Nick Selby bares all in his insta-famous treatise called "Showing The Oblomovs The Door" at a new security blog, FudSec.
Fave quotes:
"The CEO who lets the Security organization become the compliance department has abdicated to the government and Payment Card Industry his responsibility to understand and manage organizational risk. "
"Thus have they managed not only to not raise the bar but in fact to substantially lower the ceiling - PCI is not the minimum standard, it's the maximum effort that many organizations make."
"'Best Practices' is a term for which toilet-dunks should be applied rigorously - the term is, to borrow a phrase from Marcus Ranum, weapons-grade marketing bullshit"
"It's more about the fact that all this compliance stuff is preventing us from addressing risk and performing, you know, security."
"You want your compliance department to manage risk for you? You'd better hope your firm is considered, “Too big to fail,” so the next round of government bailouts can save your sorry butt. "
Enjoy, his post definitely exudes pure awesomness (and so do some of the comments)!