A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Taking the BDSM out of PCI-DSS Through Open-Source Solutions - Zack “Unce Untz Wub” Fasel & Erin “SecBarbie” Jacobs Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Taking the BDSM out of PCI-DSS Through Open-Source Solutions - Zack “Unce Untz Wub” Fasel & Erin “SecBarbie” Jacobs
Derbycon 2013

Description: At some point as information security practitioners, we all face those god-awful three letters. PCI. Yes. It sucks, it’s not cheap, and Yes, It’s not “real security”. But if you or your client is handling cardholder information, you must SUBMIT! Err… comply….with over 200 requirements. But how does a technically-minded and security-driven badass meet the letter and intent of PCI without pulling their hair out, spending thousands on vendor solutions that don’t provide holistic security, upsetting management, nor just “check the box” and move on? Zack and Erin will explore their tried and tested open source solutions implemented by organizations from the small/mid-sized to some of the largest providers in the world to address the requirements of PCI DSS while substantially improving security. This isn’t your grandpa’s high-level theoretical overview, but a deep technical dive with specific configuration guidelines you can implement tomorrow. You too can better devote resources to skilled talent over inefftive or exorbitantly priced products. Let’s start fixing things.

Bio: Zack “Unce Untz Wub” Fasel is a seasoned Penetration Tester and Security Consultant who drank some weird potion and turned into a managing partner and (results pending) QSA. Erin “SecBarbie” Jacobs plays the role of information security executive, security consultant, social soirée extraordinaire, as well as PCI-QSA on several TV shows (mostly on CCTV in her house).

Sorry we had so much AV fail on this one. At about 32:41 we have nothing but noise.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast