SecurityMetrics Podcast

The SecurityMetrics Podcast, hosted by Jen Stone (Principal Security Analyst, QSA, CISSP, CISA), will help you understand current data security and compliance trends. Each episode will feature a different security professional offering tips and security best practices.

Data Risk Management: Building a Safer Data-Driven World | SecurityMetrics Podcast 96

There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chaudhuri, to discuss data security and data risk management.Listen to learn:Why automation is essential for effective data security.The importance of a "human-assisted" approach to data security.How Ani's company helps organizations achieve data security g...

05-21
28:23

Hacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95

Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester.Listen to learn:The best tools to learn penetration testing skills.The numerous roles within the penetration testing umbrella.Possible paths of education to start your penetration testi...

05-07
42:21

Bridging the Cybersecurity Skills Gap | SecurityMetrics Podcast 94

Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it.Listen to learn:How to attain an entry-level cybersecurity position.Why companies should focus more on employee trainings.The benefits of allowing employees time to learn during the workday.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any p...

04-23
36:07

How to Communicate Cybersecurity Risk Effectively | SecurityMetrics Podcast 93

Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors.Listen to learn:How to frame cybersecurity risks in a way that aligns with business objectives and priorities.How to break down complex security concepts for executives.How to create a healthy relationship with executives.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementin...

04-10
37:46

HHS 405(d) Fundamentals: A Guide for Healthcare Providers and MSPs | SecurityMetrics Podcast 92

Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working together to provide free cybersecurity guidance to healthcare organizations.Listen to learn:How the HHS provides specific guidance for HIPAA compliance with HICUP.How the 405(d) program provides resources and guidance for HIPAA compliance.The upcoming H...

03-26
41:12

Demystifying the Acquirer's Role in PCI Compliance | SecurityMetrics Podcast 91

Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understand acquirer roles in PCI compliance and gain insights into the broader payments industry.Listen to learn:-How acquirers aid merchants in PCI compliance.-The importance of collaboration within the payments industry-How PCI compliance serves as a strong fo...

03-12
19:09

HITRUST Certification: Navigating Challenges & Solutions | SecurityMetrics Podcast 90

HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Founder of Privaxi, CISA, CISO, CISM, CCSFP) to discuss how organizations can better approach HITRUST compliance.Listen to learn:How HITRUST differs fr...

02-27
32:52

Securing the CDE: Navigating Multi-Factor Authentication in PCI DSS 4.0 | SecurityMetrics Podcast 89

In this episode of the SecurityMetrics Podcast, Jen Stone chats with Keith O' Looney, an expert in multi-factor authentication (MFA) and PCI DSS compliance. They discuss the new requirements for MFA in PCI DSS 4.0, the challenges organizations face in implementing MFA, and how behavioral biometrics offer a unique solution. Learn how to navigate the changing landscape of cybersecurity and protect your data with robust authentication measures.Listen to learn:The new PCI DSS 4.0 requirements for...

02-13
35:15

PCI Compliance at Scale: Challenges & Solutions with Mars Global Team | SecurityMetrics Podcast 88

In this episode of the SecurityMetrics podcast, Jen Stone chats with Heidi Babi (PCI Security Assurance & Compliance Sr. Lead at Mars Corporation) about managing PCI compliance in a massive, complex organization with hundreds of data flows.Listen to learn:How to break down overwhelming requirements into manageable steps and design flexible solutions for future growth.How to utilize compensating controls and customized solutions to achieve robust security.How to build rapport with internal...

01-04
20:28

Inside GEAR: How QSAs are Influencing the Future of Payment Security Standards

Join Jen Stone of SecurityMetrics as she sits down with two industry veterans, Gary Glover (VP of Assessments at SecurityMetrics) and Andy Barratt (VP of Assurance Business at Coalfire), for a lively discussion about their careers, the challenges of PCI compliance, and the unique collaboration they share through the PCI Security Standards Council's GEAR program.Listen to learn:How this vital program that brings together leading QSA companies to provide feedback and influence on PCI standards....

12-20
25:49

Preparing for PCI DSS Version 4.0: Insights from the Community Meeting | SecurityMetrics Podcast 86

In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting.Listen to learn:How the community meeting provides a valuable opportunity to learn about the new requirements and get help with PCI implementation.How assessors are playing a critical role in...

12-13
21:32

Updates to the Software Security Framework (SSF) from PA-DSS | SecurityMetrics Podcast 85

This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups. Listen to learn:How the PCI Security Standards Council is continuously evolving the SSF to keep pace with emerging threats and technologies.Why the SSF replaced the previous Payment Application ...

12-12
27:38

EMVCo and PCI: How These Security Standards Support Each Other | SecurityMetrics Podcast 84

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, Q...

12-08
21:20

Data Leakage: How PCI DSS 4.0 Requirements Help | SecurityMetrics Podcast 83

The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:How malicious actors use scripts...

12-07
28:42

Protecting APIs | SecurityMetrics Podcast 82

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:What an API isWhy APIs are targetsHow to keep APIs secureHosted by Jen Stone, Principal Security Ana...

11-21
21:42

Emerging PCI DSS 4.0 Requirements: Solutions to 6.4.3 and 11.6.1 | SecurityMetrics Podcast 81

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1W...

11-14
36:00

PCI DSS 4.0: One Organization’s Experience | SecurityMetrics Podcast 80

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:How Infosend approached the shift to being assessed against PCI DSS 4.0Why companies should make the shift to PCI DSS 4.0 nowAdvice offered to others making the transition to PCI DSS 4.0H...

11-08
18:15

Responding to Hackers: Vulnerability Disclosures and Bug Bounties | SecurityMetrics Podcast 79

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:Hackers vs. cybercriminalsVulnerability disclosure policies (VDPs) vs. bug bounti...

11-06
35:14

Carving Your Own Cybersecurity Path: Growth Beyond Your First Job | SecurityMetrics Podcast 78

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:His unique entry into cybersecurityHow he continually found non-traditional ways to forge forward in his careerHow introspection and communication...

10-11
24:13

PCI Participating Organizations: How BT Supports Card Data Security | SecurityMetrics Podcast 77

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:The role of BT as a PCI Principle Participating Organization (PPO)PCI payment security groups BT is interested in collaborating onBT representation...

10-03
18:04

M Fawls

Great episode. First time listening, actually didn't expect much based on other security podcasts I've listened to. Pleasant surprise to hear a broad but substantive discussion on a topic that has a lot of noise around it. Will be checking out more episodes.

12-14 Reply

Recommend Channels