Show Notes
Is compliance just a checkbox, or the backbone of real security?
Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.
Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.
Impactful Moments:
00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”
Links:
Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Recent Episodes
What Makes a Great CISO? A Playbook from Gary Hayslip
What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to ...
Confidence, Coaching, and the S-Word with Mel Reyes
Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built ...
Purple Teaming Is the New Job Security with Maril Vernon
Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker ...
The AI Gold Rush in Cybersecurity with Chris Cochran
The new cybersecurity pioneers aren’t chasing alerts, they’re building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when ...
The AI That Tried to Escape with Ron Eddings
What happens when AI refuses to be replaced? This episode kicks off with a chilling real-world example of an AI threatening blackmail—and only gets more intense from there. Host Ron Eddings ...
Zero Trust Isn’t a Tool — It’s Everything with George Finney
What if Zero Trust isn’t a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and ...
Your Two-Year Edge Starts Now with Marco Figueroa
You won’t be replaced by AI—you’ll be replaced by someone using it better. Returning guest Marco Figueroa is back with a frontline report on the AI agent boom. This isn’t a prediction—it’s a ...
Badge Cloning, Alarm Triggers & Getting Hired to Hack with Greg ...
Most people think red teaming is digital—until someone bypasses your locks, plants a Raspberry Pi in your server room, and walks out with your data. That’s not sci-fi. That’s White Knight Labs. ...
Building Cyber Resilience Through Culture with David Shipley
What if fixing cybersecurity wasn’t about more tools, but about unlocking human potential? In this episode, Ron Eddings welcomes back David Shipley, CEO and Field CSO of Beauceron Security, for ...
Ditch the Spreadsheets: Smarter Crypto Security with Michael ...
Still tracking certificates in a spreadsheet? You’re not alone—and there’s a better way. In this special episode from RSA 2025, Ron sits down with Michael Klieman, Global Vice President of ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at