Gene Kim (@realgenekim) and I had the chance to sit down Josh Corman (@joshcorman), the Research Director of the 451 Group’s enterprise security practice, at Interop Las Vegas 2010. Josh and Gene chatted about Josh’s talk during Interop and about his views on PCI. If you are someone who is affected by PCI you should take a few minutes to watch this video Josh has some great points.

I apologize for the disastrous sound during the middle of this video. They decided to move out the lunch from the hall in the 10 minutes we were sitting in the hall. I am now officially fired as our location scout.

What do you think about the conversation? How do you approach PCI. Leave your comments below.

Gene Kim (@realgenekim) had a chance to sit down with John Pironti (@jpironti) at Interop Las Vegas 2010 last week. Gene and John go way back and are two people with excellent Kung Fu in IT security. They share their extensive knowledge and what their current passions are in the space. This is a great conversation we had a chance to capture on video. Listen to what John as to say about making it security an information risk management and a data focused approach as opposed to being about technology. What do you think? What would you like to know from these two?

Gene spoke with Rick Tehrani at TMCnet during Interop Las Vegas 2010. Here is the video interview they shot talking about Tripwire, security, compliance, VIA and log managment. If you have not checked out their site they have lots of great stuff going on over there. Check it out and enjoy.

@matthixson and I are here at Interop in sunny Las Vegas.  My iPhone told me that it’s 77 degrees out, but I have no way to verify that — I haven’t left the hotel in over 24 hours.

Yesterday was terrific, reconnecting with a bunch of colleagues, including John Pironti (@jpironti), Alex Hutton (@alexhutton), Rick Moy (@rickmoy), Josh Corman (@joshcorman), Jason Williams (@whatsupguru), Andrew Conry-Murray (@InfoWeek_Andrew).

Highlights:

• Almost every discussion had something to do with PCI — mostly negative, indicating that there’s gotta be a better way to achieve the spirit and intent of the PCI DSS.
• Josh Corman presented a thoughtful and provocative talk called “Is PCI The No Child Left Behind For Infosec” — hilarious, unsettling, and even a bit maddening.  He’s onto something, and I’ll be posting some more thoughts on this later.  And Matt and I will be interviewing him in about two hours.
• John Pironti, who has been a huge influence on me for over a decade, talked about the potential repercussions of the PCI Community not fixing these problems — right now, PCI is a contractual obligation with the card brands, but if data breaches keep happening, it could result in actual government regulation.
• Rick Moy talked about the great analysis they did at NSS Labs about the failure of security vendors that enterprises rely on to prevent (and often detect/correct) sophisticated threats like the China/Google Aurora attack.  We have a great interview of him, as well.

Interop has attracted a fantastic security practitioners –  videos of John Pironti, Rick Moy and Josh Corman coming soon, right, Matt?