Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone  (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current critical infrastructure landscape.

Listen to learn:

• What organizations are critical infrastructure
• Current threats to our critical infrastructure
• How can CMMC can help strengthen an organization's cybersecurity stance

Katie Arrington

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss:

• The work of 405(d) and how it can help your organization
• Exciting new training available through the PriSec Bootcamp
• Why we start with risk management in the healthcare industry

Donna's "Help Me With HIPAA" Podcast

HHS Website

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."

Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene.

Listen to learn:

• Most common breach types this year
• Tips to help your employees stay secure
• How to respond to a data breach

Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB).

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure."

Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank accounts, or even your business. Tune in this week as Jen Stone and Noah Pack give you the essentials to keep your personal data safe.

Listen to learn:
-Essentials to keep data safe
-How to help employees that are easily phished
-Keeping a secure business beyond PCI compliance

Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Noah Pack (Threat Hunter/SOC Analyst, Security+, ITF+, Sophos Certified Engineer).

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Tune in this week as Jen Stone, Scott Robinson, and Robbi Watson discuss all things ISO.

Listen to Learn:

• What is an ISO?
• How can ISOs help their merchants?
• Tips for an ISO / ISO Program Best Practices

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share."

Privacy rights are often unpinned from security, but they’re critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianus Warmenhoven  (Defensive Strategist and Threat Intelligence Manager at NordVPN) in a wide-ranging conversation about privacy, security, risk, and compliance.

Listen to learn:
-How privacy and security are related
-Who should make risk-based decisions
-Regaining personal privacy in our increasingly connected world

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management.

Listen to learn:

• What is an attack surface?
• Attack surface management VS vulnerability management VS endpoint security management.
• How can teams gain contextual awareness of their environments?

Subscribe to the SecurityMetrics Podcast Email!

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish."

There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Jeremy King (Regional Head for Europe at PCI Security Standards Council) give you the entire rundown of all the PCI standards, as well as tips from the PCI council.

Listen to learn:

• Comprehensive Review of the PCI Standards
• Tips on Completing Compliance
• How to Maintain Peak Card Data Security

Subscribe to the SecurityMetrics Podcast Email!

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Subscribe to the SecurityMetrics Podcast Email!

Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Chase Pettet (Chief Security Architect at Archer Integrated Risk Management) dive into cloud security 101.

Listen to learn:

• What is driving the continued shift to the cloud?
• Does being in the cloud require organizations to think about their architecture differently?
• Is security radically different in cloud environments?

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"In order for us to meet our end objective of risk mitigation on software and applications, we have to get the developers on our side. If you do not collaborate with the developers, you're not going to be able to manage that risk"

Tune in this week as Jen Stone and Harshil Parikh discuss how to eliminate friction between development and security.

Listen to learn:

• How to collaborate with developers
• How collaboration can aid in cybersecurity efforts
• How setting clear expectations can improve teamwork

Hosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Mike McNeil (Founder/CEO of FleetDM)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/