Practical Cybersecurity with Jen Stone

SecurityMetrics
  • 5.0 (8)
  • EDUCATION

Practical Cybersecurity, hosted by Jen Stone (MCIS, CISSP, CISA, QSA), is the bridge between complex security frameworks and real-world business implementation. Whether you are a "Jack of all trades" IT manager or a business leader with limited resources, this show provides the roadmap to a defensible security posture. 

  1. Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In

    2D AGO

    Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In

    "I can’t think about cybersecurity this week; I’m thinking about 1099s." You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.  Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.  In this episode: Why having "everyone" responsible means "nobody" is.How to build a "reasonable" security program while managing payroll and daily operations.Why taking security seriously helps you win bigger contracts and scale safely.The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.NIST Resources NIST (National Institute of Standards and Technology): https://www.nist.gov/Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyberNIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframeworkSmall Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guideContact Daniel and his team: smallbizsecurity@nist.govKey Term Definitions The 6 Functions: Govern, Identify, Protect, Detect, Respond, and RecoverMFA: Multi-Factor Authentication—essential for account access. Patching: Updating software to fix security "holes." MSP/MSSP: Local experts you can hire to manage IT security. Timestamps 00:00 – Many hats of small business owners00:26 – Daniel Eliot and NIST’s Mission02:25 – Exploring the Small Business Cybersecurity Corner03:20 – What is the NIST CSF?04:26 – The Small Business Quick Start Guide for CSF 2.006:52 – How to Identify Your Most Critical Assets09:56 – When to Seek Help: Engaging MSPs and Local Resources10:52 – Defining a "Successful" Cybersecurity Program13:21 – Essential Fundamentals: MFA, Patching, and Backups15:35 – How to Engage Directly with NIST Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider.  Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    17 min
  2. "Good Enough" Security for Small Business Budgets

    FEB 17

    "Good Enough" Security for Small Business Budgets

    In this episode of Practical Cybersecurity, host Jen Stone talks with Curt Dukes, EVP and GM of Security Best Practices at the Center for Internet Security (CIS). Drawing on his 30-year career at the NSA, Dukes breaks down how small and medium businesses (SMBs) can implement "good enough" security without unlimited resources. The conversation focuses on Implementation Group 1 (IG1)—a prioritized set of safeguards that provide essential "cyber hygiene". Dukes introduces free resources like the CSAT (Controls Self-Assessment Tool) and CIS Workbench to help leaders move past the intimidation of technical jargon and establish a "standard of reasonableness" for their organization's defense. CIS Resources CIS (Center for Internet Security): The nonprofit organization that creates the global standards discussed in this episode.NSA (National Security Agency): The U.S. intelligence agency where Curt Dukes led defensive security efforts for 30+ years.IG1 (Implementation Group 1): The essential "Cyber Hygiene" tier of the CIS Controls designed for small businesses.CSAT (Controls Self-Assessment Tool): A free web-based application to track and measure your security progress.CIS Workbench: A collaborative platform to ask technical questions and get help from the security community.CIS RAM (Risk Assessment Method): A free methodology to identify security gaps and prioritize investments based on risk.CIS Benchmarks: Free, consensus-based configuration recommendations for OS and network devices.MS-ISAC (Multi-State Information Sharing and Analysis Center): The division of CIS providing threat intelligence for state and local governments.EI-ISAC (Elections Infrastructure ISAC): A dedicated team at CIS focused on securing election-related systems.The Community Defense Model (CDM): A data-driven report proving the effectiveness of the Controls against top cyber attacks.The Cost of Cyber Defense: A breakdown of the financial investment needed for various security models.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    16 min

  3. 04/17/2025 · BONUS

    [Webinar] What You Can Expect from a HITRUST Assessment

    In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss: How to determine which HITRUST Assessment type to chooseHow to prepare for a HITRUST Validation AssessmentWhat to expect from a SecurityMetrics HITRUST AssessmentReady to discuss your HITRUST needs? Request a quote here. Read our new HITRUST 101 White Paper here. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    40 min

  4. 12/02/2024

    New to PCI Compliance? Get the Support You Need | SecurityMetrics Podcast 106

    Learn more about cyber risks for small businesses:  Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you. Learn how SecurityMetrics can help you navigate this regulatory landscape. We'll discuss: Why your processor is making you do PCI compliance: Did you know that nearly half of all cyberattacks target small businesses?What calling into SecurityMetrics looks like. Learn what information you need handy so you can get your compliance done as quickly as possible, and the questions you should ask to get the best service.Support Stories: Discover how other small businesses have successfully leveraged SecurityMetrics to achieve compliance.Tips and Tricks: Get practical advice on how to optimize your PCI compliance efforts and minimize risks, keeping your business and your customers more secure. Whether you're just starting your PCI compliance journey or looking to improve your existing processes, this video will provide valuable insights and actionable advice. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    44 min

  5. 10/23/2024

    Are you ready for the ecommerce security storm? A buyer’s guide to PCI DSS 11.6.1 and 6.4.3

    Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial. In this episode, our panelists discuss: Understanding PCI 4.0 for e-commerce: Learn about the key changes and their implications for your business, especially if you're a small or medium-sized enterprise.Combatting e-commerce skimmers: Discover how attackers target online transactions and the measures you can take to protect your customers' data.The power of script analysis: Understand how script scanning can help identify and mitigate vulnerabilities on your e-commerce website.Securing dynamic content: Explore the challenges of protecting websites with constantly changing content.Choosing the right security solution: Weigh the pros and cons of agent-based and agentless solutions, considering the specific needs of your business.Whether you're a seasoned PCI professional or just starting your compliance journey, learn this episode provides valuable insights to help you safeguard your e-commerce business and protect your customers' sensitive information. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    1h 25m

  6. 09/25/2024

    Cybersecurity for Families: A Parent-Child Guide to Online Safety | SecurityMetrics Podcast 104

    Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activity Are you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss their journey of creating a guide designed to help families have conversations about online safety. In this episode, you'll learn: Why open communication is key: Discover how Sean and Emma fostered an environment of trust and understanding about online safety.Common online dangers: Understand the risks your child may face, such as sharing personal information, cyberbullying, and meeting strangers online.Practical tips for parents: Get actionable advice on how to set boundaries, have difficult conversations, and create a safe online space for your child.Whether you're a new parent or a seasoned digital native, this podcast will help you start conversations and find resources to help you protect your child in the ever-evolving online world. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    27 min

  7. 09/12/2024

    Building a Resilient Healthcare System: A Cybersecurity Blueprint | SecurityMetrics Podcast Ep 103

    Links from the episode: https://405d.hhs.gov/ Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    38 min

  8. 08/29/2024

    Which SAQ type is right for my business? | SecurityMetrics Podcast Ep 102

    Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0. Learn which one is right for your business based on your payment processing environment. Learn about: Different SAQ types for merchantsEligibility criteria for each SAQ typeFactors to consider when choosing a SAQ typeSimplifying your PCI complianceListen now to learn what your business can do to protect itself from data breaches and be compliant. #PCIcompliance #paymentsecurity #merchant #smallbusiness #cybersecurity https://www.youtube.com/watch?v=XoR0Tt8uHl4  Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

    32 min
See All (108)

5
out of 5
8 Ratings

About

Practical Cybersecurity, hosted by Jen Stone (MCIS, CISSP, CISA, QSA), is the bridge between complex security frameworks and real-world business implementation. Whether you are a "Jack of all trades" IT manager or a business leader with limited resources, this show provides the roadmap to a defensible security posture. 

Information

You Might Also Like