SecurityMetrics Podcast
SecurityMetrics
Subscribe
The SecurityMetrics Podcast, hosted by Jen Stone (Principal Security Analyst, QSA, CISSP, CISA), will help you understand current data security and compliance trends. Each episode will feature a different security professional offering tips and security best practices.
Available episodes
Newest first
Oldest first
2 days ago
Risk Assessments: Where to Begin | SecurityMetrics Podcast 70
Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* *The importance of risk assessments in general*
* *Risk analysis in the healthcare space *
* *How to successfully conduct a risk assessment*
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
May 24, 2023
Data Access Protection: A Critical Part of Security | SecurityMetrics Podcast 69
Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
-Why it’s critical to know who is accessing patient data?
-How to know who is accessing critical data
-Real-world stories of unauthorized access and what to do about it
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
May 9, 2023
SaaS Data Security and Supply Chain Risks | SecurityMetrics Podcast 68
With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Sieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* What SaaS means in the context of the cloud
* The risks third parties may introduce in terms of SaaS
* How leaders can prepare to handle data leakage in these environments
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Apr 25, 2023
Cybersecurity as an Operational Effort | SecurityMetrics Podcast 67
Cybersecurity and risk management are often tossed to technical teams, but when these are driven by operations, the entire organization benefits.In today's episode, Jen Stone sits with Grant Elliott (CEO and co-founder of Ostendio, and Adjunct Professor at the Pratt Institute New York) to discuss:
* *Communicating with upper-level management and set expectations on security success *
* *Managing security for the long term, as opposed to one-and-done compliance*
* *Creating an operational approach to cybersecurity*
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Apr 12, 2023
Asset Management: Foundational to Cybersecurity | SecurityMetrics Podcast 66
It is axiomatic in our industry that you can’t protect what you don’t know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* *What asset management is and why it is important*
* F*irst steps any organization should take to implement asset management*
* *A high-level overview of some standard ways to manage asset inventory, and how runZero solves common problems*
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Mar 28, 2023
Identity Management: Why It Matters | SecurityMetrics Podcast 65
Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security engineer, product builder and CEO of YouAttest) sit to discuss:
* *What identity management is and why it is important*
* *First steps to take to implement identity management*
* *Multi-factor authentication, governance, and other critical aspects of identity security*
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Mar 15, 2023
CMMC: Protecting Critical Infrastructure | SecurityMetrics Podcast 64
Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current critical infrastructure landscape.
*Listen to learn:*
* *What organizations are critical infrastructure*
* *Current threats to our critical infrastructure*
* *How can CMMC can help strengthen an organization's cybersecurity stance*
Katie Arrington
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Feb 14, 2023
HIPAA Basics: Where to Start with Practices and Training | SecurityMetrics Podcast 63
HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss:
* *The work of 405(d) and how it can help your organization*
* *Exciting new training available through the PriSec Bootcamp*
* *Why we start with risk management in the healthcare industry*
*Donna's "Help Me With HIPAA" Podcast*
*HHS Website*
Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Nov 22, 2022
Top Breaches of 2022 | SecurityMetrics Podcast 62
"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."
Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene.
*Listen to learn:*
* *Most common breach types this year*
* *Tips to help your employees stay secure*
* *How to respond to a data breach*
Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB).
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Nov 10, 2022
Things You're Doing WRONG to Keep Your Data Safe | SecurityMetrics Podcast 61
"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure."
Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank accounts, or even your business. Tune in this week as Jen Stone and Noah Pack give you the essentials to keep your personal data safe.
*Listen to learn:
-Essentials to keep data safe
-How to help employees that are easily phished
-Keeping a secure business beyond PCI compliance*
Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Noah Pack (Threat Hunter/SOC Analyst, Security+, ITF+, Sophos Certified Engineer).
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Oct 26, 2022
How Can ISOs Help Merchants With PCI Compliance? | SecurityMetrics Podcast 60
Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO.
*Listen to Learn:*
* *What is an ISO?*
* *How can ISOs help their merchants?*
* *Tips for an ISO / ISO Program Best Practices*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Oct 12, 2022
Privacy vs Security - Finding Balance in Compliance | SecurityMetrics Podcast 59
"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share."
Privacy rights are often unpinned from security, but they’re critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianus Warmenhoven (Defensive Strategist and Threat Intelligence Manager at NordVPN) in a wide-ranging conversation about privacy, security, risk, and compliance.
Listen to learn:
-How privacy and security are related
-Who should make risk-based decisions
-Regaining personal privacy in our increasingly connected world
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Sep 21, 2022
Attack Surface Management | SecurityMetrics Podcast 58
Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management.
*Listen to learn:*
* *What is an attack surface?*
* *Attack surface management VS vulnerability management VS endpoint security management.*
* *How can teams gain contextual awareness of their environments?*
Subscribe to the SecurityMetrics Podcast Email!
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Sep 7, 2022
PCI Standards: All You Need to Know | SecurityMetrics Podcast
"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish."
There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Jeremy King (Regional Head for Europe at PCI Security Standards Council) give you the entire rundown of all the PCI standards, as well as tips from the PCI council.
*Listen to learn:*
* *Comprehensive Review of the PCI Standards*
* *Tips on Completing Compliance*
* *How to Maintain Peak Card Data Security*
Subscribe to the SecurityMetrics Podcast Email!
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and complian…
playlist_add
Aug 24, 2022
Cloud Security 101 | SecurityMetrics Podcast 56
Subscribe to the SecurityMetrics Podcast Email!
Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Chase Pettet (Chief Security Architect at Archer Integrated Risk Management) dive into cloud security 101.
*Listen to learn:*
* *What is driving the continued shift to the cloud?*
* *Does being in the cloud require organizations to think about their architecture differently?*
* *Is security radically different in cloud environments?*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Aug 9, 2022
Eliminating Friction Between Development & Security | SecurityMetrics Podcast 55
"In order for us to meet our end objective of risk mitigation on software and applications, we have to get the developers on our side. If you do not collaborate with the developers, you're not going to be able to manage that risk"
Tune in this week as Jen Stone and Harshil Parikh discuss how to eliminate friction between development and security.
