Getting into Information Assurance Careers June 2, 2015Posted by Chris Mark in Uncategorized.
Tags: Chris Mark, CIPP, CISSP, Consulting, cybersecurity, InfoSec, privacy, SANS
add a comment
I have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested. In 2001, I landed in InfoSec by pure luck and I have never looked back. It is an amazing field and a great career path. First..for some marketing. According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year. In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them. In short, it is a very high demand field.
InfoSec? CyberSecurity? Information Assurance? WHAT?
It is even confusing to me sometimes. At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data. This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization). While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.
What types of Jobs are Out There? (more…)
EMV- CHIP & Choice..not Chip & PIN…Start Moving! March 23, 2015Posted by Chris Mark in Uncategorized.
Tags: Chip & PIN, Chris Mark, data breach, EMV, EMVCO, fraud, Liability Shift, mastercard, PCI, visa
add a comment
After deviating from my ‘security’ theme, I am back to talk about InfoSec. Last week I had the opportunity to attend Visa Accredited EMV Consultant Training at Visa’s Headquarters in Foster City, CA. As always, Visa put on a top tier program with numerous experts in Payment Card ‘chip’ technology. Since the topic was EMV most of the experts were from Across the Pond. Thanks to Mark, Chris and the others for great training!
For those who are new, EMV or “Europay, MasterCard, Visa” is a technology where a microprocessor ‘chip’ is embedded in a payment card (credit card, debit card, etc.). It is often erroneously referred too as “Chip & PIN” but EMV really only applies to the Chip technology. If a region or issuer wants to prefer PIN, they are able. Visa has a “Chip and Choice” model where they allow Chip with signature, no signature, or PIN depending upon the issuer, the risk and type of transaction (ie. Debit for Cash or ATM require a PIN). There was too much information over 2 days to talk about in this post but there was one point I learned and wanted to pass on..
In October 2015, Visa is offering a ‘liability shift’ for merchants who adopt EMV. My belief (it was wrong) until I attended the training was that the EMV liability shift only affected those merchants who 1) accepted a ‘chip’ card and on ‘chip’ transactions. These are known as ‘chip on chip’. It is critical that Merchants understand that the liability shift occurs for merchants who accept transacitons over a dual interface terminal (Chip and NFC) who accept transactions of ANY form. As an example, if you accept 99% mag stripe transactions but you have dual interface terminals…the fraudulent transacion due to counterfeit have liability shifted to the issuer! It does NOT have to be a Chip on Chip transaction.
The Second important point to remember is that Visa is offering a Technology Incentive Program (TIP) that states if a Level 1 Merchant accepts 75% of transactions over a Dual Interface terminal, they do not have to validate compliance with an onsite assessment. There are some caveats to this so make sure you read the rules!
To get ready for implementation, ensure you download the Visa Merchant Readiness Acceptance Guide here.
Tags: Affairs, Chris Mark, Robert McDonald, Secretary, Special Forces, Stolen Valor, VA, Veterans
add a comment
Adding to my latest post about Sniper Posers…we have a new addition to the Stolen Valor club. New Veterans Affairs Secretary (and former Proctor & Gamble CEO) Robert McDonald today admitted to lying about being a Special Forces Soldier (Green Beret). This is the same person who confronted Iraq War Veteran (both Iraq wars) and Republican Congressman Mike Coffman (R. Colorado) and pointedly asked “What have you done?” McDonald then talked about how he had “…run a major company..”
It is bad enough when a civilian who has never served lies about their service. It is more egregious when a military member who served honorably lies about their service. It is absolutely not acceptable when the Secretary of the VA lies about his service. Let’s be clear, the VA is one of the most incompetent, corrupt organizations in the entire US Government. Shame on him! He belongs on the Stolen Valor Wall of Shame!
Chris Mark on NPR “Here and Now” talking about R&S Foundation January 22, 2015Posted by Chris Mark in Uncategorized.
Tags: charity, chris kyle, Chris Mark, Here and Now, NPR, R&S Foundation, scout, sniper, USMC
add a comment
I was asked to interview for NPR’s “Here and Now” related to the movie American Sniper and the role of snipers in combat. This was the result of writing an article for the National Review on the same subject. If you are interested in listening to the interview, you can listen to it here. Most importantly, I was able to get some well needed press for the R&S Foundation (Recon and Sniper). This is a charity formed to help those brothers in our community (and other service members and veterans) who may be struggling. We just found out that we lost another one of brothers yesterday. Please visit www.SniperFoundation.org