Is compliance just a checkbox, or the backbone of real security?

Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.

Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.

Impactful Moments:

00:00 – Introduction

01:00 – Does compliance equal security?

02:09 – Jeff returns with PCI firepower

03:15 – Defining security vs. compliance

05:33 – “Show me what you’re doing”

06:45 – Six goals at PCI’s core

10:45 – Security is watching, not reacting

13:30 – Companies secure because they have to

15:00 – PCI gave red teams their jobs

16:30 – Stripe and Square absorb PCI burden

19:30 – PCI 4.0 causes confusion

21:00 – Vendors aren’t your trusted advisors

22:30 – “Hate me, but I’ll help”

Links:

Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:

https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/