Oct 19 2010

PCI Hug It Out: Face to face in Orlando

Published by at 6:57 am under PCI,Podcast,Social Networking

When Gene Kim came to me with the idea to get Mike Dahn and Josh Corman around a table in Orlando, Florida one evening after the annual PCI Community Meeting, I was excited.  Gene wanted to end a minor, pointless feud between two of our friends who’d gotten off on the wrong foot earlier in the year.  In effect, we decided to hit the reset button on the relationship between these two gentlemen.  And Orlando proved to be the perfect time and place to do exactly that.  A good size bottle of Macallum 12 didn’t hurt any either.

PCI Hug It Out-FacetoFace.mp3

To give you a quick recap, this is the third of a three part series (Part 1Part 2) being sponsored by Tripwire called “PCI Hug It Out”.  In Part One, we heard Mike’s views on PCI and why he’s such a strong proponent of the standard.  In Part Two, we heard Josh state his position and why he is sometimes thought of as being an opponent of PCI.  And here in Part Three we explore the points of commonality between Josh and Mike, and how we can turn these into calls to action from the community as a whole.

There is, of course, the question of The Hug; did Mike and Josh put aside their previous arguments and start a new friendship, did they agree to disagree, or did the night end in fisticuffs?  And how much can we raise for the EFF and Hackers for Charity?  Once again, we ask you to visit the Tripwire blog and let us know if you’ve contributed.

This was a fun project to do with Tripwire and the guys.  I’m sure the four of us will get together again in the future to listen to the sounds of our own voices.  We all hope that people who are interested in PCI and security in general found something worthwhile in our discussion over the tabletop, face to face.  For our part, this was worth doing even if no one ever heard it, so if we’ve given anyone else some things to think about, this was a win.  Thanks for listening.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “PCI Hug It Out: Face to face in Orlando”

  1. gus_on 19 Oct 2010 at 10:57 am

    Hi! I’m from Mexico, sorry if my english is not so good :S

    I recently found your blog, i’m very interested in all these topics about security and all that kind of stuffs. I begin to learn about this things, I know that is a lot of thing to learn, but well.. for somewhere I have to start..

    Well.. this is all, I hope that you and your team continue with this job, I think that is very good and.. well, I don’t know

    bye :)

  2. […] I really like it when vendors engage the audience instead of just tweeting their own marketing news briefs or re-tweeting other people’s content.  Engaging in actual conversations with actual people somehow breaches the corporate veil and makes large companies more … human.  There are a few companies that have done this well, such as @TripwireInc with their #PCIHugItOut series.  They leveraged the diplomatic skills of @RealGeneKim and the arbitration skills of @McKeay to bring together @JoshCorman and me, with the goal of finding specific solutions to an issue that impacts most every company on earth.  @CindyV and @MattHixson were the people behind the veil making everything happen, but it felt very organic and most of all, constructive. […]

  3. Megan Denyeron 03 Feb 2015 at 4:48 am

    Don’t forget that depending on which of the PCI DSS Self-Assessment Questionnaires (SAQ) you have to comply with, you may be mandated to undertake vulnerability scanning and even a penetrations test. While scanning can be relatively cost-effective, penetration tests can be expensive, so just keep that in mind. And if you are going through an actual onsite assessment with a PCI-QSA, then often times both scanning and penetration testing is mandated. These are often the “hidden” mandates that many merchants and service providers initially fail to recognize, but they can be incredibly time-consuming and expensive, especially when it comes to remediating any failures associated with vulnerability scans, both internally and externally. PCI compliance is here to stay, so also make sure you’ve got in place all necessary policies and procedures, because that’s a big mandate also.

%d bloggers like this: