The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Coalfire Systems Assessment: Merchant Link’s TransactionShield and TransactionVault Reduce Merchant’s PCI Scope

    Kennet Westby, President and COO

    Merchants spend a lot of time and money developing IT controls programs to protect consumer credit card data. Through our work with thousands of retailers, we’ve learned that one of the best ways to contain costs and reduce risk is to keep cardholder data out of as many systems and business processes as possible. In our line of business, that’s called ‘reducing PCI scope’, since systems and processes that don’t store, process or transmit cardholder data are excluded from the controls required by the PCI DSS.

    Read more
  • This Week: Coalfire Systems in the News

    Rick Dakin, CEO, Co-founder and Chief Security Strategist

    It’s been quite a week in the world of IT security, and as experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we had to say recently:

    Read more
  • Coalfire Expands Dallas Office and Names Kurt Hagerman Managing Director

    Rick Dakin, CEO, Co-founder and Chief Security Strategist

    I am pleased to announce that our Dallas office is growing by leaps and bounds. Leading the charge is Kurt Hagerman, the newly appointed managing director. Kurt will serve more than 60 clients in the Southwest region and oversee Coalfire’s strategic vision while building new client relationships for the company. Also joining the Dallas office are Rick Link as an IT audit director, Adam Bush as a senior auditor and Justin Baker as a regional sales manager.

    Read more
  • HIPAA Compliance and Call Centers

    Rick Dakin, CEO, Co-founder and Chief Security Strategist

    In a previous post titled Is It Safe to Speak? Protection for Telephone-Based Payment Card Data, I commented on the PCI SSC new requirements for call center operations and recording systems.

    Call center security has been a hot topic for a long time. How safe is the information that is given over the phone?  Especially in the healthcare industry, patient privacy is paramount.

    Read more

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit Azure bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 CPRA credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS