Netsurion and EventTracker’s John Christly Appointed to PCI SSC Cloud Special Interest Group

FT. LAUDERDALE, Fla. and COLUMBIA, Md.— April 26, 2017 –Netsurion and EventTracker today announced that John Christly, Global CISO and an information security industry veteran, has been named to the PCI Security Standards Council (SSC) Cloud Special Interest Group (SIG). Christly is already heavily involved in the PCI SSC as a member of its small business task force while seeking a seat on its board of advisors, to be announced in May.

The goal of this new group for 2017 is to discuss and update the PCI SSC Cloud Computing Guidelines, first released in 2013, to reflect modern advancements in the technology and new security risks. The group began this month and is expected to publish deliverables by the end of this year.

The paper is intended to provide guidance on using cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing or assessing cloud technologies as part of a cardholder data environment (CDE).

According to the Council, considerations may include:

  • Exploring new cloud architectures and service models and changes in previously documented cloud service models
  • Identifying opportunities to enhance security when migrating to cloud technologies
  • Updating risks and security challenges to be considered when cardholder data environments utilize different cloud technologies
  • Clarifying how PCI DSS requirements can be applied to cloud technologies to address the identified risks and challenges
  • Updating guidance for cloud customers and cloud providers on their respective security and PCI DSS responsibilities
  • Expanding guidance on how to achieve isolation between in-scope and out-of-scope virtual component

Christly is well-qualified as a Cloud SIG representative, currently leading cybersecurity and compliance efforts for Netsurion and EventTracker, managed security services providers focusing on firewall and SIEM services for multi-location businesses. In this role, he provides information security support to in-house corporate teams, customers, and partners.

In addition, he already serves as a voice for SMBs and multi-location merchants with the PCI SSC Small Merchant Task Force. Deeply involved with small merchants in day-to-day security operations, Christly has his fingers on the pulse of the SMB operations world. He draws on this experience to provide insights and leadership to help merchants become safer from the threats of data breaches and hackers.

“The work the Cloud SIG is doing is essential as more and more merchants, service providers, assessors, and other entities move sensitive information to the cloud. With new threats to this environment emerging every day, the guidelines will be updated to keep up with the evolving landscape and help these organizations secure their cardholder data according to applicable PCI DSS requirements,” he said. “I am extremely honored to be accepted to this group and look forward to making a very valuable contribution to this important initiative.”

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as vast knowledge of industry regulations, including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida. He was also the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm. In addition, he served as the HIPAA security officer for Memorial Healthcare System, a multi-hospital public healthcare system.

For more information on the PCI SSC Cloud SIG, please visit

Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@LogTalk) appointed to @PCISSC #CloudSIG #cloudcomputing


Netsurion Security Blog
Netsurion Success Stories
EventTracker YouTube
EventTracker Case Studies

About Netsurion

Netsurion is a managed security service provider specializing in the protection of multi-location businesses’ information, payment systems, and Wi-Fi networks from data breaches, network outages, and ever-evolving cyberthreats. Our new service offering – SIEM-at-the-Edge – is powered by our subsidiary, EventTracker, which helps deliver comprehensive security benefits to “edge” locations that normally would not have the means to leverage such a solution. Netsurion’s award-winning remote network security services and PCI compliance solutions help keep businesses of any size secure. Any sized branch or remote office, franchise, or sole proprietor operation can use Netsurion without the costs of onsite support. The company serves the retail, hospitality, healthcare, legal, and insurance sectors. Twitter: @Netsurion.

About EventTracker

EventTracker’s advanced security solutions protect enterprises and small businesses from data breaches and insider fraud, and streamline regulatory compliance. EventTracker’s platform comprises SIEM, vulnerability scanning, intrusion detection, behavior analytics, a HoneyNet deception network and other defense-in-depth capabilities within a single management platform. The company complements its state-of-the-art technology with 24/7 managed services from its global security operations center (SOC) to ensure its customers achieve desired outcomes—safer networks, better endpoint security, earlier detection of intrusion, and relevant and specific threat intelligence. The company serves the retail, hospitality, healthcare, legal, banking and financial services, utilities, and government sectors.

EventTracker is a division of Netsurion, a leader in remotely-managed IT security services that protect multi-location businesses’ information, payment systems, and on-premise public and private Wi-Fi networks. Twitter: @LogTalk.


Deb Montner, Montner Tech PR
(203) 226-9290