jump to navigation

Bill Cook…Kopfjager, Brewer, Gentleman April 11, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

WillCookAn old friend of mine with whom I served as a Marine Scout/Sniper (and attended Scout/Sniper School) is now a professional brewer.  Bill (handsome man on the right 😉 has served time as a Marine Scout/Sniper, completed a Master’s degree or two, speaks several languages and spent 15 years or so traveling some of the most dangerous parts of the Earth while working with various 3 letter organizations.  He is a true Renaissance Man.  Bill is also a hard core Metal Head.  We are not talking about Winger or even Metallica, or Anthrax…Bill is a REAL Metal Head!…he has a new article in BrewHeads where he reviews a Bloody Roots Brown Ale.  Take a read!  If you are a fan of either 1) Beer (who isn’t?) or 2) Metal or 3) Either of both..you need to get introduced to BrewHeads!!

Chris Mark to speak at 2016 ISF Texas April 10, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

ISF2016This week (10:30 am, April 14, 2016) I will be in the awesome city of Austin, TX speaking at the 2016 Information Security Forum. The ISF is: “…a free educational conference aimed at public sector Information Security Officers, Information Resources Managers, and IT staff throughout the State of Texas. The conference is hosted by the Texas Department of Information Resources (DIR) and will be managed by the Office of the Chief Information Security Officer (OCISO).”  The title of my presentation will be “Hackers, Slackers, and Thieves, understanding your adversary.”  If you are in Austin, please consider attending!

Recondo Lt. Col Brad Carr Speaks on Africa March 31, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

BradCarrWatch Lt. Col Brad Carr speak on CSPAN about US Crisis Response in Africa.  I am proud to have called Brad my friend for over 20 years.  He and I served as Enlisted Recon Marines together in the mid 1990’s.  He has gone on to have a stellar career.  In addition to being a Recon Marine he is also an Army Ranger, Infantry Marine, Royal Marine Commando, and the former CO of 2nd Force Reconnaissance Company who was tasked with standing up 2nd Force again.  Very good guy and a true American.   Watch the video!

FTC to Audit PCI Industry March 9, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , , ,
4 comments

ftc_logo_430(UPDATED) I have been in the PCI “industry” since before it was an industry.  I was fortunate to have worked with Visa in 2001 on a team that helped design the CISP requirements for Service providers and subsequently worked at MasterCard a major processor and numerous QSA firms.  I can claim (along with 2 or 3 other people) to be the FIRST assessor even before we were QDSPs then QSAs. I was the PCI SSC’s global QSA trainer and Visa’s CISP trainer.  There probably only 10 people in the industry that have been doing “PCI” type work as long as I have.  Unfortunately, we lost two of those fine folks in the last several years.  One of the most frustrating aspects of being in the PCI assessment business has been competing with the “pay and stamp” assessors.  PCI is complex and conducting a solid PCI assessment is complex and not trivial. There have always been the “bottom feeders” that will guarantee a compliant finding for a nominal  fixed price fee.  For those companies that do solid work (while I compete with them I am also friends with many and can respect their work as much as my own employers) we often find ourselves on the losing end of a bid when someone agrees to assess a Fortune 100 company for a Fixed fee of $40K.  Well..the Federal Trade Commission has taken notice!

The FTC has issued an order to 9 QSA firms to assess (pun intended) how they assess companies against the PCI DSS and how their business is structured. The 9 companies listed are:

Foresite MSP, LLC; Freed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).

Here is my beef with that list.  The one company (to remain un-named for fear of a lawsuit..but we all know who it is)..that has had 7 or so of the largest credit card breaches in history as it’s clients is not listed.  3 of the companies are ‘newbys’ and 3 are very well known and respected companies.  They should have asked for “Chris’ list” 😉

After reading the order it is clear the FTC has done their homework and knows the answers they expect to get.  This is not simply smoke and mirrors.  They are asking questions related to:

  1. The bidding process for QSA work
  2. Cost structure of PCI assessment work
  3. Time associated with the average assessment
  4. number of companies found ‘non compliant’
  5. Whether a company is found ‘compliant’ BEFORE completing all work.
  6. Sampling methodology (this is a gotcha because the required methodology is outlined in the training)
  7. Qualifications

They are then asking for a sample ROC to be provided.  I cannot applaud the FTC enough for taking this step.  It is well past time that we get the “pay and stamp” providers  out of the industry! Read the Order Here!

“PTSD and Addiction”- by John Poitevent March 8, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
1 comment so far

BWR-Logo-NEW-PNGFor those suffering with PTSD and addiction, a good  friend of mine at Behavior Wellness and Recovery wrote a very good article on the subject.  Please take the time to read and share if you know someone who would benefit from this information.  As someone who has scores of friends suffering from PTSD I can say that substance abuse and addiction are pervasive within the community.  Please share!  If you need help, please contact BWR at 866.986.3414