OK - so I’m not very ‘with-it’ apparently and didn’t really know what Squidoo was, but someone explained it to me and then convinced me to put up a PA-DSS compliance ‘lens’ on Squidoo.  If you aren’t familiar with the site, it’s a collection of mini websites each of which provides some background, insight, education, whatever on specific topics as defined by the builder.  In this case it’s some overview information on basic PA-DSS compliance and a centralized location for PA-DSS feeds and search results that keeps itself up-to-date without …

This was actually the first time that I saw Bruce speak (which is odd since we live in the same metro area) and I must say that I’ve somewhat avoided him as I’m not a big fan of the whole celebrity-like, hyped-up thing (I still haven’t seen Forrest Gump and probably never will), but I thought this was a really good talk and I found myself pleasantly surprised.

Bruce Schneier: The Future of the Security Industry: IT is Rapidly Becoming a Commodity from David Bryan on Vimeo.

Thanks to David Bryan for getting these up!  Here’s another video from the event - this one is the presentation on OpenSAMM - interesting and also very much geared towards development of security applications.  I think this is a great approach, but I have to admit that the practicality is something that I wonder about…

Pravir Chandra: Software Assurance Maturity Model (OpenSAMM) from David Bryan on Vimeo.

ShackF00 » Your Hardest Infosec Problem: Getting People to Give a $@%&.

Sorry - I have been a bit out-of-pocket lately and I haven’t been able to post as frequently as I would like (I’m shooting for basically once per week at least and hopefully a good bit more.)
That being said- this isn’t going to be much of a post - just a quick note to mention that NetSPI’s corporate blog is finally up!   Yeah!
It went live this week, so the volume of content is minimal, but the first posts that are up are very informative and will help to provide some …

Seth Peter, NetSPI’s CTO participated in a webinar on Preventing Multi-Vector Attacks with Eric Schultze from Shavlik.  When two very technical security CTOs get together there is a concern (a legitimate concern) that things are going to be unmanageably technical, but it actually turned out to be a great event.  It was very conversational and did a very good job of highlighting some of the concerns involved in dealing with sophisticated attacks.
With that said, it might not be the sort of content that you are going to want to ask …

I have a longer post that I’ve held off on so far regarding the Savvis lawsuit and it’s potential impact on the retail community, but, as I hash through that effort (and try to make it a little less ‘rangey’), I thought I’d put this out…
If you are unfamiliar with the Savvis suit, the details can be found in this article from Kim Zetter (link).  It’s an interesting read and does a really good job of summarizing the situation and the potential impacts to the PCI community.  For those of …

OK, if you are reading this, you’ve managed to find one of the most ‘remote’ security blogs out there - written by someone (me) that is not a security pro or an auditor.  I’m just a guy with a couple of decades of experience with retail, hospitality, and the relevant technologies that is now working for a very focused, very accomplished security consulting firm.  It’s been a good fit as my experiences working with retailers (from the very large to the very small) and their vendors marries up quite well …

I haven’t posted here in some time, but I’m going to make a concerted effort to get back at it.  I’ve just been working on a ton of stuff recently and the blog has suffered because of it…  Alas…
I thought I’d post this very short article from Chain Store Age regarding the Food Marketing Institute’s stance on the recent interchange increases.  One thing I’ve never really seen is how the interchange rate has been affected by security issues - has it gone up directly because of security breaches?  has any …

So the council sat down in front of Congress today…
Cybersecurity hearing highlights inadequacy of PCI DSS.