Hacker Valley Studio24 Jul 2025

Compliance Isn’t the Enemy with Jeff Man

Is compliance just a checkbox, or the backbone of real security?

Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.

Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.

Impactful Moments:

00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”

Links:

Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:

https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(426)

Is Vibe Coding Breaking the Internet? with Tanya Janca

What happens when AI writes all the code and nobody reads it? What if the security prompt you trusted still produced software designed to leak your secrets? And who exactly is on the hook when an AI-g...

2 Jun 35min

Why Smart People Fall for Deepfakes with Perry Carpenter

What if the most sophisticated attack has nothing to do with your firewall? In a world where AI can clone voices, re-lip-sync politicians, and spread a fake newscast to 200,000 people in days, the rea...

26 Mai 35min

Who Owns Your AI Security Policy? with Chris Cochran

Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even hav...

18 Mai 35min

Turning 30,000 Findings Into 50 That Matter with Dan Pagel and Brad Hibbert

Mythos just found 30,000 new vulnerabilities, and now every security team is asking the same question: what actually matters? In this episode, Ron Eddings sits down with Dan Pagel, CEO at Brinqa, and ...

1 Mai 34min

Killing the Playbook with Agentic AI with Allan Alford and Tom Findling

SOAR promised to close the loop in the SOC and fell flat. Agentic AI is finally delivering what a decade of playbooks couldn’t. In this episode, Ron sits down with Allan Alford, SVP at NTT Global Dat...

24 Apr 39min

The Epidemic of Sameness Is Killing Your Brand with Don Jeter

In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth. In this episode, Ron...

17 Apr 34min

Minutes to Meltdown: Cyber Recovery When It Counts with Chris Bevil

Most organizations are prepping for disaster recovery when they should be building for cyber recovery, and those are not the same thing. Recorded live at RSAC Conference 2026, Ron sat down with Chris...

7 Apr 28min

Building AI Governance Before the Incidents Hit with Guru Sethupathy

AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, brea...

1 Apr 24min