@matthixson and I are here at Interop in sunny Las Vegas. My iPhone told me that it’s 77 degrees out, but I have no way to verify that — I haven’t left the hotel in over 24 hours.
Yesterday was terrific, reconnecting with a bunch of colleagues, including John Pironti (@jpironti), Alex Hutton (@alexhutton), Rick Moy (@rickmoy), Josh Corman (@joshcorman), Jason Williams (@whatsupguru), Andrew Conry-Murray (@InfoWeek_Andrew).
- Almost every discussion had something to do with PCI — mostly negative, indicating that there’s gotta be a better way to achieve the spirit and intent of the PCI DSS.
- Josh Corman presented a thoughtful and provocative talk called “Is PCI The No Child Left Behind For Infosec” — hilarious, unsettling, and even a bit maddening. He’s onto something, and I’ll be posting some more thoughts on this later. And Matt and I will be interviewing him in about two hours.
- John Pironti, who has been a huge influence on me for over a decade, talked about the potential repercussions of the PCI Community not fixing these problems — right now, PCI is a contractual obligation with the card brands, but if data breaches keep happening, it could result in actual government regulation.
- Rick Moy talked about the great analysis they did at NSS Labs about the failure of security vendors that enterprises rely on to prevent (and often detect/correct) sophisticated threats like the China/Google Aurora attack. We have a great interview of him, as well.
Interop has attracted a fantastic security practitioners — videos of John Pironti, Rick Moy and Josh Corman coming soon, right, Matt?