A cybersecurity podcast for both IT professionals and security novices
We are excited to announce the launch of a new project we’ve had in the works: SecurityMetrics Podcast. It’s going to be a weekly podcast with regular host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA), along with a variety of experts in the data security and compliance space. The podcast will cover cybersecurity news and hot topics, data breach forensics, healthcare IT issues, as well as everyday compliance challenges faced by IT managers and business owners.
This podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.
SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone
SecurityMetrics Podcast Host and Principal Security Analyst Jen Stone started her career in IT operations and has worked with varied teams throughout the IT sector, including DevOps and Development. Because of her broad background, she thinks in terms of big picture systems, which allows her to see end-to-end security solutions and detect potentially exploitable vulnerabilities.
Known as a skilled communicator, Jen is a go-to evangelist for the message of data security. She has presented at numerous security shows, including HIMSS, PCI North America Community Meeting, SaintCon, and ISC2. As a University Audit team member, Jen has spoken to the Treasury Institute of Higher Education numerous times about handling the unique security challenges in a University setting.
She has a penchant for tackling problems that others find too difficult, particularly, the communication “divide” between non-technical employees and their IT teams. With a firm belief that good process and successful communication are absolutely essential to a successful security and compliance program, Jen untangles the snarls of IT security in sectors including healthcare, education, retail.
How to watch and listen to SecurityMetrics Podcast
Here’s info on the first couple of episodes. Enjoy!
In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
- Data security best practices while working from home
- How to properly use a VPN
- How working from home affects a PCI Assessment
"Due to the coronavirus and social distancing, a lot of companies needed to move their employees from the office and into their homes, but luckily they weren't just doing it without thinking about how that move would affect their data security and their sensitive data," says Michael Simpson.
Throughout this episode, Michael Simpson discusses tips on how to maintain and improve your security while making the transition of having more workers go from the office and work from home. For example, "If you can minimize those network segments by having those devices come into a VPN that’s controlled by the organization, this can help to simplify the scoping discussion."
In this episode, Meagan Elguera (Corporate Communications Manager) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
- Added pressure and stress covered entities may face during times of crisis
- Why phishing scams are a bigger threat during the COVID-19 crisis
- How using telehealth for treatment affects privacy and security amid COVID-19
- Review of the recent bulletin from the OCR on Civil Rights, HIPAA, and Coronavirus
“Healthcare IT security is absolutely affected by the COVID-19 crisis. Providers have to be open. They have to be helping people that need help. But maybe their IT service providers are scaling back and aren’t on site as much. There are a lot of reasons why security would be impacted right now–as mentioned, it could be a lack of security personnel on site, or healthcare organizations could be scaling back some of the bigger projects they have. So that gives an opportunity for the vulnerabilities in systems to be exploited by the bad guys,” says Jen Stone.
“Here’s another way the bad guys take advantage of vulnerabilities: phishing scams, which work by getting you to open an email and clicking on an attachment or link you shouldn’t. These scams usually prey on a sense of urgency and fear anyway, so with all of us affected by the COVID crisis, our fears and anxieties are going to be amped up. If you get a scary email and click a link out of panic, suddenly you’ll find yourself giving information or giving access you shouldn’t. Even though we’re all anxious, we need to stop and think twice: is this clearly a phishing scam? Am I clicking because I know it’s safe or because I’m acting out of fear?”
In this episode, Aaron Willis (Forensic Analyst, CISSP, PFI) sits down with Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) to discuss:
- What is formjacking/ecommerce skimming?
- Why traditional security measures can’t detect skimming
- SecurityMetrics WIM solutions to detect and track skimmers
- What to do if your data is being skimmed
“Right,” says Forensic Analyst Aaron Willis, “Who doesn’t do online banking these days? We see malware scripts being placed anywhere people are entering sensitive information: banking, medical, and business sites. If an attacker can place a skimmer on a webpage, grab data, and then make money from that, they will. If you enter any sensitive information into webpage fields, you should consider running a WIM scan.”
This episode of SecurityMetrics Podcast is available on the SecurityMetrics Learning Center.
Subscribe to the SecurityMetrics Podcast to stay on top of cybersecurity issues
When you subscribe to the SecurityMetrics Podcast, you can expect new episodes delivered to your inbox on a regular basis. Hear the latest in data security from cyber threat experts, compliance auditors, forensic analysts, and infosec professionals: those who work every day in the trenches of cybersecurity to keep our data safe and protect customers and patients.