Practical Cybersecurity with Jen Stone
Practical Cybersecurity, hosted by Jen Stone (MCIS, CISSP, CISA, QSA), is the bridge between complex security frameworks and real-world business implementation. Whether you are a "Jack of all trades" IT manager or a business leader with limited resources, this show provides the roadmap to a defensible security posture.
Episodes
114 episodes
Cybersecurity Priorities for 2026: The Two Vulnerabilities to Focus on in the AI Era (ep.7)
Is your organization prepared for an autonomous AI bot? Roger Grimes joins Jen Stone to discuss the shifting landscape of cybersecurity. This episode moves past the hype to look at the hard data: AI scams are yielding 4.5x more value for attack...
The SAQ A Deep Dive: Two QSAs Set the Record Straight (ep. 6)
This episode of Practical Cybersecurity moves past the standard PCI checklist to focus on the operational realities, common misconceptions, and "stealth" requirements that define SAQ A in the PCI DSS v4.0.1 era.
Protecting the House: Why Asset Management and "Storytelling" are Keys to HITRUST (ep.5)
Episode Summary In this episode of Practical Cybersecurity, we dive into the complex world of HITRUST certification. Often called the "gold standard" for healthcare security, HITRUST can be a daunting mountain to climb for small...
4 Critical Tasks for Small IT Teams (ep.4)
A single data breach now costs a business an average of $1.4 million, according to the annual IBM report. For a small or medium-sized business (SMB), this hit is often terminal—most companies that suffer a major breach struggle to stay in busin...
Pressure Testing Your IRP: Why "Calling IT" Isn't a Plan (ep. 3 Part 2)
What happens when the news cameras show up and your business grinds to a halt? Donna Grindle, CEO of Kardon, returns to discuss the "hair on fire" reality of a data breach. We move past the paperwork to explore why "calling IT" isn't a plan, th...
Why Your Security Risk Analysis is Probably Wrong (ep. 3 Part 1)
Are your IT or cloud providers handling your security? Does your site claim you're "HIPAA Compliant"? Donna Grindle, CEO of Kardon and co-host of Help Me With HIPAA, delivers a massive reality check for small business owners. We break ...
Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In (ep. 2)
"I can’t think about cybersecurity this week; I’m thinking about 1099s."You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.
"Good Enough" Security for Small Business Budgets (ep. 1)
In this episode of Practical Cybersecurity, host Jen Stone talks with Curt Dukes, EVP and GM of Security Best Practices at the Center for Internet Security (CIS). Drawing on his 30-year career at the NSA, Dukes breaks down how s...
[Webinar] What You Can Expect from a HITRUST Assessment
In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss:How to determine which HITRUST Assessment type to chooseHow to prepare for a HITRUST Validation Assessment
New to PCI Compliance? Get the Support You Need | SecurityMetrics Podcast 106
Learn more about cyber risks for small businesses: Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know wha...
Are you ready for the ecommerce security storm? A buyer’s guide to PCI DSS 11.6.1 and 6.4.3
Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approach...
Cybersecurity for Families: A Parent-Child Guide to Online Safety | SecurityMetrics Podcast 104
Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-t...
Building a Resilient Healthcare System: A Cybersecurity Blueprint | SecurityMetrics Podcast Ep 103
Links from the episode:https://405d.hhs.gov/Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and...
Which SAQ type is right for my business? | SecurityMetrics Podcast Ep 102
Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0.Learn which one is right for your ...
Farm to… DevOps?: How anyone can grow into a tech career | SecurityMetrics Podcast Ep 101
Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in ...
Getting more from Your Penetration Test: Stop Checking Boxes | SecurityMetrics Podcast Ep 99
Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments.Join Jen Stone and James Farnsw...
Level Up Your Healthcare Services: HIPAA Compliance for MSPs | SecurityMetrics Podcast 98
This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Pr...
The Future of Security: Leveraging Automation & AI | SecurityMetrics Podcast 97
Struggling to automate security tasks? Feeling overwhelmed by the process?This episode of the SecurityMetrics podcast dives deep into the world of automation with guest Mollie Breen, founder and CEO of Perygee. Mollie, a recognized cybersec...
Data Risk Management: Building a Safer Data-Driven World | SecurityMetrics Podcast 96
There are four key questions to ask about your data: Where is it? What data do you have? Who has access? What risks are associated with how the data is accessed? Tune in this week as Jen Stone sits down with award-winning entrepreneur, Ani Chau...
Hacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95
Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMet...
Bridging the Cybersecurity Skills Gap | SecurityMetrics Podcast 94
Tune into the SecurityMetrics Podcast this week as host Jen Stone interviews Tillery, Director of Training and Education at Neuvik, to learn about the cybersecurity skills gap and how to bridge it.Listen to learn:H...
How to Communicate Cybersecurity Risk Effectively | SecurityMetrics Podcast 93
Tune in this week as Jen Stone sits down with Ryan Leirvik (founder and CEO of Neuvik) to discuss how to effectively communicate cybersecurity risk to a board of directors.Listen to learn:How to frame cybersecurity...
HHS 405(d) Fundamentals: A Guide for Healthcare Providers and MSPs | SecurityMetrics Podcast 92
Tune in this week as Jen Stone sits down with Donna Grindle (CEO of Kardon) to learn about the Health Industry Cybersecurity Practices (HICP) framework and how the 405(d) initiative and the Health Sector Coordinating Council (HSCC) are working ...
Demystifying the Acquirer's Role in PCI Compliance | SecurityMetrics Podcast 91
Tune in this week as Jen Stone sits down with Candice Pressinger, an award-winning payment security leader, discussing the critical role acquirers play in the PCI ecosystem. This episode is a valuable resource for merchants seeking to understan...
HITRUST Certification: Navigating Challenges & Solutions | SecurityMetrics Podcast 90
HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CI...