Shows
SecurityMetrics PodcastNew to PCI Compliance? Get the Support You Need | SecurityMetrics Podcast 106Learn more about cyber risks for small businesses: Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you.Learn how SecurityMetrics can help you navigate this regulatory landscape. We'll discuss:Why your processor is making you do PCI compliance: Did you know that nearly half of all cyberattacks target small businesses?What calling into SecurityMetrics looks like. Learn what information y...
2024-12-0344 minSecurityMetrics PodcastLuxury Getaways, Looming Threats: Cybersecurity in the Caribbean Hospitality Industry | SecurityMetrics Podcast Ep 100Worried about hotel hacking? This episode unveils the cybersecurity protocols of resorts like Atlantis. ️Dive deep into the unique challenges of cybersecurity in hospitality, from balancing guest convenience with ironclad defenses to training a diverse workforce.Tsega Thompson, Executive Director of Cybersecurity and Data Privacy at Atlantis Resorts, shares her insights on:Getting into CybersecuritySpecial Challenges of Cyber in the Hotel IndustryTraining your workforce effectivelyThis is your essential guide to cybersecurity in the hospitality industry, packed with valuable tips for tr...
2024-07-1731 minSecurityMetrics PodcastGetting more from Your Penetration Test: Stop Checking Boxes | SecurityMetrics Podcast Ep 99Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments.Join Jen Stone and James Farnsworth as they discuss:The critical role of scoping: Learn how to align business needs with technical assessments for a truly impactful pen test.The difference between a vulnerability scan and a penetration testUnlocking report potential: Discover how to leverage pen testing reports for maximum security benefit.Tips for fostering a successful collaboration with your pen testing service.Stop...
2024-07-0344 minSecurityMetrics PodcastLevel Up Your Healthcare Services: HIPAA Compliance for MSPs | SecurityMetrics Podcast 98This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Providers (MSPs) can empower healthcare organizations to achieve HIPAA compliance.Learn about:The challenges of data discovery and data sprawl in healthcare organizations.The importance of having a documented HIPAA compliance program.The difference between required and addressable HIPAA controls.Choosing the right MSP for your healthcare organizationHow to successfully collaborate with HIPAA...
2024-06-1937 minSecurityMetrics PodcastThe Future of Security: Leveraging Automation & AI | SecurityMetrics Podcast 97Struggling to automate security tasks? Feeling overwhelmed by the process?This episode of the SecurityMetrics podcast dives deep into the world of automation with guest Mollie Breen, founder and CEO of Perygee. Mollie, a recognized cybersecurity and innovation expert, dismantles the myth of automation being a complex "one size fits all" solution.In this episode, you'll learn:- How to identify the best manual processes to automate for maximum impact- Practical steps to overcome common automation friction points- How to leverage AI to enhance automation efforts and make them even more...
2024-06-0533 minSecurityMetrics PodcastData Risk Management: Building a Safer Data-Driven World | SecurityMetrics Podcast 96There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chaudhuri, to discuss data security and data risk management.Listen to learn:Why automation is essential for effective data security.The importance of a "human-assisted" approach to data security.How Ani's company helps organizations achieve data security goals.Hosted by Jen Stone...
2024-05-2128 minSecurityMetrics PodcastHacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester.Listen to learn:The best tools to learn penetration testing skills.The numerous roles within the penetration testing umbrella.Possible paths of education to start your penetration testing career.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
2024-05-0842 minSecurityMetrics PodcastBridging the Cybersecurity Skills Gap | SecurityMetrics Podcast 94Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it.Listen to learn:How to attain an entry-level cybersecurity position.Why companies should focus more on employee trainings.The benefits of allowing employees time to learn during the workday.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this...
2024-04-2336 minSecurityMetrics PodcastHow to Communicate Cybersecurity Risk Effectively | SecurityMetrics Podcast 93Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors.Listen to learn:How to frame cybersecurity risks in a way that aligns with business objectives and priorities.How to break down complex security concepts for executives.How to create a healthy relationship with executives.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you...
2024-04-1037 minSecurityMetrics PodcastHHS 405(d) Fundamentals: A Guide for Healthcare Providers and MSPs | SecurityMetrics Podcast 92Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working together to provide free cybersecurity guidance to healthcare organizations.Listen to learn:How the HHS provides specific guidance for HIPAA compliance with HICUP.How the 405(d) program provides resources and guidance for HIPAA compliance.The upcoming HIPAA boot camp that is designed to teach healthcare professionals about HIPAA compliance and...
2024-03-2741 minSecurityMetrics PodcastDemystifying the Acquirer's Role in PCI Compliance | SecurityMetrics Podcast 91Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understand acquirer roles in PCI compliance and gain insights into the broader payments industry.Listen to learn:-How acquirers aid merchants in PCI compliance.-The importance of collaboration within the payments industry-How PCI compliance serves as a strong foundation for overall security postureFilmed at the 2023 PCI Community Meeting in Dublin, Ireland....
2024-03-1219 minSecurityMetrics PodcastHITRUST Certification: Navigating Challenges & Solutions | SecurityMetrics Podcast 90HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Founder of Privaxi, CISA, CISO, CISM, CCSFP) to discuss how organizations can better approach HITRUST compliance.Listen to learn:How HITRUST differs from HIPAAHow HITRUST can be beneficial to your organizationHow SecurityMetrics and Privaxi ensure...
2024-02-2732 minSecurityMetrics PodcastSecuring the CDE: Navigating Multi-Factor Authentication in PCI DSS 4.0 | SecurityMetrics Podcast 89In this episode of the SecurityMetrics Podcast, Jen Stone chats with Keith O' Looney, an expert in multi-factor authentication (MFA) and PCI DSS compliance. They discuss the new requirements for MFA in PCI DSS 4.0, the challenges organizations face in implementing MFA, and how behavioral biometrics offer a unique solution. Learn how to navigate the changing landscape of cybersecurity and protect your data with robust authentication measures.Listen to learn:The new PCI DSS 4.0 requirements for multi-factor authentication (MFA), including: How traditional MFA methods are becoming less secure and can create friction for users.How b...
