Announcing Practical Cybersecurity With Jen Stone

Small and medium-sized businesses are often presented with information overload or intangible cybersecurity theories that are difficult to put into practice.

This is why Host Jen Stone is back with SecurityMetrics to create the Practical Cybersecurity Podcast. When you tune into Practical Cybersecurity, you will get applicable advice on how to better secure your business in today’s threat environment. You’ll also hear from industry experts who will share their expertise and personal cybersecurity experiences.

And, don’t worry, these episodes are short and sweet if you’re tuning in on Spotify or Apple Music (think around 15 minutes). If you want to see other podcasts, no director’s cut, then subscribe to the YouTube channel for Practical Cybersecurity.

Meet Jen Stone: Practical Cybersecurity Podcast Host

Jen Stone (MCIS, CISSP, CISA, QSA) isn’t your typical security expert. A veteran Technical Security Assessor and Principal Security Analyst at SecurityMetrics, Jen’s career started in the engine room of IT operations, working across DevOps and Development. Jen’s varied background and career allow her to identify end-to-end security solutions and vulnerabilities that others miss.

But Jen’s real superpower is her ability to take complex, technical information and present it in a way that anyone can understand. A frequent speaker at major security summits such as HIMSS, PCINACM, and ISC2, Jen is a dedicated data security evangelist who refuses to use fear as a motivator.

“When security professionals bring in an ‘I am smarter than you’ attitude, it’s not helpful,” Jen says. “Businesses feel helpless and start to think a breach is inevitable. That’s just not true. My goal is to replace that nihilism with practical, actionable steps.”

Podcast One: “Good Enough” Security for Small Business Budgets

[Youtube] [Spotify] [Apple Music]

In our premiere episode, Jen is joined by Kurt Dukes, Executive VP at the Center for Internet Security (CIS). Kurt spent 30 years at the NSA before moving to the private sector, and he brings that "mission-first" mentality to the SMB world.

If you’ve ever felt like your security program is a house of cards, this conversation is for you. Jen and Kurt strip away the jargon to reveal a foundational approach to defense.

"Business leaders just want to be told what to do. They need to know what is 'good enough' because they don't have unlimited resources." — Kurt Dukes

Need a CIS Controls Assessment? Get Started Here.

Podcast Two: Why the Basics Still Matter for Small Businesses

[Youtube] [Spotify] [Apple Music]

In this episode, Jen Stone sits down with Daniel Eliot, the lead for small business engagement at NIST. Daniel explains how NIST has pivoted to create "small-chunk" resources specifically for under-resourced organizations. We break down the new NIST CSF 2.0 Small Business Quick Start Guide and identify the five fundamentals that actually move the needle on your security.

"I can’t think about cybersecurity this week; I’m thinking about 1099s” (Daniel Eliot).

If you’ve ever felt that way, you’re not alone. Most small business owners feel that the NIST Cybersecurity Framework (CSF) is a 500-page manual meant for government contractors, not a local hardware store or a growing startup.

Need a NIST Risk Assessment? Get an expert’s help.

Podcast Three: Why Your Security Risk Analysis is Probably Wrong

[Youtube] [Spotify] [Apple Music]

Are your IT or cloud providers handling your security? Does your site claim you're "HIPAA Compliant"? Donna Grindle, CEO of Kardon and co-host of Help Me With HIPAA, delivers a massive reality check for small business owners. We break down the difference between gap analysis and a true SRA, why IT speaks a different language, and how the "CREMATE" method finds your data.

"If you put on your website that you're HIPAA compliant, immediately I'm concerned" (Donna Grindle).