Now in its second season, SecurityMetrics Podcast aims to bring critical security conversations to the forefront. With an ever-changing threat landscape and internal challenges, the security industry needs community and education more than ever.
Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) brings on guests with unique viewpoints that are important to the entire security and payments ecosystem. CISOs and consultants share tips that work for them, security architects offer new takes on the importance of embedded security, and seasoned journalists share insight into how far we've come.
Jen recently commented on the podcast’s silver Cybersecurity Excellence Award in the category of Best Cybersecurity Podcast, "It's a pleasure talking to those in our industry about cybersecurity, and I hope our listeners learn as much from the conversations as I do."
A cybersecurity podcast for beginners and security veterans
On everyone’s mind is the perception that there is a lack of talent in cybersecurity. At the same time, there are people interested in cybersecurity careers who are unsure of where to start or what the pathway looks like.
Jen recently spoke with Security Architect Naomi Buckwalter about industry perceptions, realities, and what veterans can do to help grow a competent security workforce. Naomi said, “Is there really a shortage of skills in cybersecurity? Or are we just looking at it the wrong way?” She went on to explain that attitudes like gatekeeping and superiority are actually major issues deterring newcomers from careers in cybersecurity.
Check out the “Hair to Tech” Podcast, which follows the journey of a new cybersecurity professional.
For veteran security professionals, issues like organizational communication and preventing data breaches are top of mind. Understanding between CISOs and the rest of a company is key in the fight against hackers, and this understanding requires strategy.
Strategic Lead of Amazon Web Service’ Global Security Services Team, Dutch Schwartz, recently visited the podcast to define what CISOs need to understand about human motivation in order to strategize security programs, utilize company culture, and protect critical data. He explained, “Gaps in security are behavioral . . . find out what drives behavior at your company, and you will find your vulnerabilities.”
Cybersecurity interviews across the industry
The cybersecurity industry and the payments ecosystem will be healthier if a variety of voices are heard and communities are supported. Security Threat Engineer and thought leader Noreen Njoroge recently came on SecurityMetrics Podcast to discuss how to improve cybersecurity and our defensive stance around the world through diverse thinking and mentorship.
“We need each other. Cybersecurity is a global event and we need all the brains,” says Noreen Njoroge. “Threat actors don’t care where you are from or what your social status is. They are there to attack everybody. As cybersecurity specialists, we should also have that mindset. It’s a community effort. I have to help my brother, my sister, my coworker, my friend, know how to better defend themselves against attacks.”
Card brands play an important role in the wider payment data security ecosystem–especially when it comes to compliance to data security standards like PCI DSS. As guest John Elliot, Director of Industry Standards at Mastercard, explained, the PCI Security Standards Council works with major card brands to help merchants make PCI compliance “business as usual” in an effort to prevent payment data theft.
More cybersecurity and payment data security topics on SecurityMetrics Podcast
In addition to industry trends and thought leadership, SecurityMetrics Podcast regularly explores topics such as:
- Social engineering
- Penetration testing
- Preventing cyber attacks
- E-commerce skimming attacks
- PCI DSS 4.0 expectations
- PCI programs at large organizations
- How to prepare for a PCI DSS audit
- Healthcare security and COVID-19 security concerns
- Threat intelligence, detection, and mitigation
- Data breach remediation and investigation
- Incident response plans
- Malware, phishing, and ransomware