OK, if you are reading this, you’ve managed to find one of the most ‘remote’ security blogs out there - written by someone (me) that is not a security pro or an auditor.  I’m just a guy with a couple of decades of experience with retail, hospitality, and the relevant technologies that is now working for a very focused, very accomplished security consulting firm.  It’s been a good fit as my experiences working with retailers (from the very large to the very small) and their vendors marries up quite well with my firm’s expertise and experience with deep-dive security consulting and compliance (including a great deal of retail/hospitality experience)…

I post far too infrequently (although some may argue that my posting at all is a grave mistake) but my goal is to help illuminate security and compliance issues and to frame those concerns in the proper context.  In other words - what are we seeing in our daily business engagements and what does it mean for merchants and retail technology?  Hopefully some things that I post (or have posted) will prove useful to you and your business.  Since my posting seems to be sporadic, if you are interested in following my blog, I’d suggest using the RSS feed (top right) or following me on twitter.

Wow - the purpose for this post was to share people that I follow (either via Twitter or on their blog) and instead, I’ve spent 2 paragraphs talking about myself…   That’s probably a very telling psychological insight…  Anyway, here are some people/feeds/blogs that I would recommend for those that are interested in keeping up-to-speed with security issues and their impact on the retail/hospitality world:

Twitter people you should be following:
SecurityNinja
Jeff Wakefield @ VeriFone
ITCompliance
Scott Loftesness
Payments News
PCI Council
Dave Navetta
RIS News Insights
StoreFrontBackTalk
Nikki Baird
Joe Skorupa
PCI Knowledgebase
Society for Payment Security Professionals
NetSPI’s PCI Twitter Info Feed

Blogs You Might Want to Add to Your Reader:
StoreFrontBackTalk - great blog in general when it comes to retail
Dark Reading - security in general, but often with relevant posts
Aegenis Group
CSO Blog
Hackers.org - technical
Ed Bellis
InfoSecCompliance - lawyer posting on PCI, etc. (Dave Navetta above)
Marcus Ranum
Office Of Inadequate Security - data breaches and commentary
Payment Systems Blog - David Bergert’s insights and commentary
Payments News - Glenbrook Partners - very good and constantly updated
Guerilla CISO - general, but often with retail-relevant commentary

(I forgot to add Mike Dahn’s - sorry Mike!) - Mike Dahn

Honestly, there are a LOT more that I pay attention to and I’ll probably post-up another list shortly, but these are all really good and, even if they aren’t directed towards retail specifically, often delve into topics that are specifically related to the retail / hospitality community.

Enjoy.