*Listen to learn:*
* *How to collaborate with developers*
* *How collaboration can aid in cybersecurity efforts*
* *How setting clear expectations can improve teamwork*
Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Mike McNeil (Founder/CEO of FleetDM)
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Jul 19, 2022
Mobile Device Management - How to Securely Work Remote | SecurityMetrics Podcast 54
"Not long ago, companies didn't allow employees to take their work devices home, or even out of the network. Companies relied on the network security for these devices. In the past few years, we have all been forced to shift and figure out - how do we still keep work secure?"
Mobile device management is a heavy lift. Security teams recognize the risks posed by laptops, tablets, smartphones, and other mobile devices. Because of our increasingly remote working environment and the ongoing challenges posed by the use of personal devices for work, many companies have needed to find other solutions to help them in their security effort.
*Listen to learn:
-How to work from home securely
-Tools and software to manage remote devices
-Security solutions for your company
*
Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Mike McNeil (Founder/CEO of FleetDM)
Notes -
-https://www.youtube.com/watch?v=UIDb6VBO9os
-https://www.loom.com/share/ecb223c0f2ff497195961a7ba5e77b2b
[Disclaimer] Bef…
playlist_add
Jun 21, 2022
Cybersecurity Burnout - SOC Analyst Survey Findings | SecurityMetrics Podcast 53
"I feel like many data security professionals feel like they're doing the right thing and making a difference, but there was a huge amount that said they were burning out. 65% of cybersecurity workers said they plan on leaving their jobs in the next 12 months."
Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Thomas Kinsella (COO and Co-Founder - Tines) about the recent SOC analyst survey findings conducted by Tines.
Listen to "The Future of Security Operations" Podcast by Thomas Kinsella
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Jun 7, 2022
PCI 4.0 SAQ (Self Assessment Questionnaire) - What's changed? | SecurityMetrics Podcast 52
"The PCI Data Security Standard is a set of about 330 security controls that are designed to protect credit card information. For most small businesses, many of the requirements don't apply in their environment. The Self Assessment Questionnaire is a subset of the full PCI DSS standard designed to help small businesses validate their PCI compliance."
PCI 4.0 is here, and many things have changed - including the self assessment questionnaire. If you have questions about this update, you aren't alone! Tune in this week as Jen Stone and Michael Simpson break down all the pieces with the PCI 4.0 SAQ.
*Listen to learn:*
* *What's new in the PCI 4.0 SAQ?*
* *When should I switch to the PCI 4.0 standard?*
* *Will PCI 4.0 increase my security?*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance effo…
playlist_add
May 25, 2022
How to Become a QSA | SecurityMetrics Podcast 51
"Don't jump into becoming a QSA for a year and think 'I'm now going to go somewhere else and make a ton of money.' Spend some time really learning. That's the advantage to this job you can get so much experience so quickly and get exposure to so many aspects of cybersecurity."
Breaking the barrier to the cybersecurity workforce can be difficult, especially if you don't know where to start. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Gary Glover (CISSP, CISA, QSA, PA-QSA) explain the steps one should take when wanting to become a QSA (Qualified Security Assessor).
*Listen to learn:
-What to learn when becoming a QSA
-Day in the life of a QSA
-Is becoming a QSA right for you?*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
May 10, 2022
The Future of Cybersecurity - Top 10 Cyber Trends | SecurityMetrics Podcast 50
"The threat environment is becoming more aggressive, and the footprint that businesses need to protect is huge. Businesses need to reframe their expectations and reframe their focus."
Reading the future is hard, especially in relation to cybersecurity. However, looking at current cyber trends helps us have a better idea of what is around the corner. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) dive into the TOP 10 cybersecurity trends, and predict the FUTURE.
*Listen to learn:*
* *How current trends tell the future of cyber*
* *Cybersecurity best practices*
* *Cybersecurity for small businesses.*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Apr 19, 2022
PCI 4.0 - What you need to know | SecurityMetrics Podcast 49
"If we think back to 9 years ago when the previous version came out, the world was really different then. We now have loads of new criminals who have found new ways to steal card holder data. The way we do InfoSec has changed massively in 9 years, so we definitely needed a new standard."
With PCI 4.0 just recently released, many are left with questions about the many changes in the standard. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and John Elliott (Pluralsight Author, PCI and GDPR Specialist) give you everything you need to know on PCI 4.0.
*In this podcast:*
* *Biggest additions and changes in PCI 4.0*
* *Why was PCI 4.0 delayed?*
* *Things YOU need to do to prepare for PCI 4.0*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Apr 5, 2022
P2PE Basics for Merchants (Point to Point Encryption) | SecurityMetrics Podcast 48
"Simply, point to point encryption is encrypting your data at the beginning, and not decrypting it until it reaches its endpoint. This protects your data while it is being transferred."
P2PE or “point-to-point encryption” can be the best way for merchants to take card present payments. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Mark Miner (Director of P2PE/PIN Assessments at SecurityMetrics) about the basics of P2PE.
*Listen to learn:*
* *P2PE encryption differs from other payment transaction options*
* *Where to go to see listed P2PE solutions*
* *What P2PE can do to protect card data and your business*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Mar 22, 2022
Home Cybersecurity 101 - Routers, Firewalls and More | SecurityMetrics Podcast 47
Subscribe to the SecurityMetrics Podcast!
"Hackers don't solely go after Fortune 500 companies. Almost everyone I know has some story with their Facebook getting hacked, or their bank information getting stolen. The way to tackle that is cybersecurity for yourself."
It's a common misconception that hackers only go after large companies or entities, when in reality they target normal people every day. Building your cybersecurity at home is essential to maintain a safe network from these threats. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) talks with Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer) about the best things you can do to build your home cybersecurity.
*Listen to learn:
- How to set up a firewall at home
- Tips on securing your home router
- Internet safety best practices*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your le…
playlist_add
Mar 8, 2022
Leadership in Cybersecurity | SecurityMetrics Podcast 46
"How do I navigate this market, serve customers, and protect my brand reputation? At the executive level, that's the stuff they're thinking about. That trickles down to security objectives and initiatives. As a security leader, if you're in the head of your executive - what they want to do and why - then you can speak that language and drive better security."
