Cybersecurity Sense

What’s everyone still talking about from the 2025 PCI Community Meeting? In this episode of Cybersecurity Sense, LBMC’s PCI QSA team take you behind the scenes of one of the industry's most talked-about events sharing expert insights on vendor risk, AI’s role in compliance, and what your org should be thinking about now. Don’t miss practical tips, key takeaways, and what’s coming in 2026. 📌 Download our PCI 4.0 Maintenance Checklist: https://www.lbmc.com/wp-content/uploads/2025/10/PCI-4-0-Recurring-Task-Checklist.pdf 📌 Download our Six Questions to Take Charge of Your TPSPs...

Cybersecurity Sense

LBMC’s Mark Burnette and Bill Dean talk about some of the most common technical security issues that are discovered in penetration testing, as well as some tactics for improving cyber defenses.

Cybersecurity Sense

In this episode of Cybersecurity Sense, host Mark Burnette sits down with Andy Kerr and Kyle Hinterberg for a sharp, insightful look at the real-world impacts of artificial intelligence on cybersecurity. From the alarming rise in deepfake attacks to the evolving landscape of PCI compliance, the trio dives into the current hot topics keeping cybersecurity leaders up at night. Highlights include: How deepfakes are undermining identity verification and fueling advanced phishing schemes The growing compliance demands of PCI 4.0, especially around payment page scripts The rise of self-healing...

Cybersecurity Sense

Cybersecurity is evolving, and so is our podcast! 🎙️ New hosts Andy Kerr and Kyle Hinterberg discuss their backgrounds and the a new, broader focus for the podcast—expanding beyond PCI compliance to cover real-world cybersecurity trends. In this episode, you'll learn about the evolution of security challenges and the growing impact of AI in cybersecurity. Key topics include: DeepSeek vs. OpenAI – A new AI model shaking up the industry AI Risks & Compliance – Guardrails, security gaps, and legal concerns Practical Business Impact – How organizations should approach AI securely...

Cybersecurity Sense

Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment covering the impact of PCI v4.0 and how organizations are adjusting. In case you missed it - Andy Kerr joined PCI Practice Partner Stewart Fey for an interactive Q&A session on PCI 4.0. If you're interested in watching this session, to our team for a link. Next up, we'll cover the last requirement - Requirement 12 - the "Information Security Catch-All Requirement." This requirement covers all security...

Cybersecurity Sense

Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment covering the launch of PCI v4.0 and the ins and outs of the new INFI (Items Noted For Improvement) Worksheet. Next up, we'll cover Requirement 11 - Test security of systems and networks regularly. This requirement can either be the easiest or hardest for organizations depending on their setup. Our QSA experts provide their insights on best practices and what has changed in v4.0. This episode is a must-listen for...

Cybersecurity Sense

In this edition of the PCI Monthly Update, we’re counting down to the launch of PCI 4.0! We start this month's podcast with a reminder that v4.0 goes into full effect on March 31. Our focus then shifts to Requirement 10 covering logging and monitoring all access to system components and card holder data and what is changing with v4.0. This podcast is your monthly briefing on PCI standards - an indispensable listen for anyone tasked with safeguarding payment card data.

Cybersecurity Sense

In this January edition of the PCI Monthly Update, we’re on the brink of exciting changes with version 4.0 just around the corner! We start with a spotlight on the ongoing Request for Comments (RFC) period for PCI DSS v4.0, inviting insights from industry experts. Plus, we discuss the Global Content Library, showcasing insights from the 2023 Community Meetings. Our focus then shifts to Requirement 9, where we break down the critical protocols for restricting physical access to cardholder data. We'll cover everything from documenting security policies to managing visitor access, ensuring...

Cybersecurity Sense

Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for user identification, strict management of user and administrator accounts, strong authentication methods,...

Cybersecurity Sense

Dive into the latest in the PCI landscape with our October update. We kick off with a news segment spotlighting the new SAQ SPOC (Software PIN Entry on COTS) which includes portions of PCI DSS Requirements 3, 8, 9, and 12. Transitioning to Requirement 7, we discuss restricting access to system components and cardholder data based on business necessity, delving into sub-requirements 7.1 to 7.3, and discussing the principles of 'need to know' and 'least privileges.' Our QSA Q&A segment addresses the applicability of Requirement 7 to customer/cardholder accounts, clarifying the scope and...