CISO of Netsurion and EventTracker Named to PCI SSC Small Merchant Task Force

IT security veteran John Christly to serve as voice for SMB market and customers

FT. LAUDERDALE, FLNetsurion and EventTracker CISO John Christly has been named to the Payment Card Industry Security Standards Council (PCI SSC) Small Merchant Task Force. As a seasoned IT security professional, Christly will serve as a voice for SMBs and multi-location merchants to help make PCI compliance even more achievable and payment data even more secure. Netsurion is a leading provider of managed data and network security services for multi-location businesses, and its subsidiary EventTracker is an innovator in security information and event management (SIEM) technology.

SMB retailers vary from small operations with one or a few locations, to larger entities with many edge locations, such as franchises or branch offices. The dispersed nature of their businesses can create security gaps and challenges, leaving them vulnerable to data breaches. Operating remotely with minimal IT budgets and internal resources, they often cannot fortify their payment systems on their own”let alone efficiently gain and maintain their PCI compliance.

These types of small, remote franchise locations present a huge risk to leading brands across the retail, restaurant, and hotel sectors. Reputational damage and revenue loss from breach news going public impact the individual edge locations, as well as the corporate brand on a national or global scale. Clearly, more needs to be done to improve security at each and every location under the brand umbrella.

According to the 2016 Verizon Data Breach Investigations Report, “remote attacks against the environments where card-present retail transactions are conducted resulted in 534 total incidents, of which 525 had confirmed data disclosure.

The Small Merchant Task Force is a dedicated global effort to help improve payment data security for small businesses. Co-chaired by Barclaycard and the National Restaurant Association (NRA), the task force collaborates on guidance and resources that simplify data security and PCI Data Security Standard (PCI DSS) compliance for some of the most vulnerable businesses preyed upon by cybercriminals.

The task force relies on cross-industry expertise to develop resources that help small merchants understand why and how to protect payment card data and resolve risks to their businesses. Specifically, the group provides:

  • Best Practices: Recommendations on what is needed to protect the payment environment, including working with security assessors, vendors, and service providers
  • Simplified Guidance: Easy-to-understand content and resources unique to small business needs that will help them take advantage of PCI best practices, standards, training programs, and solutions
  • Market Insight: Ongoing input to PCI Council on current trends, issues, and concerns for small merchants

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as industry regulations including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida and was the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm.

According to Christly, “All businesses, even small merchants, need to be able to quickly detect and prevent threats from causing massive damage to their networks and systems, by monitoring and protecting all of their endpoints. A managed firewall is essential but no longer a significant enough barrier on its own. Risk mitigation has become crucial, including monitoring outbound traffic for exfiltrating data.

He currently leads cybersecurity and compliance efforts for Netsurion and EventTracker, providing support to in-house corporate teams, customers, and partners. This post enables him to consistently gain insights into small merchant compliance pains and needs, making him a valuable addition to the task force.

“Both Netsurion and EventTracker have fingers on the pulse of many SMB operations and their compliance needs, so we understand the struggles that they go through, said Kevin Watson, CEO of Netsurion. “We are honored that John is representing our companies within the group and helping to shape the PCI standard to better meet the needs of our customers and small merchants everywhere.

“On every device, computer and network there are new methods thieves are creating to steal data from companies around the world, and smaller businesses are particularly at risk, said PCI SSC International Director Jeremy King. “Having a group that is focused on this specific challenge is a critical part of our work to increase security awareness and defend against breaches globally. It’s great to have Netsurion and EventTracker, and a wide variety of industries and geographies on board, and we look forward to working together to better protect small businesses.

For more information on the PCI SSC Small Merchant Task Force, please visit

About EventTracker
EventTracker’s advanced security solutions protect enterprises and small businesses from data breaches and insider fraud, and streamline regulatory compliance. EventTracker’s platform comprises SIEM, vulnerability scanning, intrusion detection, behavior analytics, a HoneyNet deception network and other defense-in-depth capabilities within a single management platform. The company complements its state-of-the-art technology with 24/7 managed services from its global security operations center (SOC) to ensure its customers achieve desired outcomes”safer networks, better endpoint security, earlier detection of intrusion, and relevant and specific threat intelligence. The company serves the retail, hospitality, healthcare, legal, banking and financial services, utilities, and government sectors.

EventTracker is a division of Netsurion, a leader in remotely-managed IT security services that protect multi-location businesses’ information, payment systems, and on-premise public and private Wi-Fi networks. Twitter: @logtalk.

About Netsurion
Netsurion is a leading provider of remotely-managed IT security services that protects multi-location businesses’ information, payment systems, and on-premise public and private Wi-Fi networks from data breaches and other risks posed by hackers. Its new service offering “ SIEM-at-the-Edge “ is powered by its subsidiary, EventTracker, which helps deliver comprehensive security benefits to “edge locations that normally would not have the means to leverage such a solution. Netsurion’s award-winning remote network security services and PCI compliance solutions help keep businesses of any size secure. Any sized branch or remote office, franchise, or sole proprietor operation can use Netsurion without the costs of onsite support. The company serves the retail, hospitality, healthcare, legal, and insurance sectors.