Compliance Isn’t the Enemy with Jeff Man
Hacker Valley Studio24 Jul 2025

Compliance Isn’t the Enemy with Jeff Man

Is compliance just a checkbox, or the backbone of real security?

Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.

Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.

Impactful Moments:

00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”

Links:

Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:

https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Episoder(410)

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this epi...

29 Jan 32min

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today. Ron sits down with Graham C...

25 Jan 37min

When Automation Outruns Control with Joshua Bregler

When Automation Outruns Control with Joshua Bregler

AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and catas...

18 Jan 37min

The Day AI Stopped Asking for Permission with Marcus J. Carey

The Day AI Stopped Asking for Permission with Marcus J. Carey

AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and consequen...

15 Jan 33min

When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t velocity, ...

8 Jan 35min

Think Like a Hacker Before the Hack Happens with John Hammond

Think Like a Hacker Before the Hack Happens with John Hammond

What if the most dangerous hackers are the ones who never touch a keyboard? The real threat isn't just about stolen credentials or ransomware; it's about understanding how attackers think before they ...

1 Jan 28min

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators wh...

18 Des 202533min

Defending Your Cyber Systems and Your Mental Attack Surface with Chris Hughes

Defending Your Cyber Systems and Your Mental Attack Surface with Chris Hughes

When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aqu...

11 Des 202534min

Populært innen Fakta

fastlegen
dine-penger-pengeradet
relasjonspodden-med-dora-thorhallsdottir-kjersti-idem
treningspodden
foreldreradet
merry-quizmas
dopet
sovnlos
jakt-og-fiskepodden
rss-strid-de-norske-borgerkrigene
sinnsyn
podme-bio-3
rss-kull
gravid-uke-for-uke
hverdagspsyken
rss-kunsten-a-leve
tomprat-med-gunnar-tjomlid
fryktlos
level-up-med-anniken-binz
rss-var-forste-kaffe