Description: At some point as information security practitioners, we all face those god-awful three letters. PCI. Yes. It sucks, it’s not cheap, and Yes, It’s not “real security”. But if you or your client is handling cardholder information, you must SUBMIT! Err… comply….with over 200 requirements. But how does a technically-minded and security-driven badass meet the letter and intent of PCI without pulling their hair out, spending thousands on vendor solutions that don’t provide holistic security, upsetting management, nor just “check the box” and move on? Zack and Erin will explore their tried and tested open source solutions implemented by organizations from the small/mid-sized to some of the largest providers in the world to address the requirements of PCI DSS while substantially improving security. This isn’t your grandpa’s high-level theoretical overview, but a deep technical dive with specific configuration guidelines you can implement tomorrow. You too can better devote resources to skilled talent over inefftive or exorbitantly priced products. Let’s start fixing things.
Bio: Zack “Unce Untz Wub” Fasel is a seasoned Penetration Tester and Security Consultant who drank some weird potion and turned into a managing partner and (results pending) QSA. Erin “SecBarbie” Jacobs plays the role of information security executive, security consultant, social soirée extraordinaire, as well as PCI-QSA on several TV shows (mostly on CCTV in her house).
Sorry we had so much AV fail on this one. At about 32:41 we have nothing but noise.
For More Information please visit : - http://www.derbycon.com
http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Tags: securitytube , hacking , hackers , information security , convention , computer security , derbycon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.