Truth can be stranger than fiction sometimes; I’ll be speaking on a panel on compliance with Jack Daniels and Josh Corman at Defcon next month. There’s a couple other people on the panel, who I’ll add once they’ve been confirmed. This should be a fun panel, since we won’t be as interested in keeping it completely civil as we would at someplace like RSA or BSides. We’ll laugh and shake hands afterward, but don’t be surprised by anything you hear during the panel. And this is an interesting crowd to give this talk to, much more technical and focused than more managerial conventions like Black Hat.
I talk to Jack, Josh and a lot of other people about PCI fairly regularly. I’m fairly confident I know their positions on compliance and they have a good idea of mine as well. Jack’s a good moderate who sees both the good and bad, while Josh sees it as a tidal force in the security market space, and not one he likes. Where PCI points, the money goes, like it or not. But this talk won’t just be about PCI, we’ll talk about compliance in general, the good, the bad and the ugly.
If you, by some chance, are around at Noon on Sunday, come see the discussion. The question I have for the audience is simple, “How has compliance affected you and/or your company?” Has it’s affect been positive or negative? Given the crowd we’re drawing our audience from, it could generate some very interesting responses. I’m curious to see how a group that collectively thinks of themselves as hackers feels business attempts at compliance frameworks really affect the work they do. I expect to hear more annoyance with compliance getting in the way of real work than anything else.
This should be a fun way to end Black Hat and Defcon. Josh and I really haven’t had it out over whether compliance being a market force is a good thing or a bad thing and this is a good venue to draw him out on the subject. I’m looking forward to it.