April 26, 2017

Netsurion and EventTracker today announced that John Christly, Global CISO and an information security industry veteran, has been named to the PCI Security Standards Council (SSC) Cloud Special Interest Group (SIG). Christly is already heavily involved in the PCI SSC as a member of its small business task force while seeking a seat on its board of advisors, to be announced in May.

The goal of this new group for 2017 is to discuss and update the PCI SSC Cloud Computing Guidelines, first released in 2013, to reflect modern advancements in the technology and new security risks. The group began this month and is expected to publish deliverables by the end of this year.

The paper is intended to provide guidance on using cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing or assessing cloud technologies as part of a cardholder data environment (CDE).

According to the Council, considerations may include:

  • Exploring new cloud architectures and service models and changes in previously documented cloud service models
  • Identifying opportunities to enhance security when migrating to cloud technologies
  • Updating risks and security challenges to be considered when cardholder data environments utilize different cloud technologies
  • Clarifying how PCI DSS requirements can be applied to cloud technologies to address the identified risks and challenges
  • Updating guidance for cloud customers and cloud providers on their respective security and PCI DSS responsibilities
  • Expanding guidance on how to achieve isolation between in-scope and out-of-scope virtual component
Christly is well-qualified as a Cloud SIG representative, currently leading cybersecurity and compliance efforts for Netsurion and EventTracker, managed security services providers focusing on firewall and SIEM services for multi-location businesses. In this role, he provides information security support to in-house corporate teams, customers, and partners.

In addition, he already serves as a voice for SMBs and multi-location merchants with the PCI SSC Small Merchant Task Force. Deeply involved with small merchants in day-to-day security operations, Christly has his fingers on the pulse of the SMB operations world. He draws on this experience to provide insights and leadership to help merchants become safer from the threats of data breaches and hackers.

“The work the Cloud SIG is doing is essential as more and more merchants, service providers, assessors, and other entities move sensitive information to the cloud. With new threats to this environment emerging every day, the guidelines will be updated to keep up with the evolving landscape and help these organizations secure their cardholder data according to applicable PCI DSS requirements,” he said. “I am extremely honored to be accepted to this group and look forward to making a very valuable contribution to this important initiative.”

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as vast knowledge of industry regulations, including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida. He was also the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm. In addition, he served as the HIPAA security officer for Memorial Healthcare System, a multi-hospital public healthcare system.

For more information on the PCI SSC Cloud SIG, please visit https://www.pcisecuritystandards.org/get_involved/special_interest_groups.

Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@LogTalk) appointed to @PCISSC #CloudSIG #cloudcomputing

About Netsurion
Netsurion® delivers an adaptive managed security solution that integrates our XDR platform with your existing security investments and technology stack, easily scaling to fit your business needs. Netsurion's managed offering includes our 24x7 SOC that operates as your trusted cybersecurity partner, working closely with your IT team to strengthen your cybersecurity posture. Our solution delivers Managed Threat Protection so you can confidently focus on your core business.

Headquartered in Ft. Lauderdale, FL with a global team of security analysts and engineers, Netsurion is a leader in Managed Extended Detection & Response (MXDR). Learn more at netsurion.com.

Media Contact
Sherlyn Rijos, Montner Tech PR
srijos@montner.com