2024-02-1435 minSecurityMetrics PodcastPCI Compliance at Scale: Challenges & Solutions with Mars Global Team | SecurityMetrics Podcast 88In this episode of the SecurityMetrics podcast, Jen Stone chats with Heidi Babi (PCI Security Assurance & Compliance Sr. Lead at Mars Corporation) about managing PCI compliance in a massive, complex organization with hundreds of data flows.Listen to learn:How to break down overwhelming requirements into manageable steps and design flexible solutions for future growth.How to utilize compensating controls and customized solutions to achieve robust security.How to build rapport with internal teams to create a more functional and effective PCI program for your company.Filmed...
2024-01-0420 minSecurityMetrics PodcastPreparing for PCI DSS Version 4.0: Insights from the Community Meeting | SecurityMetrics Podcast 86In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting.Listen to learn:How the community meeting provides a valuable opportunity to learn about the new requirements and get help with PCI implementation.How assessors are playing a critical role in helping organizations prepare for the transition.Why collaboration is...
2023-12-1321 minSecurityMetrics PodcastUpdates to the Software Security Framework (SSF) from PA-DSS | SecurityMetrics Podcast 85This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups. Listen to learn:How the PCI Security Standards Council is continuously evolving the SSF to keep pace with emerging threats and technologies.Why the SSF replaced the previous Payment Application Data Security Standard (PADSS).The recent updates to SSF to address the increasing use...
2023-12-1227 minSecurityMetrics PodcastEMVCo and PCI: How These Security Standards Support Each Other | SecurityMetrics Podcast 84PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:The mission of EMVCo and its key technical initiativesHow...
2023-12-0821 minSecurityMetrics PodcastData Leakage: How PCI DSS 4.0 Requirements Help | SecurityMetrics Podcast 83The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:How malicious actors use scripts to steal informationWhy PCI DSS requirements were added to deal with this threat
2023-12-0728 minSecurityMetrics PodcastProtecting APIs | SecurityMetrics Podcast 82Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:What an API isWhy APIs are targetsHow to keep APIs secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)...
2023-11-2221 minSecurityMetrics PodcastEmerging PCI DSS 4.0 Requirements: Solutions to 6.4.3 and 11.6.1 | SecurityMetrics Podcast 81Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1What the risks are to payment page scripts in consumer browsersSome of...
2023-11-1536 minSecurityMetrics PodcastPCI DSS 4.0: One Organization’s Experience | SecurityMetrics Podcast 80With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:How Infosend approached the shift to being assessed against PCI DSS 4.0Why companies should make the shift to PCI DSS 4.0 nowAdvice offered to others making the transition to PCI DSS 4.0Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA...
2023-11-0818 minSecurityMetrics PodcastResponding to Hackers: Vulnerability Disclosures and Bug Bounties | SecurityMetrics Podcast 79Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:Hackers vs. cybercriminalsVulnerability disclosure policies (VDPs) vs. bug bountiesPCI DSS post-disclosure obligations Hosted by Jen Stone, Principal Security A...
2023-11-0635 minSecurityMetrics PodcastCarving Your Own Cybersecurity Path: Growth Beyond Your First Job | SecurityMetrics Podcast 78Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:His unique entry into cybersecurityHow he continually found non-traditional ways to forge forward in his careerHow introspection and communication make him a better technology professionalHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP...
2023-10-1124 minSecurityMetrics PodcastPCI Participating Organizations: How BT Supports Card Data Security | SecurityMetrics Podcast 77The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:The role of BT as a PCI Principle Participating Organization (PPO)PCI payment security groups BT is interested in collaborating onBT representation on the PCI Board of AdvisorsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP...
2023-10-0418 minSecurityMetrics PodcastComplex Regulatory Environments: How FIS Maintains a Mature Program | SecurityMetrics Podcast 76Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:Elements of a mature regulatory compliance programSteps you can take to create a mature compliance program in your organizationChallenges you might face, and how...
2023-09-2729 minSecurityMetrics PodcastAI in Context: Cybersecurity and Privacy Implications | SecurityMetrics Podcast 75We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use. Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Different types of machine learning-AI governance and cyber risk-Risks and rewards of artificial intelligenceResources:Privacy LabsStarrett LawHosted b...
2023-08-2940 minSecurityMetrics PodcastArtificial Intelligence: Opportunities and Risks | SecurityMetrics Podcast 74Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Issues for companies developing or using AIConcerns about privacy, transparency, and accountabilityHow regulations or certifications could be appliedHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before...
2023-08-1636 minSecurityMetrics PodcastAnswering Common PCI DSS Questions for Small and Medium Businesses | SecurityMetrics Podcast 73If you’re a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions. Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Common questions about PCI DSS requirementsUnderstanding which requirements are applicable to youWhere to go for additional help filling out the SAQHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Dis...
2023-08-0855 minSecurityMetrics PodcastPCI DSS Version 4.0 for Universities | SecurityMetrics Podcast 72PCI DSS Version 4.0 includes several large changes and updates to the compliance space, especially for universities. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) do a deep dive on what universities need to know for PCI 4.0. Listen to learn:Updates relating to universities for PCI v4.0 requirementsCybersecurity best practicesTips for universities to stay secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies...
2023-07-1959 minSecurityMetrics PodcastRisk: Bringing Together Business and Cyber Understanding | SecurityMetrics Podcast 71Many organizations struggle to translate cyber risk to business risk. When organizations understand how to identify, quantify, and communicate risk, they give senior leadership the tools they need to apply resources to mitigate that risk. Ryan Leirvik, Founder and CEO of Neuvik Solutions and author of Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What we mean by “risk”How to identify and measure risk across the organizationReal-world exam...
2023-06-2143 minSecurityMetrics PodcastRisk Assessments: Where to Begin | SecurityMetrics Podcast 70Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:The importance of risk assessments in generalRisk analysis in the healthcare space How to successfully conduct a risk assessmentHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this o...
