Jerry 🦙💝🦙Defensive Security Podcast Episode 240
https://defensivesecurity.org/defensive-security-podcast-episode-240/
piotr@jerry So glad to hear Mr Kalat back on favorite infosec podcast 
whonose123@jerry I finally got time to listen to this - great podcast! - We need to get @lerg onto Mastodon too!
Your discussion on the PCI compliance was really spot on. A point I would have raised there is that businesses that NEED to comply to strong regulation need to create a "culture of compliance". The idea is that the Compliance Officer should have direct access to the board/CEO etc. and then the concept of ensuring compliance should be incorporated into training - /2
Your discussion on the PCI compliance was really spot on. A point I would have raised there is that businesses that NEED to comply to strong regulation need to create a "culture of compliance". The idea is that the Compliance Officer should have direct access to the board/CEO etc. and then the concept of ensuring compliance should be incorporated into training - /2
@jerry That training need to include the "marketing team" and creatives in the business too! :) . It does take a loooong time (years) but it is possible, as long as the Regulator works *with* the business to ensure continued compliance, that way the business can ask stupid" questions of the Regulator without fear.
I have seen this work in giant public companies that span multiple Jurisdictions...
Just my 2cents work .
I have seen this work in giant public companies that span multiple Jurisdictions...
Just my 2cents work .
@jerry *worth