Chris Mark to speak at 2016 ISF Texas April 10, 2016
Posted by Chris Mark in Uncategorized.Tags: assurance, Chris Mark, cybersecurity, hacking, information, risk
add a comment
This week (10:30 am, April 14, 2016) I will be in the awesome city of Austin, TX speaking at the 2016 Information Security Forum. The ISF is: “…a free educational conference aimed at public sector Information Security Officers, Information Resources Managers, and IT staff throughout the State of Texas. The conference is hosted by the Texas Department of Information Resources (DIR) and will be managed by the Office of the Chief Information Security Officer (OCISO).” The title of my presentation will be “Hackers, Slackers, and Thieves, understanding your adversary.” If you are in Austin, please consider attending!
Recondo Lt. Col Brad Carr Speaks on Africa March 31, 2016
Posted by Chris Mark in Uncategorized.Tags: Brad Car, Commando, CSPAN, Force, Infantry, Lt Col, Marine, Ranger, Recon, Royal Marine
add a comment
Watch Lt. Col Brad Carr speak on CSPAN about US Crisis Response in Africa. I am proud to have called Brad my friend for over 20 years. He and I served as Enlisted Recon Marines together in the mid 1990’s. He has gone on to have a stellar career. In addition to being a Recon Marine he is also an Army Ranger, Infantry Marine, Royal Marine Commando, and the former CO of 2nd Force Reconnaissance Company who was tasked with standing up 2nd Force again. Very good guy and a true American. Watch the video!
FTC to Audit PCI Industry March 9, 2016
Posted by Chris Mark in Uncategorized.Tags: American Express, Chris Mark, credit cards, Discover, DSS, Federal Trade Commission, FTC, JCB, mastercard, Order, payment cards, PCI, visa
4 comments
(UPDATED) I have been in the PCI “industry” since before it was an industry. I was fortunate to have worked with Visa in 2001 on a team that helped design the CISP requirements for Service providers and subsequently worked at MasterCard a major processor and numerous QSA firms. I can claim (along with 2 or 3 other people) to be the FIRST assessor even before we were QDSPs then QSAs. I was the PCI SSC’s global QSA trainer and Visa’s CISP trainer. There probably only 10 people in the industry that have been doing “PCI” type work as long as I have. Unfortunately, we lost two of those fine folks in the last several years. One of the most frustrating aspects of being in the PCI assessment business has been competing with the “pay and stamp” assessors. PCI is complex and conducting a solid PCI assessment is complex and not trivial. There have always been the “bottom feeders” that will guarantee a compliant finding for a nominal fixed price fee. For those companies that do solid work (while I compete with them I am also friends with many and can respect their work as much as my own employers) we often find ourselves on the losing end of a bid when someone agrees to assess a Fortune 100 company for a Fixed fee of $40K. Well..the Federal Trade Commission has taken notice!
The FTC has issued an order to 9 QSA firms to assess (pun intended) how they assess companies against the PCI DSS and how their business is structured. The 9 companies listed are:
Foresite MSP, LLC; Freed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).
Here is my beef with that list. The one company (to remain un-named for fear of a lawsuit..but we all know who it is)..that has had 7 or so of the largest credit card breaches in history as it’s clients is not listed. 3 of the companies are ‘newbys’ and 3 are very well known and respected companies. They should have asked for “Chris’ list” 😉
After reading the order it is clear the FTC has done their homework and knows the answers they expect to get. This is not simply smoke and mirrors. They are asking questions related to:
- The bidding process for QSA work
- Cost structure of PCI assessment work
- Time associated with the average assessment
- number of companies found ‘non compliant’
- Whether a company is found ‘compliant’ BEFORE completing all work.
- Sampling methodology (this is a gotcha because the required methodology is outlined in the training)
- Qualifications
They are then asking for a sample ROC to be provided. I cannot applaud the FTC enough for taking this step. It is well past time that we get the “pay and stamp” providers out of the industry! Read the Order Here!
“PTSD and Addiction”- by John Poitevent March 8, 2016
Posted by Chris Mark in Uncategorized.Tags: Addiction, Behavior, BWR, John Poitevent, PTSD, Recovery, Wellness
1 comment so far
For those suffering with PTSD and addiction, a good friend of mine at Behavior Wellness and Recovery wrote a very good article on the subject. Please take the time to read and share if you know someone who would benefit from this information. As someone who has scores of friends suffering from PTSD I can say that substance abuse and addiction are pervasive within the community. Please share! If you need help, please contact BWR at 866.986.3414
Chris Mark Endorses Marco Rubio for President! February 6, 2016
Posted by Chris Mark in Uncategorized.Tags: 2016, Cruz, Election, Endorse, Marco Rubio, president, Republican, Trump
1 comment so far
OK..since my latest brushes with fame on CNN and the National Review maybe the idea of me ‘Endorsing’ any candidate, much less Senator Marco Rubio, is a bit overblown 😉 That being said, I do want to post about why I think the Mr. Marco Rubio is the best option for President in 2016!
I have watched every presidential debate and every ‘town hall’ and I have come to the conclusion that I believe Marco Rubio is the candidate that is best suited to lead our great nation for the next 4 (or 8) years.
While there are no doubt policies that Marco and I disagree upon, the concept fostered by Nobel Prize recipient Herbert Simon of Satisficing comes into play. While we may not all agree on all issues, we evaluate alternative and decide upon the best option. For this reason, I can say that whether I agree with Mr. Rubio on all issue is irrelevant as I agree with his position on the major issues and that is more important than minor disagreements. (thank you Auburn University for my BA in Poli Sci!)
I think Marco represents more of what I believe that our country needs with a conservative executive than any other candidate. So, what is conservatism? As detailed by Mr. Rubio conservatism consists of three primary points: 1) Free Market 2) National Security and 3) Limited Government. (particularly Federal Government). I agree with all three of these points.
More importantly I find Marco to be both honest, smart, fair, and a man of conviction. arco Rubio is clearly very smart and very well read on the relevant issues. Unlike some of the other candidates I do not hear a lot of “sound bites” in his responses and he will speak to the issues with both passion and experience. I listed to Mr. Rubio talk about the issue in the middle east and instead of regurgitating the same tired nonsense of “carpet bomb them” he spoke intelligently of the issues between Sunni and Shia Muslims and how that impacts national defense! This is not an easy topic to learn and takes a lot of study to understand. This demonstrates to me that Mr. Rubio is the type of President I think we need!
Some may see Mr. Rubio’s passion and his tendency to speak quickly and directly as less than ‘presidential’ but I see a person who is in the race for the right reasons! We need more passion, intellect, and frankness in the office. While many have emotion and passion for the job, I like Mr. Rubio’s intellect and education. I have yet to hear him asked a question where he simply regurgitates some sound bite for political expediency. I like people who stand tall and admit mistakes and own their flaws. Marco even made a reference to his boots that were ‘too tall’ (I could use a pair of those, as well)..
I am using my 15 minutes (14 are already spent so only 1 minute left) of ‘fame’ to Endorse Marco Rubio for President of the United States!
To donate to Marco’s campaign please click here!
Chris Mark