2023-06-0748 minSecurityMetrics PodcastData Access Protection: A Critical Part of Security | SecurityMetrics Podcast 69Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Why it’s critical to know who is accessing patient data?-How to know who is accessing critical data-Real-world stories of unauthorized access and what to do about itHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Di...
2023-05-2440 minSecurityMetrics PodcastSaaS Data Security and Supply Chain Risks | SecurityMetrics Podcast 68With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Sieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What SaaS means in the context of the cloudThe risks third parties may introduce in terms of SaaSHow leaders can prepare to handle data leakage in these environmentsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or a...
2023-05-1036 minSecurityMetrics PodcastCybersecurity as an Operational Effort | SecurityMetrics Podcast 67Cybersecurity and risk management are often tossed to technical teams, but when these are driven by operations, the entire organization benefits.In today's episode, Jen Stone sits with Grant Elliott (CEO and co-founder of Ostendio, and Adjunct Professor at the Pratt Institute New York) to discuss:Communicating with upper-level management and set expectations on security success Managing security for the long term, as opposed to one-and-done complianceCreating an operational approach to cybersecurityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before i...
2023-04-2641 minSecurityMetrics PodcastAsset Management: Foundational to Cybersecurity | SecurityMetrics Podcast 66It is axiomatic in our industry that you can’t protect what you don’t know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What asset management is and why it is importantFirst steps any organization should take to implement asset managementA high-level overview of some standard ways to ma...
2023-04-1240 minSecurityMetrics PodcastIdentity Management: Why It Matters | SecurityMetrics Podcast 65Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security engineer, product builder and CEO of YouAttest) sit to discuss:What identity management is and why it is importantFirst steps to take to implement identity managementMulti-factor authentication, governance, and other critical aspects of identity securityHosted by Jen...
2023-03-2932 minSecurityMetrics PodcastCMMC: Protecting Critical Infrastructure | SecurityMetrics Podcast 64Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current critical infrastructure landscape.Listen to learn:What organizations are critical infrastructureCurrent threats to our critical infrastructureHow can CMMC can help strengthen an organization's cybersecurity stanceKatie ArringtonHosted by Jen S...
2023-03-1552 minSecurityMetrics PodcastHIPAA Basics: Where to Start with Practices and Training | SecurityMetrics Podcast 63HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss:The work of 405(d) and how it can help your organizationExciting new training available through the PriSec BootcampWhy we start with risk management in the healthcare industryDonna's "Help Me With HIPAA" PodcastHH...
2023-02-1541 minSecurityMetrics PodcastTop Breaches of 2022 | SecurityMetrics Podcast 62"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn:Most common breach types this yearTips to help your employees stay secureHow to respond to a data breachHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with...
2022-11-2347 minSecurityMetrics PodcastThings You're Doing WRONG to Keep Your Data Safe | SecurityMetrics Podcast 61"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure."Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank accounts, or even your business. Tune in this week as Jen Stone and Noah Pack give you the essentials to keep your personal data safe.Listen to learn:-Essentials to keep...
2022-11-1033 minSecurityMetrics PodcastHow Can ISOs Help Merchants With PCI Compliance? | SecurityMetrics Podcast 60Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO.Listen to Learn:What is an ISO?How can ISOs help their merchants?Tips for an ISO / ISO Program Best Practices[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► ht...
2022-10-2631 minSecurityMetrics PodcastPrivacy vs Security - Finding Balance in Compliance | SecurityMetrics Podcast 59"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share."Privacy rights are often unpinned from security, but they’re critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianus Warmenhoven (Defensive Strategist and Threat Intelligence Manager at NordVPN) in a wide-ranging conversation about privacy, security, risk, and compliance.Listen to learn:-How privacy and security are related-Who sho...
2022-10-1231 minSecurityMetrics PodcastAttack Surface Management | SecurityMetrics Podcast 58Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management.Listen to learn:What is an attack surface?Attack surface management VS vulnerability management VS endpoint security management.How can teams gain contextual awareness of their environments?Subscribe to the SecurityMetrics Podcast Email![Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department...
2022-09-2132 minSecurityMetrics PodcastPCI Standards: All You Need to Know | SecurityMetrics Podcast"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish."There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Jeremy King (Regional Head for Europe at PCI Security Standards Council) give you the entire rundown of all the PCI standards, as well as tips from...
2022-09-0745 minSecurityMetrics PodcastCloud Security 101 | SecurityMetrics Podcast 56Subscribe to the SecurityMetrics Podcast Email!Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Chase Pettet (Chief Security Architect at Archer Integrated Risk Management) dive into cloud security 101.Listen to learn:What is driving the continued shift to the cloud?Does being in the cloud require organizations to think about their architecture differently?Is security radically different in cloud environments?[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk...
2022-08-2443 minSecurityMetrics PodcastEliminating Friction Between Development & Security | SecurityMetrics Podcast 55"In order for us to meet our end objective of risk mitigation on software and applications, we have to get the developers on our side. If you do not collaborate with the developers, you're not going to be able to manage that risk"Tune in this week as Jen Stone and Harshil Parikh discuss how to eliminate friction between development and security.Listen to learn:How to collaborate with developersHow collaboration can aid in cybersecurity effortsHow setting clear expectations can improve teamwork...
2022-08-1030 minSecurityMetrics PodcastMobile Device Management - How to Securely Work Remote | SecurityMetrics Podcast 54"Not long ago, companies didn't allow employees to take their work devices home, or even out of the network. Companies relied on the network security for these devices. In the past few years, we have all been forced to shift and figure out - how do we still keep work secure?"Mobile device management is a heavy lift. Security teams recognize the risks posed by laptops, tablets, smartphones, and other mobile devices. Because of our increasingly remote working environment and the ongoing challenges posed by the use of personal devices for work, many companies have needed to...
2022-07-2031 minSecurityMetrics PodcastCybersecurity Burnout - SOC Analyst Survey Findings | SecurityMetrics Podcast 53"I feel like many data security professionals feel like they're doing the right thing and making a difference, but there was a huge amount that said they were burning out. 65% of cybersecurity workers said they plan on leaving their jobs in the next 12 months."Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Thomas Kinsella (COO and Co-Founder - Tines) about the recent SOC analyst survey findings conducted by Tines.Listen to "The Future of Security Operations" Podcast by Thomas Kinsella[Disclaimer] Before implementing any policies or procedures you...
2022-06-2231 minSecurityMetrics PodcastPCI 4.0 SAQ (Self Assessment Questionnaire) - What's changed? | SecurityMetrics Podcast 52"The PCI Data Security Standard is a set of about 330 security controls that are designed to protect credit card information. For most small businesses, many of the requirements don't apply in their environment. The Self Assessment Questionnaire is a subset of the full PCI DSS standard designed to help small businesses validate their PCI compliance."PCI 4.0 is here, and many things have changed - including the self assessment questionnaire. If you have questions about this update, you aren't alone! Tune in this week as Jen Stone and Michael Simpson break down all the pieces with the PCI 4.0...
2022-06-0832 minSecurityMetrics PodcastHow to Become a QSA | SecurityMetrics Podcast 51"Don't jump into becoming a QSA for a year and think 'I'm now going to go somewhere else and make a ton of money.' Spend some time really learning. That's the advantage to this job you can get so much experience so quickly and get exposure to so many aspects of cybersecurity."Breaking the barrier to the cybersecurity workforce can be difficult, especially if you don't know where to start. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Gary Glover (CISSP, CISA, QSA, PA-QSA) explain the steps one should take when wanting...
2022-05-2540 minSecurityMetrics PodcastThe Future of Cybersecurity - Top 10 Cyber Trends | SecurityMetrics Podcast 50"The threat environment is becoming more aggressive, and the footprint that businesses need to protect is huge. Businesses need to reframe their expectations and reframe their focus."Reading the future is hard, especially in relation to cybersecurity. However, looking at current cyber trends helps us have a better idea of what is around the corner. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) dive into the TOP 10 cybersecurity trends, and predict the FUTURE.Listen to learn:
2022-05-1137 minSecurityMetrics PodcastPCI 4.0 - What you need to know | SecurityMetrics Podcast 49"If we think back to 9 years ago when the previous version came out, the world was really different then. We now have loads of new criminals who have found new ways to steal card holder data. The way we do InfoSec has changed massively in 9 years, so we definitely needed a new standard."With PCI 4.0 just recently released, many are left with questions about the many changes in the standard. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and John Elliott (Pluralsight Author, PCI and GDPR Specialist) give you everything you need to know...
2022-04-2048 minSecurityMetrics PodcastP2PE Basics for Merchants (Point to Point Encryption) | SecurityMetrics Podcast 48"Simply, point to point encryption is encrypting your data at the beginning, and not decrypting it until it reaches its endpoint. This protects your data while it is being transferred."P2PE or “point-to-point encryption” can be the best way for merchants to take card present payments. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Mark Miner (Director of P2PE/PIN Assessments at SecurityMetrics) about the basics of P2PE.Listen to learn:P2PE encryption differs from other payment transaction optionsWhere to g...
2022-04-0636 minSecurityMetrics PodcastHome Cybersecurity 101 - Routers, Firewalls and More | SecurityMetrics Podcast 47Subscribe to the SecurityMetrics Podcast! "Hackers don't solely go after Fortune 500 companies. Almost everyone I know has some story with their Facebook getting hacked, or their bank information getting stolen. The way to tackle that is cybersecurity for yourself."It's a common misconception that hackers only go after large companies or entities, when in reality they target normal people every day. Building your cybersecurity at home is essential to maintain a safe network from these threats. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) talks with Noah Pack (Threat Hunter/Security Operations...
2022-03-2328 minSecurityMetrics PodcastLeadership in Cybersecurity | SecurityMetrics Podcast 46"How do I navigate this market, serve customers, and protect my brand reputation? At the executive level, that's the stuff they're thinking about. That trickles down to security objectives and initiatives. As a security leader, if you're in the head of your executive - what they want to do and why - then you can speak that language and drive better security."Maintaining strong leadership is essential in cybersecurity. A good leader needs to know how to navigate their company's security needs, as well as communicate those needs to their executive level. Tune in this week as...
2022-03-0924 minSecurityMetrics PodcastHHS 405(d) - What You Need To Know | SecurityMetrics Podcast 45HHS recently launched its new 405(d) website to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the healthcare sector. Donna Grindle of the “Help Me with HIPAA” Podcast, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:The work of 405(d) and how it can help your organizationTop 5 cybersecurity threats to the healthcare industryResources available to educate yourself and your organization about privacy and security under HIPAASecuri...
2022-02-2348 minSecurityMetrics PodcastHow to Spot an Effective Security Practitioner | SecurityMetrics Podcast 44"In security, there is no 'that's not my job.' When it comes to defending the organization, security practitioners need to be able to put their egos aside, roll up their sleeves, and do what the team needs them to do to make sure the security posture of the organization continues to improve."Whether you're looking to hire a good security practitioner, or trying to become one, there are certain attitudes and mindsets to look out for. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Joshua Goldfarb (Director of Product Management at F5...
2022-02-0932 minSecurityMetrics PodcastMaking Your Trainings Less BORING | SecurityMetrics Podcast 43"If you want to engage your audience and get them involved in security rather than having to force them to do it, you need to give them something worth their time and attention."Making trainings for any audience can be hard, especially when it's mandatory. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) chats with Ian Murphy (Founder of Cyber Off, CISSP, FBCS, CITP) about his approach to making trainings more enjoyable.Listen to learnTips to make your trainings more enjoyableHow to have fun...
2022-01-2636 minSecurityMetrics PodcastTOP 10 Breaches of 2021 | SecurityMetrics Podcast 42Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA), Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB), and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) wrap up this season with the TOP 10 breaches of 2021!Join us for SEASON 3 of SecurityMetrics Podcast this January!Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securi...