Maintaining strong leadership is essential in cybersecurity. A good leader needs to know how to navigate their company's security needs, as well as communicate those needs to their executive level. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Christian Hyatt (CEO & Co-founder risk3sixty) discuss the in's and out's to being a successful leader in cybersecurity.
*Listen to learn:*
* *How to assess your company's security needs*
* *Communicating cybersecurity to executives*
* *5 CISO Architypes book*
Subscribe to the Podcast!
The 5 CISO Archetypes Book
Connect with Christian
playlist_add
Feb 22, 2022
HHS 405(d) - What You Need To Know | SecurityMetrics Podcast 45
HHS recently launched its new 405(d) website to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the healthcare sector. Donna Grindle of the “Help Me with HIPAA” Podcast, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* *The work of 405(d) and how it can help your organization*
* *Top 5 cybersecurity threats to the healthcare industry*
* *Resources available to educate yourself and your organization about privacy and security under HIPAA*
SecurityMetrics Guide to HIPAA
Donna's "Help Me With HIPAA" Podcast
HHS Website
playlist_add
Feb 8, 2022
How to Spot an Effective Security Practitioner | SecurityMetrics Podcast 44
"In security, there is no 'that's not my job.' When it comes to defending the organization, security practitioners need to be able to put their egos aside, roll up their sleeves, and do what the team needs them to do to make sure the security posture of the organization continues to improve."
Whether you're looking to hire a good security practitioner, or trying to become one, there are certain attitudes and mindsets to look out for. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Joshua Goldfarb (Director of Product Management at F5) dive into his recent article - How to Spot an Effective Security Practitioner.
*Listen to learn:
- How to communicate data security to executives
- Maintaining good relations with your security team
- Attitudes of an effective security practitioner*
playlist_add
Jan 25, 2022
Making Your Trainings Less BORING | SecurityMetrics Podcast 43
"If you want to engage your audience and get them involved in security rather than having to force them to do it, you need to give them something worth their time and attention."
Making trainings for any audience can be hard, especially when it's mandatory. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) chats with Ian Murphy (Founder of Cyber Off, CISSP, FBCS, CITP) about his approach to making trainings more enjoyable.
*Listen to learn*
* *Tips to make your trainings more enjoyable*
* *How to have fun with boring topics*
* *How to respond to negative feedback*
Connect with Ian on LinkedIn
playlist_add
Dec 7, 2021
TOP 10 Breaches of 2021 | SecurityMetrics Podcast 42
Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA), Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB), and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) wrap up this season with the TOP 10 breaches of 2021!
Join us for SEASON 3 of SecurityMetrics Podcast this January!
playlist_add
Nov 22, 2021
What Does Cybersecurity Cost? | SecurityMetrics Podcast 41
Learn more at SecurityMetrics.com
"That's one of the reasons why our audit team is so good, because we share the wing with forensics, and we're talking about what's happening out there. Our forensics consulting isn't theoretical. It isn't some monthly magazine saying 'look out for this... this might be happening,' this IS what's happening. This is the analysis of the very data we're collecting."
It can be difficult to build cybersecurity into your budget and receive approval from senior decision makers. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Lee Pierce (Director of Sales Operations for Security Metrics) about the factors that affect costs of various cybersecurity services.
*Listen to learn:
-How much cybersecurity services generally cost
-What factors can affect pricing
-How to reduce compliance assessment costs*
playlist_add
Nov 9, 2021
Breaking Barriers in Cybersecurity | SecurityMetrics Podcast 40
"One thing that I learned from the circle was how to come out of my comfort zone and tell my story to other people. When it comes to something technical, I can talk for hours, but apart from that it's very hard for me. So this was one take away for me, apart from all the learnings - both technical and non-technical - that really helped me a lot."
Making your way in cybersecurity is easier if you have a team supporting you. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Aastha Sahni (Lead CyberSecurity Instructor at Flatiron School | Founder & Global Lead - Breaking Barriers Lean in Circle), Shrutirupa Banerjiee (Web Application Security Analyst| Tech Lead at Breaking Barriers Lean in Circle), and Saman Fatima (Data Engineer at Macquarie Group | Management Lead at Breaking Barriers Lean in Circle) about the work they do to invite and support others on a cybersecurity career path.
Listen to learn:
-How a team can help support your cybersecurity journey
-Strides bei…
playlist_add
Oct 20, 2021
Finding Your Path Into the Cybersecurity Workforce | SecurityMetrics Podcast 39
Everybody has their own path to finding the job that's right for them. It's often easy to get discouraged when you're in the middle of the path to reach your desired goal. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Luana Pascu (Cybersecurity Researcher, GSEC) about her personal journey, and how you can find the path in data security that's right for you.
*Listen to learn:
- How to find your passion within cybersecurity
- Education steps to reach your desired role
- How to track your journey into the workforce*
Connect with our guest: https://www.linkedin.com/in/luanapascu/*
*
playlist_add
Oct 5, 2021
Network Segmentation: Increasing Security and Focus on Compliance | SecurityMetrics Podcast 38
"With network segmentation, we really are looking for isolation. We want to get that 'thing' and put it into a safety deposit box where you have secure access to it. Nobody else has physical or logical access to it. That's really what we are trying to do with segmentation."
Network segmentation is often used to reduce the scope of a PCI DSS compliance assessment, but it is even more important as a security strategy for your environment. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Chris Skarda (PCI DSS QSA, CISSP, CISA, CCNA) about how network segmentation can support your compliance and security efforts.
Listen to learn:
-What “network segmentation” means
-How network segmentation can reduce the scope of your compliance assessment
-Why network segmentation can improve your security stance
SHOW LESS
playlist_add
Sep 21, 2021
Zero Trust Tenets | SecurityMetrics Podcast 37
"Zero Trust is essentially a security initiative saying that you are going to assume that attackers are present in any environment you're working in. The main goal of that is to remove implicit trust in the design and implementation of whatever you're doing."
“Zero trust” is something we hear a lot about but in many cases it seems to be a buzzword used to sell us something. However, it can be an excellent approach to security when done well. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Geoffrey Sanders (Senior Member of the Technical Staff/Situational Awareness Team, Software Engineering Institute/CERT Division, Carnegie Mellon University) about the tenets of zero trust and where to get started in implementing zero trust in your environment.
