Season 6 Episode 385
Is compliance just a checkbox, or the backbone of real security?
Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.
Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.
Impactful Moments:
00:00 – Introduction
01:00 – Does compliance equal security?
02:09 – Jeff returns with PCI firepower
03:15 – Defining security vs. compliance
05:33 – “Show me what you’re doing”
06:45 – Six goals at PCI’s core
10:45 – Security is watching, not reacting
13:30 – Companies secure because they have to
15:00 – PCI gave red teams their jobs
16:30 – Stripe and Square absorb PCI burden
19:30 – PCI 4.0 causes confusion
21:00 – Vendors aren’t your trusted advisors
22:30 – “Hate me, but I’ll help”
Links:
Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Published on 2 months ago
If you like Podbriefly.com, please consider donating to support the ongoing development.
Donate