2021-12-0855 minSecurityMetrics PodcastWhat Does Cybersecurity Cost? | SecurityMetrics Podcast 41Learn more at SecurityMetrics.com"That's one of the reasons why our audit team is so good, because we share the wing with forensics, and we're talking about what's happening out there. Our forensics consulting isn't theoretical. It isn't some monthly magazine saying 'look out for this... this might be happening,' this IS what's happening. This is the analysis of the very data we're collecting."It can be difficult to build cybersecurity into your budget and receive approval from senior decision makers. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks...
2021-11-2346 minSecurityMetrics PodcastBreaking Barriers in Cybersecurity | SecurityMetrics Podcast 40"One thing that I learned from the circle was how to come out of my comfort zone and tell my story to other people. When it comes to something technical, I can talk for hours, but apart from that it's very hard for me. So this was one take away for me, apart from all the learnings - both technical and non-technical - that really helped me a lot."Making your way in cybersecurity is easier if you have a team supporting you. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Aastha...
2021-11-1034 minSecurityMetrics PodcastFinding Your Path Into the Cybersecurity Workforce | SecurityMetrics Podcast 39Everybody has their own path to finding the job that's right for them. It's often easy to get discouraged when you're in the middle of the path to reach your desired goal. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Luana Pascu (Cybersecurity Researcher, GSEC) about her personal journey, and how you can find the path in data security that's right for you.Listen to learn:- How to find your passion within cybersecurity- Education steps to reach your desired role- How to track your journey...
2021-10-2029 minSecurityMetrics PodcastNetwork Segmentation: Increasing Security and Focus on Compliance | SecurityMetrics Podcast 38"With network segmentation, we really are looking for isolation. We want to get that 'thing' and put it into a safety deposit box where you have secure access to it. Nobody else has physical or logical access to it. That's really what we are trying to do with segmentation."Network segmentation is often used to reduce the scope of a PCI DSS compliance assessment, but it is even more important as a security strategy for your environment. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Chris Skarda (PCI DSS QSA, CISSP, CISA, C...
2021-10-0532 minSecurityMetrics PodcastZero Trust Tenets | SecurityMetrics Podcast 37"Zero Trust is essentially a security initiative saying that you are going to assume that attackers are present in any environment you're working in. The main goal of that is to remove implicit trust in the design and implementation of whatever you're doing."“Zero trust” is something we hear a lot about but in many cases it seems to be a buzzword used to sell us something. However, it can be an excellent approach to security when done well. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Geoffrey Sanders (Senior Member of the...
2021-09-2228 minSecurityMetrics PodcastHow to Prepare for an Audit | SecurityMetrics Podcast 36Preparing for a third-party security assessment or compliance audit can be a daunting experience -- especially if it’s your first time. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Brian Gross (VP, Product & Technology, FISERV) about how he prepared his organization to respond successfully to a PCI DSS assessment, followed by a HIPAA audit.Listen to learn:How a third-party assessment can benefit your businessWhere to start to build your security programWhat elements support successful completion of an auditLea...
2021-09-0834 minSecurityMetrics PodcastLegal Considerations for Privacy and Security | SecurityMetrics Podcast 35"Some security is better than no security. If you are a small business, and you don't have all the resources to invest in a huge cybersecurity program, that's ok! Start with the basics, such as strong passwords, the use of VPNs, and trainings on cyber threats like phishing and malware."Privacy and security considerations can be difficult to get your arms around; when laws and regulations come into play they add another layer of complexity. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Victoria E. Beckman (Lead Digital Crimes Unit Americas...
2021-08-2535 minSecurityMetrics PodcastHow to Manage 3rd Party Risk | SecurityMetrics Podcast 34"We all rely on service providers to keep our businesses afloat. I get asked all the time, 'How do I know that this service provider is going to be careful with my data?' Service providers can elevate our risk, while at the same time giving us really important services that we need. "When using service providers, managing your 3rd party risk can be a challenge. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) talks with Paul Poh (CISSP, CISM, CRISC, CIPP/US) about how we can best manage and minimize that 3rd party r...
2021-08-1132 minSecurityMetrics PodcastKeeping Kids Safe Online | SecurityMetrics Podcast 33"A lot of people don't realize, kids are smart! They know how to get around these controls that are in place. So the more informed you are as a caregiver, the more you can keep an eye on things that are going on with your kids and that they are getting the right information and aren't going to negative places."The internet is a vast and often dangerous place. With increasing threat actors prying to target these vulnerable young ones, protecting our kid's from harmful places online is crucial to keep them safe and secure. Tune in...
2021-07-2133 minSecurityMetrics PodcastHow to Prepare for a Risk Assessment | SecurityMetrics Podcast 32"Security is hard, even for professionals. There are a ton of things to know. As a defender, you have to be right 100% of the time. As an attacker, you kinda just have to get lucky once. If you go out there and educate people (in your company) about security, then they can become an ally for you."Join us this week as Jen Stone(MCIS | CISSP | CISA | QSA) and Matt Halbleib (CISSP | CISA | QSA (P2PE) | PA-QSA (P2PE)) discuss all the things you can do to better prepare you and your company for a risk assessment.
2021-07-0735 minSecurityMetrics PodcastRansomware - What You Need To Know | SecurityMetrics Podcast 31Subscribe to the Podcast!With so much ransomware stories in the news this year, one would think that ransomware is a new technique used by threat actors. In reality, ransomware has been around for almost a decade, and so have the basic principles on how to protect yourself from getting hit with it. Join Gary Glover (CISSP, CISA, QSA, PA-QSA) and Jen Stone (MCIS, CISSP, CISA, QSA) as they teach all you need to know about what ransomware is, and how to stay safe from it. Listen to learn: W...
2021-06-2353 minSecurityMetrics PodcastCommunicating with your IT Department | SecurityMetrics Podcast 30"It's the nature of our team's roles that there's always going to be trade-offs. It's hardly ever a simple decision between A and B. So you need to lean into that and get more comfortable with ambiguity." Having clear and open communication with your IT or security team is essential to maintaining a secure business. Although, if the correct steps are not taken, working alongside these teams can be challenging. Tune in this week as Jen Stone (Principal Security Analyst MCIS, CISSP, CISA, QSA) and Dutch Schwartz (Strategic Lead of Amazon Web Service’ Global Security Serv...
2021-06-0949 minSecurityMetrics PodcastTeaching Data Security To Children | SecurityMetrics Podcast 29"I have a passion to keep people safe online, especially young ones. I don't expect kids to pick up this book and understand the concepts right away, but I want to empower the adults to teach. " Teaching data security and internet safety to the next generation can prove to be challenging. From the complex tools to the vast vocabulary, it's no simple thing to learn. Today, Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Curtis Brazzell as they discuss his recent endeavor to better help children learn, and parents teach about data s...
2021-05-2639 minSecurityMetrics PodcastChoosing an MSSP | SecurityMetrics Podcast 28“What is managed security? It’s about trusting your business to someone else.”Whether you call it outsourcing, partnering, or hiring, choosing an MSSP is a decision that can seriously affect a business. SecurityMetrics Director of SIEM Operations and SecurityMetrics News Host, Matt “Heff” Heffelfinger, talked with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about the many factors that go into choosing the right security firm for your business. With experience at General Electric, NBC, and TJ Maxx, Heff’s breadth of knowledge and experience allow him to see threats in the long term and hel...
2021-05-1242 minSecurityMetrics PodcastThe Myth of the Cybersecurity Workforce Shortage | SecurityMetrics Podcast 27Subscribe to the SecurityMetrics Podcast“Is there really a shortage of skills in cybersecurity? Or are we just looking at it the wrong way?”Director of Information Security and IT at BEEM Technologies, Naomi Buckwalter (CISSP, CISM) discovered hacking at Vanguard, where she joined a class and learned to hack from scratch. Her experiences as a software security architecture, security engineer, career advisor, mentor, and speaker have given her a broad spectrum of insight about the so-called cybersecurity “skills shortage.” In this episode, Naomi talks with Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about wh...
2021-04-2033 minSecurityMetrics PodcastGamify to Embed Security: Lessons from a Security Researcher | SecurityMetrics Podcast 26“What is our responsibility as leaders of security teams? It’s doing security right from the beginning; from the design. It has to be there.” Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) welcomes Vandana Verma: Security Architect IBM, Vice Chair of the Global Board of Directors at OWASP, leader at InfosecGirls, and founder of Infosec Kids. As a prolific speaker and thought leader in the cybersecurity space, Vandana is vocal in the efforts to help women and youth build their communities in cybersecurity. She has trained over 10,000 diverse candidates and brings an undeniable enthusiasm and passion...
2021-04-0729 minSecurityMetrics PodcastCybersecurity Innovation from Military to Enterprise | SecurityMetrics Podcast 25Dr. Oren Eytan joins Jen Stone (Principal Security Analyst, MCIS, CISSP, CISA, QSA) to discuss his experiences as a cybersecurity leader in both the military and civilian realms. After serving in the Israeli defense forces, two degrees in Electrical Engineering, and time at Motorola, Dr. Oren Eytan continues the fight against malware as the CEO of Odix. Today he helps protect businesses in all sectors, including utilities and technology.Listen to Learn:Why creative thinking is crucial to cyber securityLessons learned from protecting critical infrastructure The relationship between c...
2021-03-2434 minSecurityMetrics PodcastPayment Security: PCI DSS v4.0 Expectations | SecurityMetrics Podcast 24Subscribe to the SecurityMetrics PodcastThere’s been a lot of chatter and anticipation about the release of PCI DSS v4.0. In this episode, SecurityMetrics VP of Assessments, Gary Glover (CISSP, CISA, QSA, PA-QSA), talks with Host Jen Stone (MCIS, CISSP, CISA, QSA) about what merchants can expect and how they should prepare right now. As part of the PCI DSS assessor community, Gary has worked with the council in special groups and on committees to develop the new PCI Data Security Standard. He has been in payment security for over 16 years and has a background in both ro...
2021-03-0941 minSecurityMetrics PodcastWhat is Social Engineering? Security Stories and Training Tips | SecurityMetrics Podcast 23People are naturally kind and helpful. Attackers know that, and in the case of social engineering–they rely on it. This week, Senior Information Security Architect at Lucid, Nathan Cooper (CISSP, Security+) talks with Host Jen Stone (MCIS, CISSP, CISA, QSA) about the tactics hackers use to attack businesses and how you can protect your company. Listen to learn: The psychological reasons social engineering works so well and how to address themExamples from the field–man traps, watering hole attacks, and tailgatingTips to make security training effective while...
2021-02-2447 minSecurityMetrics PodcastHow Executives and Security Professionals can Communicate Better | SecurityMetrics Podcast 22“How do you speak to executives about cybersecurity in a way that matters to them? It comes down to the company’s mission.”Ross Young, CISO of Caterpillar Financial Services Corporation, stops by SecurityMetrics Podcast to talk with Host and Principal Security Analyst, Jen Stone (MCIS, CISSP, CISA, QSA) about his mission to mentor the next generation of CISOs and create more understanding and harmony within the corporate security community.Listen to learn:How a company’s mission and values affect its approach to cybersecurityThe three things that executives care about when making decisionsTips on how p...
2021-02-1029 minSecurityMetrics PodcastHow to Get Cybersecurity Buy-In: SecurityMetrics CEO Brad Caldwell | SecurityMetrics Podcast 21“The single biggest contributor to data breaches is a lack of testing. You have to be testing, you have to be reviewing, you have to have pentests.”After experiencing a data breach as a small business owner 20 years ago, SecurityMetrics CEO Brad Caldwell (CISSP, CISA, QSA, PFI) set out to provide affordable data breach prevention and remediation to businesses of all sizes. Since then, SecurityMetrics has tested over a million systems and provided cybersecurity services and audits for tens of thousands of businesses. In a special episode of the podcast, Brad sits down with Host and Pr...
