Image by Wonderlane via Flickr

With the Microsoft SharePoint conference having recently taken place, I have been thinking a lot about SharePoint lately (haven’t you?) and about what a powerful and dangerous tool it can be.

Before I get into what I’ve been thinking about, here are a few things to consider:

A Microsoft employee recently told me that SharePoint has been the most rapidly adopted product in Microsoft’s history. While I haven’t been able to confirm this, it doesn’t really matter - what matters is, it’s everywhere and it …

OK - this is the feedback on the Community Meeting that I had mentioned although it really turned into a philosophical post about what your PCI partners should really be doing for you (hint: being a partner).
This one’s over at the NetSPI blog as well (I swear that I’m still going to be posting over here on a more regular basis, but, since NetSPI’s doing a good job with the blog, I’m going to blend my posts between the two blogs…).  Any feedback is going to have to come here, …

The links are a little messed up, so you might want to wait until about 10AM tomorrow to take a look, but, my newest NetSPI post is up.
Also, if you are interested in understanding a bit more about how PCI impacts industries outside of retail and hospitality or in looking through some more technical posts on penetration testing and the like, I’d tune into the NetSPI blog.  The team has really embraced blogging and collectively we are putting out a very good mix of posts (at least I think so.)
Although …

OK - so I’m not very ‘with-it’ apparently and didn’t really know what Squidoo was, but someone explained it to me and then convinced me to put up a PA-DSS compliance ‘lens’ on Squidoo.  If you aren’t familiar with the site, it’s a collection of mini websites each of which provides some background, insight, education, whatever on specific topics as defined by the builder.  In this case it’s some overview information on basic PA-DSS compliance and a centralized location for PA-DSS feeds and search results that keeps itself up-to-date without …

This morning I had an interesting thought - I want to offer up something to anyone that is reading this blog and may have some questions regarding the Payment Application Data Security Standard (PA-DSS.) 
This is an invitation to a ‘passive PA-DSS Q&A session’.  The reason I am calling this ‘passive’ is that this is not going to be a live session - if you have questions regarding the PA-DSS, what certain requirements mean, or how your particular situation affects it’s applicability to you, post it in the comments and …

This was actually the first time that I saw Bruce speak (which is odd since we live in the same metro area) and I must say that I’ve somewhat avoided him as I’m not a big fan of the whole celebrity-like, hyped-up thing (I still haven’t seen Forrest Gump and probably never will), but I thought this was a really good talk and I found myself pleasantly surprised.

Bruce Schneier: The Future of the Security Industry: IT is Rapidly Becoming a Commodity from David Bryan on Vimeo.

Here’s a video of Seth Peter, NetSPI’s CTO, presenting to the Minnesota OWASP chapter’s annual half-day conference…

Seth Peter: The Developers Guide to PCI DSS and PA-DSS Requirements from David Bryan on Vimeo.

I have spoken with a number of companies over the last several weeks that are preparing themselves to go through the PA-DSS assessment process (software providers, not security firms) and they all are trying to understand the level of priority that they need to set.  Particularly smaller firms are trying to come to grips with the fact that they are now required to go through an expensive, potentially disruptive assessment process that they didn’t have to address previously.
It only makes sense that they all end up asking the question, ‘are …