Later this week I will be at ShmooCon, doing a very, very, very fun panel on PCI DSS:
“An Existential Threat To Security As We Know It?
Joshua Corman, Michael Dahn, Dr. Anton Chuvakin, and Jack Daniel
Whether you love it, hate it, or are merely "friends with perks"- compliance is significantly changing what we call security. PCI has been accused of being the Spawn of Satan by some, and yet it has also been credited with advancing security by others. This panel of PCI experts, analysts, and victims will discuss and argue the realities of PCI: its origins, goals, and consequences (intentional and otherwise). PCI is having an impact on priorities, budgets, and personnel, which is being felt throughout the security industry. Unfortunately, there have been few informed discussions of PCI and compliance issues in the technical ranks of the security community. This panel will bring PCI subject matter experts with real-world experience to the technical security professional and hacker audience to discuss, engage, enrage, and argue about what may well be an existential threat to information security as we know it. The diverse viewpoints and experiences of panel members will guarantee a lively and often heated discussion, and will provide a broad base for fielding audience comments, questions, and criticisms. Bring plenty of Shmooballs to this session, you will need all you can get.
Joshua Corman is Research Director for Enterprise Security at The 451 Group and was previously Principal Security Strategist at IBM ISS; Michael Dahn is Global PCI QA Manager for a Verizon Business and was previously the subject matter expert in creating PCI DSS training for Visa USA, Europe, Asia-Pacific, LAC; Dr. Anton Chuvakin is a recognized expert in the field of log management and PCI DSS compliance, he is Principal at Security Warrior Consulting and former Director of PCI Compliance at Qualys; Jack Daniel is some guy with a beard and Sock Puppets who drives the ShmooBus.”
This time, BTW, I will have plenty of time to meet with people since I am in DC from Thursday to Monday. Drop me an email/tweet/etc if you want to meet up and talk SIEM, logs, PCI (well, better logs than PCI :-)), etc. In any case, see you all in Washington, DC later this week!