2020-12-2241 minSecurityMetrics Podcast3 Myths about PCI Compliance that Cost You Time | SecurityMetrics Podcast 20John Elliot has a knack for illuminating the relationship between security and compliance. With over ten years in information protection and compliance consulting, and as Director of Industry Standards at Mastercard, John helps explain the relevance of security and industry standards to customers and those in the wider payment ecosystem. Today he sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to reveal the three biggest myths about PCI DSS compliance and how they hinder security. Listen in to learn: How the PCI Security Standards Council an...
2020-12-0942 minSecurityMetrics PodcastThe Language of Security | SecurityMetrics Podcast Episode 19“If we think we’re fluent in security because we’re using the same words we’ve always used, we’re in danger.”With over 30 years in the FinTech industry, Dale Laszig has a long-range view of trends and technology that she has turned into a busy tech journalism career. Dale spoke with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about the language of security: how the way we talk about it affects the way we approach it. Dale and Jen wax poetic to uncover the meta “matrix” that supports commerce and makes the world go ‘ro...
2020-11-2537 minSecurityMetrics PodcastThe CISO Role: Social Strategies for Enterprise Security | SecurityMetrics Podcast 18“Gaps in security are behavioral . . . find out what drives behavior at your company, and you will find your vulnerabilities.” As the Strategic Lead of Amazon Web Service’ Global Security Services Team, Dutch Schwartz talks with SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to define what CISOs need to understand about human motivation in order to strategize security programs, utilize company culture, and protect critical data.Listen in to learn: How the CISO position has changed in the last decade and how it’s currently defined. The surpri...
2020-11-1044 minSecurityMetrics PodcastSuccessful PCI Programs at Large Organizations | SecurityMetrics Podcast 17When your organization has 300 Merchant IDs (MIDs) in a multi-modality environment, leading a PCI DSS compliance program is no easy task. This week, Host and Principal Security Analyst Jen Stone welcomes guest Robbyn Lennon, Senior Merchant Services Program Coordinator at the University of Arizona, along with SecurityMetrics Principal Analyst Michael Simpson to talk about large-scale PCI DSS compliance from both a QSA and a client perspective.Robbyn explains in detail how she established a PCI DSS compliance program at the University of Arizona. With over 10 years of experience, she shares her three-part strategy: “Engagement, leadership, and encouragement.” ...
2020-10-2845 minSecurityMetrics Podcast5 Things You Can Do Now to Prevent Cyber Attacks and Data Breach Damage | SecurityMetrics Podcast 16“It’s our friends and family–our moms and dads–who shop online and are affected when a bad guy gains access. So we take it personally,” said SecurityMetrics SOC/SIEM Director, Heff. Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) continues this sentiment by saying “When businesses go down, people suffer. Every business we can protect helps elevate the quality of life for the people who are associated.”At SecurityMetrics, we monitor the threat landscape around the clock. And currently, that landscape is not only vast, it’s complex. Never have companies faced s...
2020-09-2947 minSecurityMetrics PodcastData Privacy Compliance: A Critical Moving Target | SecurityMetrics Podcast 15“A lot of people in the security world want to talk about security, not compliance. But you can’t help secure things if you don’t know what you’re supposed to be securing,” says host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA). In this episode, NuSkin Data Governance Analyst, Gabrielle Harris (CIPP/E, CIPM, MSML) explains how security and compliance are permanently entwined, “Even though ‘compliance’ has a negative connotation and ‘security’ has a positive one, the truth is that compliance builds brand reputation and trust with customers. Protecting data is an ethical thing, and we would a...
2020-09-1534 minSecurityMetrics Podcast6 Phases of an Incident Response Plan | SecurityMetrics Podcast 14Subscribe to the SecurityMetrics Podcast“Something has happened.” Your company has experienced the worst: a data breach. You’ll need to answer questions. You’ll need to implement emergency operations and plans, run backup and talk to investigators. Not a convenient time to start your Incident Response Plan.According to Dave Ellis, SecurityMetrics VP of Investigations (GCIH, PFI, QSA, CISSP), an Incident Response Plan is, in short, “What you do ahead of time, in preparation for an event that you hope never happens.” Ellis sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA...
2020-09-0132 minSecurityMetrics PodcastCloud Security: What You Need to Know | SecurityMetrics Podcast 13When Liberty Mutual offered Craig Olsen a lateral leap from Developer to Security Analyst, he took it–and hasn’t looked back since. Now a Cybersecurity Architect, Olsen reflects on the last fifteen years and his role in the transition from one-person internal security departments, to a full-blown industry with unique technologies, solutions, and issues.When it comes to the cloud, many companies are unsure or hesitant. Some may not even know for sure if they’re using it. Often, this is based on a lack of understanding or familiarity with cloud security.Olsen and Host J...
2020-08-1956 minSecurityMetrics PodcastJobs in Cybersecurity: Competency vs. Education | SecurityMetrics Podcast 12In today’s podcast, Dr. Eman El-Sheikh (Director of the Center for Cybersecurity at the University of West Florida) sits with Host and Principal Security Analyst Jen Stone to discuss how we can creatively approach cybersecurity careers from all perspectives.“We have over half a million open cybersecurity jobs as we speak. And, unfortunately that number is trending up.”Dr. Eman El-Sheikh is the Director of the Center for Cybersecurity at Western Florida and plays a vital role in recruiting future cybersecurity leaders. Today, she sits with Host and Principal Security Analyst Jen Stone to discus...
2020-08-0537 minSecurityMetrics PodcastHow to Prepare for a PCI DSS Assessment | SecurityMetrics Podcast 11A successful PCI DSS assessment requires a fair amount of preparation and scheduling far in advance. These activities may seem like a lot of work, but they are actually the best way to make your assessment less overwhelming, help you control time and cost, and avoid worst-case scenarios. With thousands of PCI DSS assessment hours between them, SecurityMetrics Principal Analysts George Mateaki (CISSP, CISA, CISM, QSA, PA-QSA) and Jen Stone (MCIS, CISSP, CISA, QSA) sit down to “talk shop” and share stories from the field. Listen in to learn:How remote assessments work and tips t...
