Episode 33

full
Published on:

8th Nov 2023

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

Hello and welcome to Razorwire, the podcast where we delve into the world of cybersecurity with top experts and industry leaders. I'm your host, James Rees, and I can't wait to share this episode with you. As a PCI DSS QSA, I’m delighted to have PCI expert Jeff Hall as my guest today.

This episode will give you a unique perspective on how security has evolved from early mainframe days to today's interconnected, risk-focused practises. Jeff tells us about his hard-won lessons and wisdom gathered over decades steering information security programmes, including the need for compliance to work alongside overall security and not hinder it, and why auditors should be viewed as allies, not adversaries.

We give you some unique insights on the upcoming PCI DSS v4, the changes we can expect, and what we should be prepared for. We also talk about the issues that shortened CISO tenures create and how this can hinder long-term security progress. Learn why it’s important to focus on the big picture when it comes to security goals rather than getting distracted by minutiae.

We cover a wide range of subjects throughout this episode, with some really useful takeaways. One of the key points, and I really must agree, is the importance of matching security priorities to business risk, not compliance checklists. Jeff gives us his advice on focusing on the appropriate controls for what you aim to protect. 

For CISOs, security leaders, and practitioners at all levels, you’ll gain insight into building effective programmes that deliver real protection. Tune in to level up your approach with advice from this industry luminary and compliance guru.

So, if you're ready to up your cybersecurity game, join us on Razorwire. Stay informed, connected, and inspired. Together, we can build a safer digital world. Let's get started!

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we covered the following topics:


- The importance of cybersecurity in e-commerce

- Identifying the main problems of managing website vulnerabilities

- Discussing the need for implementing specific tools to comply with regulations

- Exploring concerns about customer data security, effectively monitoring alerts and meeting requirements

- How the increasing costs and complexity of audits could lead to organisations rejecting compliance requirements

- How to streamline security programmes and focus on essentials

- The challenges of security and deployment in cloud environments

- How to prioritise the overall security programme and how not to get lost in minor details or problems

- The lack of leadership in the information security industry and the short tenure of CISOs

- The shortage of qualified infosec professionals and why we should be supporting mentorship and apprenticeship



GUEST BIOS


Jeff Hall

Jeff Hall is a principal security consultant at Truvantis, Inc.  Jeff has over 30 years of technology and compliance project experience.  Jeff has done a significant amount of work in financial institutions, health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation.  Jeff is part of the PCI Dream Team, a co-author of ‘The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management’ and the writer of the PCI Guru blog (http://pciguru.blog).


Resources Mentioned


Razorthorn’s PCI DSS Consulting Service

The PCI DSS standard

PCI Guru Blog

PCI DSS Dream Team

trustedsec.com

GDPR

Armor cards

Novell Directory

Sarbanes Oxley

CICD

Ansible

Jenkins

Jira


Other episodes you'll enjoy


Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/


Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst?

https://www.razorthorn.com/critical-infrastructure/


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.


Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
🔒 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cyber risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.