Compliance Isn’t the Enemy with Jeff Man
Hacker Valley Studio24 Jul 2025

Compliance Isn’t the Enemy with Jeff Man

Is compliance just a checkbox, or the backbone of real security?

Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.

Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.

Impactful Moments:

00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”

Links:

Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:

https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Episoder(416)

What’s Next After Building a $2.5B Cybersecurity Company with Dean Sysman

What’s Next After Building a $2.5B Cybersecurity Company with Dean Sysman

What does it look like when a cybersecurity founder who built a $2.5 billion company decides to level up, again? Dean Sysman, co-founder of Axonius, sits down with Ron Eddings to pull back the curtain...

16 Mar 37min

Can AI Do Your Cyber Job? Post Your Job Req and Find Out with Marcus J. Carey

Can AI Do Your Cyber Job? Post Your Job Req and Find Out with Marcus J. Carey

Last episode, Ron and Marcus made predictions. This episode, they brought the receipts. A journalist built an app with vibe coding and got hacked on live television.  A social network built entirely...

6 Mar 38min

Why 69% of CISOs Are Ready to Walk Away with Anthony Johnson

Why 69% of CISOs Are Ready to Walk Away with Anthony Johnson

The CISO role isn’t the finish line, it’s a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger. Anthony Johnson, former Gl...

6 Mar 40min

Securing the Workspace Attackers Already Live In with Rajan Kapoor

Securing the Workspace Attackers Already Live In with Rajan Kapoor

Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover.  In this episode, Ron sits down with Rajan Kapoor, VP...

19 Feb 38min

Beating “Checkbox Security” With Continuous Offense with Sonali Shah

Beating “Checkbox Security” With Continuous Offense with Sonali Shah

Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses...

12 Feb 41min

Turning Agent Chaos into a Command Center with Pedram Amini

Turning Agent Chaos into a Command Center with Pedram Amini

Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track. In this episode, Ron sits down with Pedram Amini, creator of Maestro,...

10 Feb 37min

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this epi...

29 Jan 32min

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today. Ron sits down with Graham C...

25 Jan 37min

Populært innen Fakta

fastlegen
dine-penger-pengeradet
relasjonspodden-med-dora-thorhallsdottir-kjersti-idem
treningspodden
rss-strid-de-norske-borgerkrigene
foreldreradet
rss-sunn-okonomi
jakt-og-fiskepodden
takk-og-lov-med-anine-kierulf
sinnsyn
merry-quizmas
rss-kunsten-a-leve
lederskap-nhhs-podkast-om-ledelse
smart-forklart
hverdagspsyken
gravid-uke-for-uke
level-up-med-anniken-binz
hagespiren-podcast
rss-kull
fryktlos