2020-07-2151 minSecurityMetrics PodcastPenetration Testing: The Humanity Behind the Hacking | SecurityMetrics Podcast 10Paul Poh (CISSP, CISM, CRISC, CIPP/US) has had an interest in cybersecurity since before the internet as we know it existed. From his first exposure to the “Morris Worm” in the early ‘90s as a software engineer at Tufts University, to his current role as Partner at Radical Security, Paul’s mixture of curiosity and wisdom have helped him maintain the perspective needed to be a successful penetration tester. He shares his insights with our Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) on why it’s the small things that can take down an organization’s security.
2020-07-0736 minSecurityMetrics PodcastCloud Security: Management VS Implementation | SecurityMetrics Podcast 9As a former US Air Force Cyber-Warfare Technician, Vince Romney (CISSP) has been able to leverage his unique military experience in the private sector–most recently as CTO of SK2 Technology, developing high-security encryption applications. In this episode, he joins Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to explore cloud security challenges in the corporate world, but also to share the valuable insights about risk analysis and mitigation which he gained during his military service. Listen in to learn: Common misconceptions about the security, implementation, and risk management required for cloud solutions.How decision makers in the...
2020-06-2445 minSecurityMetrics PodcastDiversity and Mentorship in Cybersecurity | SecurityMetrics Podcast 8“We need each other. Cybersecurity is a global event and we need all the brains,” says Noreen Njoroge. “Threat actors don’t care where you are from or what your social status is. They are there to attack everybody. As cybersecurity specialists, we should also have that mindset. It’s a community effort. I have to help my brother, my sister, my coworker, my friend, know how to better defend themselves against attacks.” Njoroge imbues that same philosophy into her cybersecurity mentoring projects. As a Security Threat Engineer at Cisco, President of North Carolina Women in Cybersecurity, and leader of...
2020-06-0939 minSecurityMetrics PodcastAutomating Your Cybersecurity Processes | SecurityMetrics Podcast 7Tom Hatch, Co-founder and CTO of Salt Stack, Inc and host of "The Hacks" sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss: How cybercriminal activity has become automated and widespread How to use automation to help close your security gaps and reduce infrastructure management challenges The need for maintaining your applications and having different types of IT individuals address security issues"We live in the era of continual cyber warfare, and that warfare isn't just between nation states. It's between crime syndicates, crime groups, and hacker groups...
2020-05-2735 minSecurityMetrics PodcastBusiness Continuity during Healthcare Crisis | SecurityMetrics Podcast 6In healthcare, it’s common to encounter the attitude that “HIPAA is complicated.” Naturally, this leads to people finding ways to make HIPAA seem irrelevant or useless. However, this belief couldn’t be further from the truth and leads to increased risk for patients, especially during times of crisis. Donna Grindle of the “Help Me with HIPAA” Podcast, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:How to address the gaps in understanding and myths about HIPAA that hinder healthcare providersVarious approaches to administrative safeguards like Business Contingency Plans and Disaster Rec...
2020-05-1233 minSecurityMetrics PodcastHow Can I Prevent Ransomware? | SecurityMetrics Podcast 5Of all the types of malware, ransomware is one of most dangerous. In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Dave Ellis (VP Forensic Investigation, GCIH, CISSP, QSA, PFI) to discuss:-What you should do before, during, and after a ransomware attack-Stories from the field about ransomware attacks and responses -The “compliance versus security” debate in the effort to prevent ransomware“When it comes to your cybersecurity, don’t trust anything. Games, quizzes, and other fun apps seem harmless, but may very be collectin...
2020-05-0541 minSecurityMetrics PodcastPhishing and Malware Attacks Amidst COVID-19 | SecurityMetrics Podcast 4In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Matt Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) to discuss:How threat actors are leveraging the COVID-19 crisis climate to prey on businesses and individualsCurrent phishing and social engineering scams to watch out for and how to avoid them Security awareness tips you can share with those most vulnerable to cyber scams and attacksResources: https://www.securitymetrics.com/blog/covid-19-cyber-attacks-threat-report-and-best-practices2020 SecurityMetrics HIPAA Guide: https://in...
2020-04-2936 minSecurityMetrics PodcastHow to Prevent Formjacking and E-commerce Skimming | SecurityMetrics Podcast 3SecurityMetrics Podcast | 3How to Prevent Formjacking and Ecommerce SkimmingIn this episode, Aaron Willis (Forensic Analyst, CISSP, PFI) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:What is formjacking/ecommerce skimming?Tools to use to prevent and avoid formjacking/ecommerce skimmingSolutions on how to detect and track skimmersWhat to do if your data is being skimmedLearn more at SecurityMetrics.com/webpage-integrity-monitoringDownload our Guide to PCI Compliance! - https://info.securitymetrics.com/pci-guide-2020Download our Guide to HIPAA Compliance! ...
2020-04-2234 minSecurityMetrics PodcastEffect of COVID-19 Crisis on Healthcare IT Security | SecurityMetrics Podcast 2In this episode, Meagan Elguera (Corporate Communications Managers) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:Added pressure and stress covered entities may face during times of crisisHow using telehealth for treatment affects privacy and security amid COVID-19Review of the recent bulletin from the OCR on Civil Rights, HIPAA, and Coronavirushttps://www.securitymetrics.com/PCI Guide: https://info.securitymetrics.com/pci-guide-2020HIPAA Guide: https://info.securitymetrics.com/hipaa-guide-2020Get a quote: https://www.securitymetrics.com/pciResources: https://www.hhs.gov/sites/default/files/ocr-bulletin-3-28...
2020-04-1529 minSecurityMetrics PodcastHow to Work from Home Securely | SecurityMetrics Podcast 1In this episode, Jen Stone sits down with Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) to discuss:Data security best practices while working from homeHow to properly use a VPNHow working from home affects a PCI Assessmenthttps://www.securitymetrics.com/PCI Guide: https://info.securitymetrics.com/pci-guide-2020HIPAA Guide: https://info.securitymetrics.com/hipaa-guide-2020Get a quote: https://www.securitymetrics.com/pciResources: https://www.hhs.gov/sites/default/files/ocr-bulletin-3-28-20.pdfRequest a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit ...
2020-04-0830 min