SecurityMetrics

Practical Cybersecurity with Jen Stone

Practical Cybersecurity , hosted by Jen Stone (MCIS, CISSP, CISA, QSA), is the bridge between complex security frameworks and real-world business implementation. Whether you are a "Jack of all trades" IT manager or a business leader with limited resources, this show provides the roadmap to a defensible security posture. 

Autor

SecurityMetrics

Categoría

Education

Web del podcast

www.buzzsprout.com

Último episodio

7 de jul. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

You're Probably Behind on CMMC. Here’s What To Do Next. (ep 11) 07.07.2026

About 100 authorized assessors. An estimated 118,000+ companies that need to be assessed. That math is the reason CMMC can't wait — and it's where this conversation starts. Brett Cox, lead CMMC Certified Assessor and head of Boeing's DFARS CMMC Program Management Office, joins host Jen Stone to explain what the Cybersecurity Maturity Model Certification actually requires, why the No...

Which PCI SAQ Do You Actually Need? (ep. 10) 23.06.2026

First time filling out a PCI SAQ? In this episode, two QSAs who've scoped hundreds of payment environments walk you through how to pick the right one—so you don't end up with the wrong form, the wrong security controls, and the wrong amount of risk. Choosing the right PCI DSS Self-Assessment Questionnaire (SAQ) isn't just a paperwork decision. Pick the wrong form and you can leave b...

Passkeys: An Upgrade You Didn't Know You Needed (ep. 9) 09.06.2026

Passwords were built for a different era of the internet. It’s time to move past shared secrets to close your organization's largest threat vector for good. Traditional passwords and legacy Multi-Factor Authentication (MFA) are no longer enough to protect your business. Automated, scaling phishing toolkits easily intercept shared secrets, leaving small and medium businesses highly vulnerable...

The Expert Guide to Defeating eSkimmers (ep. 8) 26.05.2026

We can't keep turning a blind eye to e-commerce skimming. It's a real threat that demands real attention—regardless of how compliance checklists evolve. Eighteen months ago, our panel met to break down the rollout of PCI DSS requirements 6.4.3 and 11.6.1. Now, one year after PCI v4.0, we're looking at the data-backed reality of how these requirements are actually playing out in the...

Cybersecurity Priorities for 2026: The Two Vulnerabilities to Focus on in the AI Era (ep. 7) 12.05.2026

Is your organization prepared for an autonomous AI bot? Roger Grimes joins Jen Stone to discuss the shifting landscape of cybersecurity. This episode moves past the hype to look at the hard data: AI scams are yielding 4.5x more value for attackers, and traditional MFA is no longer enough to stop them. In this episode, we translate complex "vulnerability fatigue" into a clear, two-step pr...

The SAQ A Deep Dive: Two QSAs Set the Record Straight (ep. 6) 28.04.2026

This episode of Practical Cybersecurity moves past the standard PCI checklist to focus on the operational realities, common misconceptions, and "stealth" requirements that define SAQ A in the PCI DSS v4.0.1 era.  The Eligibility Foundation Most merchants skip the Eligibility Criteria , which is the actual foundation of the assessment. Total Data Outsourcing: To qualify, a merchant must n...

Protecting the House: Why Asset Management and "Storytelling" are Keys to HITRUST (ep.5) 14.04.2026

Episode Summary In this episode of Practical Cybersecurity , we dive into the complex world of HITRUST certification. Often called the "gold standard" for healthcare security, HITRUST can be a daunting mountain to climb for small and large organizations alike. Jen Stone and experts Peter Briel (Privaxi) and Lee Pierce (SecurityMetrics) break down why scoping is your best friend, why scre...

4 Critical Tasks for Small IT Teams (ep.4) 31.03.2026

A single data breach now costs a business an average of $1.4 million, according to the annual IBM report. For a small or medium-sized business (SMB), this hit is often terminal—most companies that suffer a major breach struggle to stay in business longer than six months. In this episode, Matt "Heff" Heffelfinger , Director of SOC Operations at SecurityMetrics, joins us to discuss why man...

Why Your Security Risk Analysis is Probably Wrong (ep. 3 Part 1) 17.03.2026

Are your IT or cloud providers handling your security? Does your site claim you're "HIPAA Compliant"? Donna Grindle, CEO of Kardon and co-host of Help Me With HIPAA , delivers a massive reality check for small business owners. We break down the difference between gap analysis and a true SRA, why IT speaks a different language, and how the "CREMATE" method finds your data....