*Listen to learn:*
* *How privacy and security are related*
* *Where to start when you need to understand how laws and regulations apply to you*
* *What direction policy and legislation are taking to address cybe…
playlist_add
Sep 7, 2021
How to Prepare for an Audit | SecurityMetrics Podcast 36
Preparing for a third-party security assessment or compliance audit can be a daunting experience -- especially if it’s your first time. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Brian Gross (VP, Product & Technology, FISERV) about how he prepared his organization to respond successfully to a PCI DSS assessment, followed by a HIPAA audit.
*Listen to learn:*
* *How a third-party assessment can benefit your business*
* *Where to start to build your security program*
* *What elements support successful completion of an audit*
Learn more at SecurityMetrics.com
playlist_add
Aug 25, 2021
Legal Considerations for Privacy and Security | SecurityMetrics Podcast 35
"Some security is better than no security. If you are a small business, and you don't have all the resources to invest in a huge cybersecurity program, that's ok! Start with the basics, such as strong passwords, the use of VPNs, and trainings on cyber threats like phishing and malware."
Privacy and security considerations can be difficult to get your arms around; when laws and regulations come into play they add another layer of complexity. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Victoria E. Beckman (Lead Digital Crimes Unit Americas - Corporate, External, and Legal Affairs for Microsoft) about the relationship between privacy, security, and legal matters in our digital world.
*Listen to learn:*
* *How privacy and security are related*
* *Where to start when you need to understand how laws and regulations apply to you*
* *What direction policy and legislation are taking to address cybercrime*
Connect with our guest:
https://www.linkedin.com/in/vict…
playlist_add
Aug 11, 2021
How to Manage 3rd Party Risk | SecurityMetrics Podcast 34
"We all rely on service providers to keep our businesses afloat. I get asked all the time, 'How do I know that this service provider is going to be careful with my data?' Service providers can elevate our risk, while at the same time giving us really important services that we need. "
When using service providers, managing your 3rd party risk can be a challenge. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) talks with Paul Poh (CISSP, CISM, CRISC, CIPP/US) about how we can best manage and minimize that 3rd party risk that often comes with using these service providers.
Listen to learn:
-Things to look for when choosing a service provider.
-Keeping your data secure with your service provider.
-Things you need to know about your own security.
Paul Poh on LinkedIn - https://www.linkedin.com/in/paulpoh/
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any…
playlist_add
Jul 20, 2021
Keeping Kids Safe Online | SecurityMetrics Podcast 33
"A lot of people don't realize, kids are smart! They know how to get around these controls that are in place. So the more informed you are as a caregiver, the more you can keep an eye on things that are going on with your kids and that they are getting the right information and aren't going to negative places."
The internet is a vast and often dangerous place. With increasing threat actors prying to target these vulnerable young ones, protecting our kid's from harmful places online is crucial to keep them safe and secure. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) speaks with Teressa Gehrke (Founder and CEO of PopCykol) about how we can prevent our kids from finding out the hard way the dangers of the internet.
*Listen to learn:*
* *How to best communicate to kids about internet safety.*
* *How we can approach kids after an incident has occurred.*
* *Tools and resources for every age to learn about internet security.*
Visit https://www.popcykol.com/ to learn m…
playlist_add
Jul 6, 2021
How to Prepare for a Risk Assessment | SecurityMetrics Podcast 32
"Security is hard, even for professionals. There are a ton of things to know. As a defender, you have to be right 100% of the time. As an attacker, you kinda just have to get lucky once. If you go out there and educate people (in your company) about security, then they can become an ally for you."
Join us this week as Jen Stone(MCIS | CISSP | CISA | QSA) and Matt Halbleib (CISSP | CISA | QSA (P2PE) | PA-QSA (P2PE)) discuss all the things you can do to better prepare you and your company for a risk assessment.
*Listen to learn: *
* *How to better know your scope to be ready for your assessment*
* *How to teach security between departments*
* *How to make PCI work for you*
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Jun 23, 2021
Ransomware - What You Need To Know | SecurityMetrics Podcast 31
Subscribe to the Podcast!
With so much ransomware stories in the news this year, one would think that ransomware is a new technique used by threat actors. In reality, ransomware has been around for almost a decade, and so have the basic principles on how to protect yourself from getting hit with it.
Join Gary Glover (CISSP, CISA, QSA, PA-QSA) and Jen Stone (MCIS, CISSP, CISA, QSA) as they teach all you need to know about what ransomware is, and how to stay safe from it.
*Listen to learn: *
* *What is ransomware?*
* *Why does ransomware seem to be so effective?*
* *How can I protect my business from being vulnerable to ransomware?*
Resources:
-https://www.cisa.gov/
playlist_add
Jun 8, 2021
Communicating with your IT Department | SecurityMetrics Podcast 30
"It's the nature of our team's roles that there's always going to be trade-offs. It's hardly ever a simple decision between A and B. So you need to lean into that and get more comfortable with ambiguity."
Having clear and open communication with your IT or security team is essential to maintaining a secure business. Although, if the correct steps are not taken, working alongside these teams can be challenging.
Tune in this week as Jen Stone (Principal Security Analyst MCIS, CISSP, CISA, QSA) and Dutch Schwartz (Strategic Lead of Amazon Web Service’ Global Security Services) talk about how to build a straight-forward, strong relationship with your IT and security teams.
*Listen to learn: *
* *Steps to improve interpersonal relationships within your IT department*
* *How to maintain good communication between departments*
* *How to approach problem solving tasks with multiple teams
*
*Resources:*
*Dutch's LinkedIn: **https://www.linkedin.com/in/dutchschwartz/*
*Dutch's Tw…
playlist_add
May 26, 2021
Teaching Data Security To Children | SecurityMetrics Podcast 29
"I have a passion to keep people safe online, especially young ones. I don't expect kids to pick up this book and understand the concepts right away, but I want to empower the adults to teach. "
Teaching data security and internet safety to the next generation can prove to be challenging. From the complex tools to the vast vocabulary, it's no simple thing to learn. Today, Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Curtis Brazzell as they discuss his recent endeavor to better help children learn, and parents teach about data security.
Listen to learn:
* Curtis's cybersecurity ABC book, "M is for Malware"
* How to better teach our young ones how to be safe online
* Helping to teach those just entering the data security field
Get your copy of "M is for Malware" at https://misformalware.com/
playlist_add
May 11, 2021
Choosing an MSSP | SecurityMetrics Podcast 28
“What is managed security? It’s about trusting your business to someone else.”
Whether you call it outsourcing, partnering, or hiring, choosing an MSSP is a decision that can seriously affect a business. SecurityMetrics Director of SIEM Operations and SecurityMetrics News Host, Matt “Heff” Heffelfinger, talked with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about the many factors that go into choosing the right security firm for your business. With experience at General Electric, NBC, and TJ Maxx, Heff’s breadth of knowledge and experience allow him to see threats in the long term and help you avoid problems down the road.
*Listen to learn:*
* *Types of managed security (MDR versus MSSP) and what they do*
* *How to determine the security services your business needs*
* *Resources to help you ask the right questions, create better contracts, maintain or end relationships, and get the most from your MSSP*
*How to Choose the Right MSSP for…
playlist_add
Apr 20, 2021
The Myth of the Cybersecurity Workforce Shortage | SecurityMetrics Podcast 27
Subscribe to the SecurityMetrics Podcast
“Is there really a shortage of skills in cybersecurity? Or are we just looking at it the wrong way?”
Director of Information Security and IT at BEEM Technologies, Naomi Buckwalter (CISSP, CISM) discovered hacking at Vanguard, where she joined a class and learned to hack from scratch. Her experiences as a software security architecture, security engineer, career advisor, mentor, and speaker have given her a broad spectrum of insight about the so-called cybersecurity “skills shortage.” In this episode, Naomi talks with Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about why mythology and gatekeeping in cybersecurity are holding the industry back and creating an uncertain future.
*Listen to learn:*
* *Why new professionals see barriers in cybersecurity and what industry veterans need to do to paint a better picture*
* *How improving emotional intelligence and culture in the cybersecurity community can help us better…
playlist_add
Apr 6, 2021
Gamify to Embed Security: Lessons from a Security Researcher | SecurityMetrics Podcast 26
“What is our responsibility as leaders of security teams? It’s doing security right from the beginning; from the design. It has to be there.”
Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) welcomes Vandana Verma: Security Architect IBM, Vice Chair of the Global Board of Directors at OWASP, leader at InfosecGirls, and founder of Infosec Kids. As a prolific speaker and thought leader in the cybersecurity space, Vandana is vocal in the efforts to help women and youth build their communities in cybersecurity. She has trained over 10,000 diverse candidates and brings an undeniable enthusiasm and passion to security research.
*Listen to learn more about:*
* *The role of cyber threat intelligence in application development.*
* *Ways to gamify security to avoid a checkbox mentality and prevent costly security issues.*
* *How machine learning, AI, and adaptive access are rapidly changing access security.*
* *
*Vandana on Linkedin*
*Infosec Girls*
*OWASP*
playlist_add
Mar 24, 2021
Cybersecurity Innovation from Military to Enterprise | SecurityMetrics Podcast 25
Dr. Oren Eytan joins Jen Stone (Principal Security Analyst, MCIS, CISSP, CISA, QSA) to discuss his experiences as a cybersecurity leader in both the military and civilian realms. After serving in the Israeli defense forces, two degrees in Electrical Engineering, and time at Motorola, Dr. Oren Eytan continues the fight against malware as the CEO of Odix. Today he helps protect businesses in all sectors, including utilities and technology.
*Listen to Learn:*
* *Why creative thinking is crucial to cyber security*
* *Lessons learned from protecting critical infrastructure *
* *The relationship between connectivity and vulnerability *
*Connect with Dr. Eytan on LinkedIn*
*Odix*
playlist_add
Mar 9, 2021
Payment Security: PCI DSS v4.0 Expectations | SecurityMetrics Podcast 24
Subscribe to the SecurityMetrics Podcast
There’s been a lot of chatter and anticipation about the release of PCI DSS v4.0. In this episode, SecurityMetrics VP of Assessments, Gary Glover (CISSP, CISA, QSA, PA-QSA), talks with Host Jen Stone (MCIS, CISSP, CISA, QSA) about what merchants can expect and how they should prepare right now. As part of the PCI DSS assessor community, Gary has worked with the council in special groups and on committees to develop the new PCI Data Security Standard. He has been in payment security for over 16 years and has a background in both rocket science and software development.
Listen to learn:
* How the PCI Data Security Standard started and where it’s going
* What the Customized Approach is and how it differs from the current approach
* What role you and your security assessor will play as PCI DSS 4.0 is rolling out
Connect with Gary on LinkedIn
Download our Guide to PCI Compliance!
Download our Guide to HIPAA Compliance!
[Disclaimer] Be…
playlist_add
Feb 24, 2021
What is Social Engineering? Security Stories and Training Tips | SecurityMetrics Podcast 23
People are naturally kind and helpful. Attackers know that, and in the case of social engineering–they rely on it. This week, Senior Information Security Architect at Lucid, Nathan Cooper (CISSP, Security+) talks with Host Jen Stone (MCIS, CISSP, CISA, QSA) about the tactics hackers use to attack businesses and how you can protect your company.
*Listen to learn: *
* *The psychological reasons social engineering works so well and how to address them*
* *Examples from the field–man traps, watering hole attacks, and tailgating*
* *Tips to make security training effective while maintaining a positive and respectful environment*
Learn more at https://www.securitymetrics.com/
playlist_add
Feb 10, 2021
How Executives and Security Professionals can Communicate Better | SecurityMetrics Podcast 22
“How do you speak to executives about cybersecurity in a way that matters to them? It comes down to the company’s mission.”
Ross Young, CISO of Caterpillar Financial Services Corporation, stops by SecurityMetrics Podcast to talk with Host and Principal Security Analyst, Jen Stone (MCIS, CISSP, CISA, QSA) about his mission to mentor the next generation of CISOs and create more understanding and harmony within the corporate security community.
Listen to learn:
* How a company’s mission and values affect its approach to cybersecurity
* The three things that executives care about when making decisions
* Tips on how people can understand others in different roles in the security world
Ross Young is CISO of Caterpillar Financial Services Corporation, a SANS Instructor, Johns Hopkins University Instructor, CISO Tradecraft Podcast Co-Host, and Creator of the OWASP Threat and Safeguard Matrix (TaSM).
