"We all rely on service providers to keep our businesses afloat. I get asked all the time,  'How do I know that this service provider is going to be careful with my data?' Service providers can elevate our risk, while at the same time giving us really important services that we need. "

When using service providers, managing your 3rd party risk can be a challenge. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) talks with Paul Poh (CISSP, CISM, CRISC, CIPP/US) about how we can best manage and minimize that 3rd party risk that often comes with using these service providers.

Listen to learn:
-Things to look for when choosing a service provider.
-Keeping your data secure with your service provider.
-Things you need to know about your own security.

Paul Poh on LinkedIn - https://www.linkedin.com/in/paulpoh/

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"A lot of people don't realize, kids are smart! They know how to get around these controls that are in place. So the more informed you are as a caregiver, the more you can keep an eye on things that are going on with your kids and that they are getting the right information and aren't going to negative places."

The internet is a vast and often dangerous place. With increasing threat actors prying to target these vulnerable young ones, protecting our kid's from harmful places online is crucial to keep them safe and secure. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) speaks with Teressa Gehrke (Founder and CEO of PopCykol) about how we can prevent our kids from finding out the hard way the dangers of the internet.

Listen to learn:

• How to best communicate to kids about internet safety.
• How we can approach kids after an incident has occurred.
• Tools and resources for every age to learn about internet security.

Visit https://www.popcykol.com/ to learn more.

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"Security is hard, even for professionals. There are a ton of things to know. As a defender, you have to be right 100% of the time. As an attacker, you kinda just have to get lucky once. If you go out there and educate people (in your company) about security, then they can become an ally for you."

Join us this week as Jen Stone(MCIS | CISSP | CISA | QSA) and Matt Halbleib (CISSP | CISA | QSA (P2PE) | PA-QSA (P2PE)) discuss all the things you can do to better prepare you and your company for a risk assessment.

Listen to learn: 

• How to better know your scope to be ready for your assessment
• How to teach security between departments
• How to make PCI work for you

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Subscribe to the Podcast!

With so much ransomware stories in the news this year, one would think that ransomware is a new technique used by threat actors. In reality, ransomware has been around for almost a decade, and so have the basic principles on how to protect yourself from getting hit with it.

Join Gary Glover (CISSP, CISA, QSA, PA-QSA) and Jen Stone (MCIS, CISSP, CISA, QSA) as they teach all you need to know about what ransomware is, and how to stay safe from it.

Listen to learn: 

• What is ransomware?
• Why does ransomware seem to be so effective?
• How can I protect my business from being vulnerable to ransomware?

Resources:
-https://www.cisa.gov/

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

"It's the nature of our team's roles that there's always going to be trade-offs. It's hardly ever a simple decision between A and B. So you need to lean into that and get more comfortable with ambiguity." 

Having clear and open communication with your IT or security team is essential to maintaining a secure business. Although, if the correct steps are not taken, working alongside these teams can be challenging. 

Tune in this week as Jen Stone (Principal Security Analyst MCIS, CISSP, CISA, QSA) and Dutch Schwartz (Strategic Lead of Amazon Web Service’ Global Security Services) talk about how to build a straight-forward, strong relationship with your IT and security teams.

Listen to learn: 

• Steps to improve interpersonal relationships within your IT department
• How to maintain good communication between departments
• How to approach problem solving tasks with multiple teams
  
  
  

Resources:

Dutch's LinkedIn: https://www.linkedin.com/in/dutchschwartz/

Dutch's Twitter: https://twitter.com/dutch_26

Download our Guide to PCI Compliance! - https://info.securitymetrics.com/pci-guide

Download our Guide to HIPAA Compliance! - https://info.securitymetrics.com/hipaa-guide

Access our free cybersecurity and compliance conference - www.securitymetrics.com/summit

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

• Curtis's cybersecurity ABC book, "M is for Malware" 
• How to better teach our young ones how to be safe online
• Helping to teach those just entering the data security field

Get your copy of "M is for Malware" at https://misformalware.com/

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

“What is managed security? It’s about trusting your business to someone else.”

Whether you call it outsourcing, partnering, or hiring, choosing an MSSP is a decision that can seriously affect a business. SecurityMetrics Director of SIEM Operations and SecurityMetrics News Host, Matt “Heff” Heffelfinger, talked with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about the many factors that go into choosing the right security firm for your business. With experience at General Electric, NBC, and TJ Maxx, Heff’s breadth of knowledge and experience allow him to see threats in the long term and help you avoid problems down the road.

Listen to learn:

• Types of managed security (MDR versus MSSP) and what they do
• How to determine the security services your business needs
• Resources to help you ask the right questions, create better contracts, maintain or end relationships, and get the most from your MSSP

How to Choose the Right MSSP for Your Small to Medium Business

SecurityMetrics Threat Intelligence Center

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Subscribe to the SecurityMetrics Podcast

“Is there really a shortage of skills in cybersecurity? Or are we just looking at it the wrong way?”

Director of Information Security and IT at BEEM Technologies, Naomi Buckwalter (CISSP, CISM) discovered hacking at Vanguard, where she joined a class and learned to hack from scratch. Her experiences as a software security architecture, security engineer, career advisor, mentor, and speaker have given her a broad spectrum of insight about the so-called cybersecurity “skills shortage.” In this episode, Naomi talks with Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) about why mythology and gatekeeping in cybersecurity are holding the industry back and creating an uncertain future.

Listen to learn:

• Why new professionals see barriers in cybersecurity and what industry veterans need to do to paint a better picture
• How improving emotional intelligence and culture in the cybersecurity community can help us better fight cybercrime
• Tips for people who want to get started in cybersecurity

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

“What is our responsibility as leaders of security teams? It’s doing security right from the beginning; from the design. It has to be there.” 

Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) welcomes Vandana Verma: Security Architect IBM, Vice Chair of the Global Board of Directors at OWASP, leader at InfosecGirls, and founder of Infosec Kids. As a prolific speaker and thought leader in the cybersecurity space, Vandana is vocal in the efforts to help women and youth build their communities in cybersecurity. She has trained over 10,000 diverse candidates and brings an undeniable enthusiasm and passion to security research. 

Listen to learn more about:

• The role of cyber threat intelligence in application development.
• Ways to gamify security to avoid a checkbox mentality and prevent costly security issues.
• How machine learning, AI, and adaptive access are rapidly changing access security.

Vandana on Linkedin

Infosec Girls

OWASP

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Dr. Oren Eytan joins Jen Stone (Principal Security Analyst, MCIS, CISSP, CISA, QSA) to discuss his experiences as a cybersecurity leader in both the military and civilian realms. After serving in the Israeli defense forces, two degrees in Electrical Engineering, and time at Motorola, Dr. Oren Eytan continues the fight against malware as the CEO of Odix. Today he helps protect businesses in all sectors, including utilities and technology.

Listen to Learn:

• Why creative thinking is crucial to cyber security
• Lessons learned from protecting critical infrastructure 
• The relationship between connectivity and vulnerability 

Connect with Dr. Eytan on LinkedIn

Odix

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/