BLOG HOME > SecurityMetrics Podcast: The Latest in Cybersecurity and Compliance

SecurityMetrics Podcast: The Latest in Cybersecurity and Compliance

A cybersecurity podcast for both IT professionals and security novices

We are excited to announce the launch of a new project we’ve had in the works: SecurityMetrics Podcast. It’s going to be a weekly podcast with regular host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA), along with a variety of experts in the data security and compliance space. The podcast will cover cybersecurity news and hot topics, data breach forensics, healthcare IT issues, as well as everyday compliance challenges faced by IT managers and business owners. 

This podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.

Free Data Security Education

Sign Up for Academy

SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone

SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone started her career in IT operations and has worked with varied teams throughout the IT sector, including DevOps and Development. Because of her broad background, she thinks in terms of big picture systems, which allows her to see end-to-end security solutions and detect potentially exploitable vulnerabilities.

Known as a skilled communicator, Jen is a go-to evangelist for the message of data security. She has presented at numerous security shows, including HIMSS, PCI North America Community Meeting, SaintCon, and ISC2. As a University Audit team member, Jen has spoken to the Treasury Institute of Higher Education numerous times about handling the unique security challenges in a University setting.

She has a penchant for tackling problems that others find too difficult, particularly, the communication “divide” between non-technical employees and their IT teams. With a firm belief that good process and successful communication are absolutely essential to a successful security and compliance program, Jen untangles the snarls of IT security in sectors including healthcare, education, retail.

How to watch and listen to SecurityMetrics Podcast

Check out the SecurityMetrics Podcast; available in our learning center and on major podcast platforms including Apple, Google, Spotify, and Stitcher.

Here’s info on the first couple of episodes. Enjoy!

SecurityMetrics Podcast 1: How to Work From Home Securely

In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) to discuss:

  • Data security best practices while working from home 
  • How to properly use a VPN
  • How working from home affects a PCI Assessment

"Due to the coronavirus and social distancing, a lot of companies needed to move their employees from the office and into their homes, but luckily they weren't just doing it without thinking about how that move would affect their data security and their sensitive data," says Michael Simpson.

Throughout this episode, Michael Simpson discusses tips on how to maintain and improve your security while making the transition of having more workers go from the office and work from home. For example, "If you can minimize those network segments by having those devices come into a VPN that’s controlled by the organization, this can help to simplify the scoping discussion."

This episode of SecurityMetrics Podcast is available on the the SecurityMetrics Learning Center as well as on Apple, Google, Spotify, and Stitcher.

SecurityMetrics Podcast 2: Healthcare IT Security During the COVID-19 Crisis

In this episode, Meagan Elguera (Corporate Communications Manager) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss: 

  • Added pressure and stress covered entities may face during times of crisis
  • Why phishing scams are a bigger threat during the COVID-19 crisis
  • How using telehealth for treatment affects privacy and security amid COVID-19 
  • Review of the recent bulletin from the OCR on Civil Rights, HIPAA, and Coronavirus

“Healthcare IT security is absolutely affected by the COVID-19 crisis. Providers have to be open. They have to be helping people that need help. But maybe their IT service providers are scaling back and aren’t on site as much. There are a lot of reasons why security would be impacted right now–as mentioned, it could be a lack of security personnel on site, or healthcare organizations could be scaling back some of the bigger projects they have. So that gives an opportunity for the vulnerabilities in systems to be exploited by the bad guys,” says Jen Stone.

See How a Managed Firewall can Help Secure Your Data

Learn More

“Here’s another way the bad guys take advantage of vulnerabilities: phishing scams, which work by getting you to open an email and clicking on an attachment or link you shouldn’t. These scams usually prey on a sense of urgency and fear anyway, so with all of us affected by the COVID crisis, our fears and anxieties are going to be amped up. If you get a scary email and click a link out of panic, suddenly you’ll find yourself giving information or giving access you shouldn’t. Even though we’re all anxious, we need to stop and think twice: is this clearly a phishing scam? Am I clicking because I know it’s safe or because I’m acting out of fear?”

This episode of SecurityMetrics Podcast is available on the SecurityMetrics Learning Center, as well as on Apple, Google, Spotify, and Stitcher.

SecurityMetrics Podcast 3: How to Prevent Formjacking and Ecommerce Skimming

In this episode, Aaron Willis (Forensic Analyst, CISSP, PFI) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:

  • What is formjacking/ecommerce skimming?
  • Why traditional security measures can’t detect skimming
  • SecurityMetrics WIM solutions to detect and track skimmers
  • What to do if your data is being skimmed

“Ecommerce skimming, Magecart, formjacking–it has many names, but what we are talking about is attackers injecting Javascript to capture information from any kind of webpage form to steal data–it doesn’t necessarily have to be a payment page with credit card info. Any critical sensitive information–like protected health information, log in credentials, SSNs, etc.,” says Principal Security Analyst Jen Stone. 

“Right,” says Forensic Analyst Aaron Willis, “Who doesn’t do online banking these days? We see malware scripts being placed anywhere people are entering sensitive information: banking, medical, and business sites. If an attacker can place a skimmer on a webpage, grab data, and then make money from that, they will. If you enter any sensitive information into webpage fields, you should consider running a WIM scan.”

This episode of SecurityMetrics Podcast is available on the SecurityMetrics Learning Center

Subscribe to the SecurityMetrics Podcast to stay on top of cybersecurity issues

When you subscribe to the SecurityMetrics Podcast, you can expect new episodes delivered to your inbox on a regular basis. Hear the latest in data security from cyber threat experts, compliance auditors, forensic analysts, and infosec professionals: those who work every day in the trenches of cybersecurity to keep our data safe and protect customers and patients. 

SecurityMetrics Podcast: The latest in data security and compliance

Subscribe