Connect with Ross on LinkedIn.
Additional Resources:
Download our Guide to…
playlist_add
Dec 22, 2020
How to Get Cybersecurity Buy-In: SecurityMetrics CEO Brad Caldwell | SecurityMetrics Podcast 21
“The single biggest contributor to data breaches is a lack of testing. You have to be testing, you have to be reviewing, you have to have pentests.”
After experiencing a data breach as a small business owner 20 years ago, SecurityMetrics CEO Brad Caldwell (CISSP, CISA, QSA, PFI) set out to provide affordable data breach prevention and remediation to businesses of all sizes. Since then, SecurityMetrics has tested over a million systems and provided cybersecurity services and audits for tens of thousands of businesses.
In a special episode of the podcast, Brad sits down with Host and Principal Security Analyst Jen Stone (MCIS, CCSFP, CISSP, CISA, QSA) to discuss how security complexity has evolved and what he’s learned from over 20 years in the cybersecurity and PCI compliance industry data breach investigations, and tips to keep a cool head in the wake of a data breach
*Listen in to learn:*
* *Common mental roadblocks people face in making security a priority*
* *The numbe…
playlist_add
Dec 9, 2020
3 Myths about PCI Compliance that Cost You Time | SecurityMetrics Podcast 20
John Elliot has a knack for illuminating the relationship between security and compliance. With over ten years in information protection and compliance consulting, and as Director of Industry Standards at Mastercard, John helps explain the relevance of security and industry standards to customers and those in the wider payment ecosystem. Today he sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to reveal the three biggest myths about PCI DSS compliance and how they hinder security.
*Listen in to learn: *
* *How the PCI Security Standards Council and the major card brands work together.*
* *The areas of compliance that are most critical and timely to preventing data breaches. *
* *Tips for organizations to make PCI “business as usual,” maintain compliance controls, and stay compliant through major changes.*
Download our Guide to PCI Compliance!
Download our Guide to HIPAA Compliance!
playlist_add
Nov 24, 2020
The Language of Security | SecurityMetrics Podcast Episode 19
“If we think we’re fluent in security because we’re using the same words we’ve always used, we’re in danger.”
With over 30 years in the FinTech industry, Dale Laszig has a long-range view of trends and technology that she has turned into a busy tech journalism career. Dale spoke with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about the language of security: how the way we talk about it affects the way we approach it. Dale and Jen wax poetic to uncover the meta “matrix” that supports commerce and makes the world go ‘round.
Listen in to learn:
* How payments security attitudes have changed and why it matters today
* The concept of “zero trust,” and the practical application of a security perimeter
* Jen’s quick take as a Security Analyst on industry trends and myths
Connect with Dale:
LinkedIn
DSL Direct
dale@dsldirectllc.com
Northrop Grumman Fan
playlist_add
Nov 10, 2020
The CISO Role: Social Strategies for Enterprise Security | SecurityMetrics Podcast 18
“Gaps in security are behavioral . . . find out what drives behavior at your company, and you will find your vulnerabilities.” As the Strategic Lead of Amazon Web Service’ Global Security Services Team, Dutch Schwartz talks with SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to define what CISOs need to understand about human motivation in order to strategize security programs, utilize company culture, and protect critical data.
*Listen in to learn: *
* *How the CISO position has changed in the last decade and how it’s currently defined. *
* *The surprising differences in intellectual property between companies and the role those differences play in security.*
* *Why culture and social strategy should be more important to a CISO than technology, and tips for facing company culture challenges. *
Resources:
*https://www.linkedin.com/in/dutchschwartz/*
*https://twitter.com/dutch_26*
Download our Guide to PCI Compliance!*…
playlist_add
Oct 27, 2020
Successful PCI Programs at Large Organizations | SecurityMetrics Podcast 17
When your organization has 300 Merchant IDs (MIDs) in a multi-modality environment, leading a PCI DSS compliance program is no easy task. This week, Host and Principal Security Analyst Jen Stone welcomes guest Robbyn Lennon, Senior Merchant Services Program Coordinator at the University of Arizona, along with SecurityMetrics Principal Analyst Michael Simpson to talk about large-scale PCI DSS compliance from both a QSA and a client perspective.
Robbyn explains in detail how she established a PCI DSS compliance program at the University of Arizona. With over 10 years of experience, she shares her three-part strategy: “Engagement, leadership, and encouragement.”
* *How to reduce scope in a large PCI DSS compliance program by organizing merchants into “pods.”*
* *Why a focus on leadership as opposed to management helps employees take accountability for their job processes.*
* *The tools, training, and documentation you need to empower merchants and improve your PCI program.…
playlist_add
Sep 29, 2020
5 Things You Can Do Now to Prevent Cyber Attacks and Data Breach Damage | SecurityMetrics Podcast 16
“It’s our friends and family–our moms and dads–who shop online and are affected when a bad guy gains access. So we take it personally,” said SecurityMetrics SOC/SIEM Director, Heff.
Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) continues this sentiment by saying “When businesses go down, people suffer. Every business we can protect helps elevate the quality of life for the people who are associated.”
At SecurityMetrics, we monitor the threat landscape around the clock. And currently, that landscape is not only vast, it’s complex. Never have companies faced so many challenges, and hackers know it. Data protection measures need to be based on our new global landscape and the latest threats. Today, Heff, Jen, and SOC Analyst Forrest Barth discuss the threat landscape in depth and cover the five most important things you can do now to prevent an attack. Listen to this episode to learn:
* *What the “Fujiwhara Effect” is and why it can make c…
playlist_add
Sep 15, 2020
Data Privacy Compliance: A Critical Moving Target | SecurityMetrics Podcast 15
“A lot of people in the security world want to talk about security, not compliance. But you can’t help secure things if you don’t know what you’re supposed to be securing,” says host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA).
In this episode, NuSkin Data Governance Analyst, Gabrielle Harris (CIPP/E, CIPM, MSML) explains how security and compliance are permanently entwined, “Even though ‘compliance’ has a negative connotation and ‘security’ has a positive one, the truth is that compliance builds brand reputation and trust with customers. Protecting data is an ethical thing, and we would all hope that whoever is protecting ours is taking it seriously.