Pressure Testing Your IRP: Why "Calling IT" Isn't a Plan (ep. 3 Part 2) 17.03.2026

What happens when the news cameras show up and your business grinds to a halt? Donna Grindle, CEO of Kardon, returns to discuss the "hair on fire" reality of a data breach. We move past the paperwork to explore why "calling IT" isn't a plan, the hidden costs of notification letters, and how insurance mazes can complicate your recovery. Key Takeaways "Call IT" is...

Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In (ep. 2) 03.03.2026

"I can’t think about cybersecurity this week; I’m thinking about 1099s." You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.  Jen Stone sits down with Daniel Eliot , NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "sm...

"Good Enough" Security for Small Business Budgets (ep. 1) 17.02.2026

In this episode of Practical Cybersecurity , host Jen Stone talks with Curt Dukes, EVP and GM of Security Best Practices at the Center for Internet Security (CIS). Drawing on his 30-year career at the NSA, Dukes breaks down how small and medium businesses (SMBs) can implement "good enough" security without unlimited resources. The conversation focuses on Implementation Group 1 (IG1) —a p...

[Webinar] What You Can Expect from a HITRUST Assessment 17.04.2025

In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss: How to determine which HITRUST Assessment type to choose How to prepare for a HITRUST Validation Assessment What to expect from a SecurityMetrics HITRUST Assessment Ready to discuss your HITRUST needs? Request a quote here. Read our new HITRUST 101 White Paper here. A note from Jen: We...

New to PCI Compliance? Get the Support You Need | SecurityMetrics Podcast 106 02.12.2024

Learn more about cyber risks for small businesses:  Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you. Learn how SecurityMetrics can help you navigate this regulatory landscape. We'll discuss: Why your processor is making y...

Are you ready for the ecommerce security storm? A buyer’s guide to PCI DSS 11.6.1 and 6.4.3 23.10.2024

Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial. In this episode, our panelists discuss: Understanding PCI 4.0 for e-commerce: Learn about...

Cybersecurity for Families: A Parent-Child Guide to Online Safety | SecurityMetrics Podcast 104 25.09.2024

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activity Are you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss their journey of creating a guide designed to hel...

Building a Resilient Healthcare System: A Cybersecurity Blueprint | SecurityMetrics Podcast Ep 103 12.09.2024

Links from the episode: https://405d.hhs.gov/ Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data. A note from Jen: We built Practical Cybersecurity because we were tired of the fear-monge...

Which SAQ type is right for my business? | SecurityMetrics Podcast Ep 102 29.08.2024

Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0. Learn which one is right for your business based on your payment processing environment. Learn about: Different SAQ types for merchants Eligibility criteria for each SAQ type Factors to consider w...

Farm to… DevOps?: How anyone can grow into a tech career | SecurityMetrics Podcast Ep 101 14.08.2024

Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud environments. This episode dives deep into D...

Getting more from Your Penetration Test: Stop Checking Boxes | SecurityMetrics Podcast Ep 99 03.07.2024

Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments. Join Jen Stone and James Farnsworth as they discuss: The critical role of scoping: Learn how to align business needs with technical assessments for a truly impactful pen test. The difference be...

Level Up Your Healthcare Services: HIPAA Compliance for MSPs | SecurityMetrics Podcast 98 19.06.2024

This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Providers (MSPs) can empower healthcare organizations to achieve HIPAA compliance. Learn about: The challenges of data discovery and data sprawl in healthcare...

The Future of Security: Leveraging Automation & AI | SecurityMetrics Podcast 97 05.06.2024

Struggling to automate security tasks? Feeling overwhelmed by the process? This episode of the SecurityMetrics podcast dives deep into the world of automation with guest Mollie Breen, founder and CEO of Perygee. Mollie, a recognized cybersecurity and innovation expert, dismantles the myth of automation being a complex "one size fits all" solution. In this episode, you'll learn: - Ho...

Data Risk Management: Building a Safer Data-Driven World | SecurityMetrics Podcast 96 21.05.2024

There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chaudhuri, to discuss data security and data risk management. Listen to learn: Why automation is essential for effective data security. The importance of a &quo...

Hacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95 07.05.2024

Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester. Listen to learn: The best tools to learn penetration testing skills. The nume...

Bridging the Cybersecurity Skills Gap | SecurityMetrics Podcast 94 23.04.2024

Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it. Listen to learn: How to attain an entry-level cybersecurity position. Why companies should focus more on employee trainings. The benefits of allowing employees time to learn during the workday. Hosted b...

Escucha el podcast Practical Cybersecurity with Jen Stone en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos