations struggle to translate cyber risk to business risk. When organizations understand how to identify, quantify, and communicate risk, they give senior leadership the tools they need to apply resources to mitigate that risk. Ryan Leirvik, Founder and CEO of Neuvik Solutions and author of Understand, Manage, and Measure Cyber Risk: Pra…

Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: The importance of risk assessments in general Risk analys…

Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: -W…

With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Sieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: What SaaS means in the context of the cloud The risks third parties may introduce in…

Cybersecurity and risk management are often tossed to technical teams, but when these are driven by operations, the entire organization benefits.In today's episode, Jen Stone sits with Grant Elliott (CEO and co-founder of Ostendio, and Adjunct Professor at the Pratt Institute New York) to discuss: Communicating with upper-level management and set e…

It is axiomatic in our industry that you can’t protect what you don’t know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, …

Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security en…

Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current criti…

HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss: The work of 405(d) and how it can help your organization Exciti…

"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number." Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn: Most common breach type…

"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure." Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank acco…

Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO. Listen to Learn: What is an ISO? How can ISOs help their merchants? Tips for an ISO / ISO Program Best Practices [Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department…

"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share." Privacy rights are often unpinned from security, but they’re critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianu…

Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management. Listen to learn: What is an attack surface? Attack surface management VS vulnerability management VS endpoint security management. How can teams gain contextual awareness of their enviro…

"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish." There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this …

Subscribe to the SecurityMetrics Podcast Email! Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Chase Pettet (Chief Security Architect at Archer Integrated Risk Management) dive into cloud security 101. Listen to learn: What is driving the continued shift to the cloud? Does being in the cloud require organizations to think about their a…

"In order for us to meet our end objective of risk mitigation on software and applications, we have to get the developers on our side. If you do not collaborate with the developers, you're not going to be able to manage that risk" Tune in this week as Jen Stone and Harshil Parikh discuss how to eliminate friction between development and security. L…