Good morning (or whatever it is where you are)!
I’m putting up this post to let everyone know that the blog is going to be changing very shortly - I’m continuing to do a lot of work with leading retailers on information security initiatives and I’m still paying close attention to retail and payments security, but I’m discovering that some other areas of the business world are also starting to become a large part of my daily work life.
As I grow my involvement in these other areas of business (including the …

I started to write a detailed feedback post on the 2010 PCI Community Meeting in Orlando that I attended last week, but realized that there were far more intelligent people than myself already posting, so I’m going to keep my commentary to impressions and general feedback and provide some links to posts that should prove useful for those that are interested in some of the details that came out of the meeting (and what’s coming in PCI / PA 2.0).
To begin with, the entire attitude of the meeting this year …

OK - this has nothing to do with security, but I stumbled across this article this morning and had to share.
Having worked with large retail organizations for years implementing technology solutions (and now providing security services) it’s sometimes pretty easy to think of these giant companies as having always been massive, multi-national organizations.
In truth, they all began as a store-front or two, founded by individuals with a vision for their store and how they would succeed.  The culture and the value-proposition that these initial founders established are what have allowed …

OK - so I’m on a plane this afternoon (for the 4th week in a row - my wife loves me right now!) heading to Orlando - it’s time for the PCI Community Meeting!
Last year blogging was unofficially encouraged, but there really wasn’t all that much to blog about - this year should prove a bit different given the release of the updated standard.  I’ll try to put together a post or two on relevant and interesting information (that I’m allowed to share), but I’ll also be the moderator on …

I’ve been traveling a lot lately and, although I’ve read and had lots of commentary about a number of blog posts and news article recently relating to retail security, I haven’t had the time to write them down and post them…
So I’ve decided that I’m going to post a summary of the posts and articles that I’ve read over the last week or so that I’ve thought were interesting and relevant.  This isn’t what I’d really prefer to do - I’d much rather take the opportunity to rant about something …

Short post here, but things always seem to happen in groups, so I thought I’d make everyone aware of a couple of current and upcoming opportunities to dig into a very important topic (particularly during budget season) - Security Metrics.
NetSPI is putting on a webinar tomorrow (Thursday, Aug 26th) with Symantec - here’s the info/sign-up page on their website (full disclosure, if you don’t know by now I work for NetSPI):
Application Security - without metrics it doesn’t exist
And I got the August issue of The ISSA Journal yesterday and the …

I walked into the office this morning and got this in my RSS feed aggregator:
VISA Provides Guidance on Secure Implementation and Management of Payment Applications [link]
After taking a look at the press release and looking through the actual document that VISA (and SANS apparently) produced [link] I think it’s a pretty interesting move on the part of VISA.  If you haven’t yet taken a look and you work for a retailer or a software vendor that sells to the retail space, I’d advise downloading the …

This is a good, quick article from Wired in response to some recent news stories that the wireless carriers were trying to do an end-around on the credit card companies.  Some one finally got around to doing some actual investigation on what the carriers were doing and it’s not an end-around, Discover’s highly involved.
The article also talks about why the major card brands work and attempts at breaking the system and introducing a new model for credit cards (none of which have yet worked)…  Not really a security article, but …