Show Notes
Is compliance just a checkbox, or the backbone of real security?
Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability.
Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.
Impactful Moments:
00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help”
Links:
Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Recent Episodes
When Cybercrime Learned How to Make Money and Never Looked Back ...
Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today. Ron sits down with ...
Defending Dignity in the Messiest Data on Earth with George ...
The most dangerous attack surface isn’t your infrastructure, it’s desire under pressure. When people are emotional, impulsive, and hoping for connection, security controls don’t fail… judgment ...
When Automation Outruns Control with Joshua Bregler
AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and ...
The Day AI Stopped Asking for Permission with Marcus J. Carey
AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and ...
When AI Ships the Code, Who Owns the Risk with Varun Badhwar and ...
AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t ...
Think Like a Hacker Before the Hack Happens with John Hammond
What if the most dangerous hackers are the ones who never touch a keyboard? The real threat isn't just about stolen credentials or ransomware; it's about understanding how attackers think before ...
Breaking Into Banks and Bypassing Modern Security with Greg ...
Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled ...
Defending Your Cyber Systems and Your Mental Attack Surface with ...
When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder ...
Thriving Beyond Human Labor with Context-Powered AI with Daniel ...
The real disruption isn’t AI replacing humans, it’s the shocking possibility that human labor was the economic bubble all along. In this episode, Ron Eddings sits down with Daniel Miessler, ...
Building EDR for AI: Controlling Autonomous Agents Before They Go ...
AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at