With experience in over 50 markets, Harris brings a big-picture understanding, a positive attitude, and a tireless work ethic to privacy programs. Listen to this episode to learn:
* *Pervasive attitudes and pitfalls that can hinder GDPR, HIPAA, and CCPA compliance *
* *Critical points in yo…
playlist_add
Sep 1, 2020
6 Phases of an Incident Response Plan | SecurityMetrics Podcast 14
Subscribe to the SecurityMetrics Podcast
“Something has happened.” Your company has experienced the worst: a data breach. You’ll need to answer questions. You’ll need to implement emergency operations and plans, run backup and talk to investigators. Not a convenient time to start your Incident Response Plan.
According to Dave Ellis, SecurityMetrics VP of Investigations (GCIH, PFI, QSA, CISSP), an Incident Response Plan is, in short, “What you do ahead of time, in preparation for an event that you hope never happens.” Ellis sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss in detail the phases of an IRP, along with the circumstances, variables, and options surrounding this “worst case scenario.”
Listen to learn:
* Emergency-Mode Operations, contingency planning, and the recovery phase
* How to get initial buy-in from your executives, C-suites, and decision makers
* Case studies and examples from the field: the prac…
playlist_add
Aug 19, 2020
Cloud Security: What You Need to Know | SecurityMetrics Podcast 13
When Liberty Mutual offered Craig Olsen a lateral leap from Developer to Security Analyst, he took it–and hasn’t looked back since. Now a Cybersecurity Architect, Olsen reflects on the last fifteen years and his role in the transition from one-person internal security departments, to a full-blown industry with unique technologies, solutions, and issues.
When it comes to the cloud, many companies are unsure or hesitant. Some may not even know for sure if they’re using it. Often, this is based on a lack of understanding or familiarity with cloud security.
Olsen and Host Jen Stone sit down for an in-depth discussion about cloud solutions, including:
* What we can learn from companies who’ve experienced data breaches in the cloud
* How to leverage the unique qualities of the cloud to improve security and support growth
* Simple steps anyone can take to build foundational layers of security–areas like passwords, policies, encryption, and compliance
Craig Olsen on LinkedI…
playlist_add
Aug 4, 2020
Jobs in Cybersecurity: Competency vs. Education | SecurityMetrics Podcast 12
In today’s podcast, Dr. Eman El-Sheikh (Director of the Center for Cybersecurity at the University of West Florida) sits with Host and Principal Security Analyst Jen Stone to discuss how we can creatively approach cybersecurity careers from all perspectives.
“We have over half a million open cybersecurity jobs as we speak. And, unfortunately that number is trending up.”
Dr. Eman El-Sheikh is the Director of the Center for Cybersecurity at Western Florida and plays a vital role in recruiting future cybersecurity leaders. Today, she sits with Host and Principal Security Analyst Jen Stone to discuss how we can creatively approach cybersecurity careers from all perspectives.
Listen in to learn:
* What is required for a career in cybersecurity. Do you need a degree? Certifications? Or neither?
* How a skills-based approach can compliment–not contradict–an educational approach
* How we as a cybersecurity industry can foster innovation and diversity while continuing educat…
playlist_add
Jul 21, 2020
How to Prepare for a PCI DSS Assessment | SecurityMetrics Podcast 11
A successful PCI DSS assessment requires a fair amount of preparation and scheduling far in advance. These activities may seem like a lot of work, but they are actually the best way to make your assessment less overwhelming, help you control time and cost, and avoid worst-case scenarios.
With thousands of PCI DSS assessment hours between them, SecurityMetrics Principal Analysts George Mateaki (CISSP, CISA, CISM, QSA, PA-QSA) and Jen Stone (MCIS, CISSP, CISA, QSA) sit down to “talk shop” and share stories from the field.
Listen in to learn:
* How remote assessments work and tips to make them go more smoothly.
* What you should do a year, 9 months, 6 months, and 3 months before your first assessment. Plus, what to do in between assessments to save time and resources.
* An overview of the PCI audit timeline–from initial contact to signing of the report on compliance (ROC).
* How to balance the need for functionality and access at organizations with the goal to protect dat…
playlist_add
Jul 7, 2020
Penetration Testing: The Humanity Behind the Hacking | SecurityMetrics Podcast 10
Paul Poh (CISSP, CISM, CRISC, CIPP/US) has had an interest in cybersecurity since before the internet as we know it existed. From his first exposure to the “Morris Worm” in the early ‘90s as a software engineer at Tufts University, to his current role as Partner at Radical Security, Paul’s mixture of curiosity and wisdom have helped him maintain the perspective needed to be a successful penetration tester. He shares his insights with our Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) on why it’s the small things that can take down an organization’s security.
“Your Software Development, Engineering, and DevOps can all be great. But a malicious actor can still break a password, attack your source code, and insert a backdoor that would then be pushed into production. You can do a great job protecting production, but if a hacker can find something small, they will.”
Listen in to learn
* Case studies that compare typical security measures to actual threat…
playlist_add
Jun 23, 2020
Cloud Security: Management VS Implementation | SecurityMetrics Podcast 9
As a former US Air Force Cyber-Warfare Technician, Vince Romney (CISSP) has been able to leverage his unique military experience in the private sector–most recently as CTO of SK2 Technology, developing high-security encryption applications. In this episode, he joins Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to explore cloud security challenges in the corporate world, but also to share the valuable insights about risk analysis and mitigation which he gained during his military service.
Listen in to learn:
* Common misconceptions about the security, implementation, and risk management required for cloud solutions.
* How decision makers in the corporate world can apply specific risk assessment principles and methods used in the military.
* Lessons learned in military operations that will help you increase the discipline, honesty, and problem-solving ability within your organization’s security program.
“You can live a much calmer life if you accept th…
playlist_add
Jun 9, 2020
Diversity and Mentorship in Cybersecurity | SecurityMetrics Podcast 8
“We need each other. Cybersecurity is a global event and we need all the brains,” says Noreen Njoroge. “Threat actors don’t care where you are from or what your social status is. They are there to attack everybody. As cybersecurity specialists, we should also have that mindset. It’s a community effort. I have to help my brother, my sister, my coworker, my friend, know how to better defend themselves against attacks.”
