In this episode of Security Nation, we are joined by Jeff Man, who discusses his work mapping the MITRE ATT&CK Framework against PCI.
Stick around for our Rapid Rundown, where Tod and Jen discuss the finalizing of GitHub's new acceptable use policy — and yes, Metasploit is still okay to host on GitHub — as well as the Department of Justice's successful seizure of about $2,000,000 in ransomware payments.
Jeff Man is a respected Information Security advocate, advisor, evangelist, international speaker, keynoter, host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers, TOH Red Team, TOH Security Leaders, and TOH Blue Team. He currently serves in a consulting/advisory role for Online Business Systems. Jeff has nearly 40 years of experience working in all aspects of computer, network, and information security. This includes cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing.
He is a certified NSA Cryptanalyst, and previously held security research, management, and product-development roles with the National Security Agency, the DoD, and private-sector enterprises. Additionally, Jeff was part of the first penetration testing "red team" at the NSA. For the past 25 years he has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best-known companies.