Show Notes
Is compliance just a checkbox, or the backbone of real security?
Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.
Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.
Impactful Moments:
00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”
Links:
Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Recent Episodes
How AI Elevates Cyber Hygiene with Jason Rebholz
What if protecting your digital twin becomes the new cyber hygiene? In this week's episode, Ron welcomes back cybersecurity leader Jason Rebholz, CEO of Evoke, to discuss how AI is reshaping the ...
Securing Software at AI Speed with Varun Badhwar
The biggest security threat isn’t in the cloud, it’s hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why ...
The End of Search and the Rise of AI Browsers and Voices with Ron ...
Search engines aren’t dying quietly, they’re being replaced in real time by AI browsers and voice agents. AI isn’t just answering questions anymore; it’s acting for us. In this episode, Ron ...
Where Automation Ends, Cyber Ingenuity Begins with Phillip Wylie
Some tools replace tasks. Others reshape the way we think about security. In this episode, Ron welcomes back Phillip Wylie, one of the most respected voices in offensive security, author, ...
The Power of Showing Up: Daily Streams, Big Impact with Gerald ...
What if showing up with consistency could spark opportunities, create careers, and build a global movement? In this episode, Ron sits down with Gerald Auger, Ph.D., cybersecurity educator, ...
The Rise of the Autonomous Blue Team with Vineet Edupuganti
What if defenders had their own AI-powered task force, always on, always adapting, and finally one step ahead of attackers? In this episode, Ron welcomes Vineet Edupuganti, Founder and CEO of ...
Turning AI Into Your Super Tool with Ron Eddings
AI is neither friend nor foe, it’s both. The way we choose to use it determines whether it helps or harms. In this solo episode, Ron Eddings shares lessons from his first job at a grocery store, ...
Mentorship to Mastery: AI and Community Lessons with Ron Eddings
AI might analyze your logs in seconds, but only the community can put you in the room that changes your career. In this solo episode, Ron Eddings discusses the powerful balance between human ...
From MCP Risks to AI Jailbreaks with Marco Figueroa
When AI agents move faster than security teams, the game changes, and the risks multiply. Ron welcomes back Marco “Mystic Marc” Figueroa, Program Manager at Mozilla’s 0DIN Program, to continue ...
Debt vs. Risk: What the SharePoint Breach Taught Us with Ron ...
The riskiest move in cybersecurity? Playing it too safe. In this solo episode, Ron Eddings redefines the way we think about technical debt, risk, and missed opportunities, in security and in ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at