Njoroge imbues that same philosophy into her cybersecurity mentoring projects. As a Security Threat Engineer at Cisco, President of North Carolina Women in Cybersecurity, and leader of the Mentors and Mentees Group for Women in Cybersecurity, she has a unique perspective on the humans who make up the cybersecurity industry. Today, she sits down with our Host and Principal Security Analyst, Jen Stone, to discuss:
* *How making more “room at the table” for diverse thinking strengthens our defensive stance and improves cybersecurity around the globe. *
*…
playlist_add
May 26, 2020
Automating Your Cybersecurity Processes | SecurityMetrics Podcast 7
Tom Hatch, Co-founder and CTO of Salt Stack, Inc and host of "The Hacks" sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* How cybercriminal activity has become automated and widespread
* How to use automation to help close your security gaps and reduce infrastructure management challenges
* The need for maintaining your applications and having different types of IT individuals address security issues
"We live in the era of continual cyber warfare, and that warfare isn't just between nation states. It's between crime syndicates, crime groups, and hacker groups that seemingly spawn from nowhere. Even a handful of folks–or even a single person–can have a very big impact when they perform these attacks." Thomas Hatch
"As an assessor, I'm seeing a gap between the people that knows there's a problem, the people who have to fix the problem, and then the people who have to approve that there was a problem and that the problem h…
playlist_add
May 12, 2020
Business Continuity during Healthcare Crisis | SecurityMetrics Podcast 6
In healthcare, it’s common to encounter the attitude that “HIPAA is complicated.” Naturally, this leads to people finding ways to make HIPAA seem irrelevant or useless. However, this belief couldn’t be further from the truth and leads to increased risk for patients, especially during times of crisis. Donna Grindle of the “Help Me with HIPAA” Podcast, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:
* How to address the gaps in understanding and myths about HIPAA that hinder healthcare providers
* Various approaches to administrative safeguards like Business Contingency Plans and Disaster Recovery Plans
* Ways to leverage the requirements of HIPAA to better protect individuals and organizations
2020 SecurityMetrics HIPAA Guide - https://info.securitymetrics.com/hipaa-guide-2020
2020 SecurityMetrics PCI Guide - https://info.securitymetrics.com/pci-guide-2020
Learn more at SecurityMetrics.com
Check out Donna's "Help Me…
playlist_add
May 5, 2020
How Can I Prevent Ransomware? | SecurityMetrics Podcast 5
Of all the types of malware, ransomware is one of most dangerous. In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Dave Ellis (VP Forensic Investigation, GCIH, CISSP, QSA, PFI) to discuss:
-What you should do before, during, and after a ransomware attack
-Stories from the field about ransomware attacks and responses
-The “compliance versus security” debate in the effort to prevent ransomware
“When it comes to your cybersecurity, don’t trust anything. Games, quizzes, and other fun apps seem harmless, but may very be collecting personal data or installing backdoors on systems,” says Ellis.
2020 SecurityMetrics HIPAA Guide: https://info.securitymetrics.com/hipa...
2020 SecurityMetrics PCI Guide: https://info.securitymetrics.com/pci-...
Learn more at https://www.securitymetrics.com/
Resources: https://www.securitymetrics.com/blog/...
*Before implementing any policies or procedures you hear about on this or any other episodes, make…
playlist_add
Apr 28, 2020
Phishing and Malware Attacks Amidst COVID-19 | SecurityMetrics Podcast 4
In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Matt Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) to discuss:
* How threat actors are leveraging the COVID-19 crisis climate to prey on businesses and individuals
* Current phishing and social engineering scams to watch out for and how to avoid them
* Security awareness tips you can share with those most vulnerable to cyber scams and attacks
Resources: https://www.securitymetrics.com/blog/covid-19-cyber-attacks-threat-report-and-best-practices
2020 SecurityMetrics HIPAA Guide: https://info.securitymetrics.com/hipa...
2020 SecurityMetrics PCI Guide: https://info.securitymetrics.com/pci-...
Learn more at https://www.securitymetrics.com/
*Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT de…
playlist_add
Apr 21, 2020
How to Prevent Formjacking and E-commerce Skimming | SecurityMetrics Podcast 3
*SecurityMetrics Podcast | 3*
How to Prevent Formjacking and Ecommerce Skimming
In this episode, Aaron Willis (Forensic Analyst, CISSP, PFI) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
* What is formjacking/ecommerce skimming?
* Tools to use to prevent and avoid formjacking/ecommerce skimming
* Solutions on how to detect and track skimmers
* What to do if your data is being skimmed
Learn more at SecurityMetrics.com/webpage-integrity-monitoring
Download our Guide to PCI Compliance! - https://info.securitymetrics.com/pci-guide-2020
Download our Guide to HIPAA Compliance!* *- https://info.securitymetrics.com/hipaa-guide-2020
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
playlist_add
Apr 15, 2020
Effect of COVID-19 Crisis on Healthcare IT Security | SecurityMetrics Podcast 2
In this episode, Meagan Elguera (Corporate Communications Managers) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
* Added pressure and stress covered entities may face during times of crisis
* How using telehealth for treatment affects privacy and security amid COVID-19
* Review of the recent bulletin from the OCR on Civil Rights, HIPAA, and Coronavirus
https://www.securitymetrics.com/
PCI Guide: https://info.securitymetrics.com/pci-guide-2020
HIPAA Guide: https://info.securitymetrics.com/hipaa-guide-2020
Get a quote: https://www.securitymetrics.com/pci
Resources: https://www.hhs.gov/sites/default/files/ocr-bulletin-3-28-20.pdf
playlist_add
Apr 7, 2020
How to Work from Home Securely | SecurityMetrics Podcast 1
In this episode, Jen Stone sits down with Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
* Data security best practices while working from home
* How to properly use a VPN
* How working from home affects a PCI Assessment
https://www.securitymetrics.com/
PCI Guide: https://info.securitymetrics.com/pci-guide-2020
HIPAA Guide: https://info.securitymetrics.com/hipaa-guide-2020
Get a quote: https://www.securitymetrics.com/pci
Resources: https://www.hhs.gov/sites/default/files/ocr-bulletin-3-28-20.pdf
playlist_add