The Council is hosting a couple of ‘open mic’ webinars for industry stakeholders on the 8th and 9th of December.  They are trying to update the industry following the Community Meeting and get some feedback or questions….
These are typically reserved for Participating Organizations, but for this round they are opening it up to the broader industry…  Here’s the link:
PCI Council Webinar Release

OK - this is the feedback on the Community Meeting that I had mentioned although it really turned into a philosophical post about what your PCI partners should really be doing for you (hint: being a partner).
This one’s over at the NetSPI blog as well (I swear that I’m still going to be posting over here on a more regular basis, but, since NetSPI’s doing a good job with the blog, I’m going to blend my posts between the two blogs…).  Any feedback is going to have to come here, …

If anyone is heading out to the PCI Community Meeting in Las Vegas next week and wants to connect, let me know (best way to connect is via email. Several of us from NetSPI are heading out to participate in the meeting and I’m looking forward to an informative meeting.
I’ll be at the meeting Tuesday through Thursday evening so let me know. I’ll also try post after getting back from the meeting with anything interesting or useful that I find out. One of the other …

This was actually the first time that I saw Bruce speak (which is odd since we live in the same metro area) and I must say that I’ve somewhat avoided him as I’m not a big fan of the whole celebrity-like, hyped-up thing (I still haven’t seen Forrest Gump and probably never will), but I thought this was a really good talk and I found myself pleasantly surprised.

Bruce Schneier: The Future of the Security Industry: IT is Rapidly Becoming a Commodity from David Bryan on Vimeo.

Thanks to David Bryan for getting these up!  Here’s another video from the event - this one is the presentation on OpenSAMM - interesting and also very much geared towards development of security applications.  I think this is a great approach, but I have to admit that the practicality is something that I wonder about…

Pravir Chandra: Software Assurance Maturity Model (OpenSAMM) from David Bryan on Vimeo.

Here’s a video of Seth Peter, NetSPI’s CTO, presenting to the Minnesota OWASP chapter’s annual half-day conference…

Seth Peter: The Developers Guide to PCI DSS and PA-DSS Requirements from David Bryan on Vimeo.

Seth Peter, NetSPI’s CTO participated in a webinar on Preventing Multi-Vector Attacks with Eric Schultze from Shavlik.  When two very technical security CTOs get together there is a concern (a legitimate concern) that things are going to be unmanageably technical, but it actually turned out to be a great event.  It was very conversational and did a very good job of highlighting some of the concerns involved in dealing with sophisticated attacks.
With that said, it might not be the sort of content that you are going to want to ask …

The webinar that NetSPI put on with VeriFone is up on the VeriFone webex repository.  It requires registration, but they have been very careful with the use of the registration information that they have gathered, so I’m not concerned about it.
The webinar was built to answer some questions for merchants in particular, so this isn’t an overly technical presentation, but it should help shed some light on how PA-DSS differs from PABP and why retailers and online merchants should care about the standard.  It also showcases some of VeriFone’s solutions …

The first event of NRF - the ‘reception’ was hosted by Wincor-Nixdorf at the Gotham Hall (very cool place on Broadway and 36th) and was interesting.  I’m really concerned about the attendance at NRF this year and, ultimately, the relevancy given the economy and the state of affairs within the retail sector.  The place tonight was pretty packed, but it seemed to lack cohesion.  I realize that this is a sort of strange statement considering that I’m talking about a party, but previous years seemed to have a sense of …

As I mentioned in a previous post, NRF is coming up and, for those of us that have been in the retail technology space for a number of years, this is a big deal.  It’s the one show that tends to draw important retailers and important executives.
With that in mind, I’m going to be doing a couple of things as NRF gets closer:

Posting on some topics of importance for 2009 in retail security
Posting to tools, articles, and other areas of particular interest to retailers that are getting ready for 2009
I’m …