Taking the BDSM out of PCI-DSS Through Open-Source Solutions

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 28, 2013, 3 p.m. (50 minutes).

At some point as information security practitioners, we all face those god-awful three letters. PCI. Yes. It sucks, it’s not cheap, and Yes, It’s not “real security”. But if you or your client is handling cardholder information, you must SUBMIT! Err… comply….with over 200 requirements. But how does a technically-minded and security-driven badass meet the letter and intent of PCI without pulling their hair out, spending thousands on vendor solutions that don’t provide holistic security, upsetting management, nor just “check the box” and move on?

Zack and Erin will explore their tried and tested open source solutions implemented by organizations from the small/mid-sized to some of the largest providers in the world to address the requirements of PCI DSS while substantially improving security. This isn’t your grandpa’s high-level theoretical overview, but a deep technical dive with specific configuration guidelines you can implement tomorrow.

You too can better devote resources to skilled talent over inefftive or exorbitantly priced products. Let’s start fixing things.


Presenters:

  • Zack “Unce Untz Wub” Fasel
    Zack “Unce Untz Wub” Fasel is a seasoned Penetration Tester and Security Consultant who drank some weird potion and turned into a managing partner and (results pending) QSA.
  • Erin “SecBarbie” Jacobs
    Erin “SecBarbie” Jacobs plays the role of information security executive, security consultant, social soirée extraordinaire, as well as PCI-QSA on several TV shows (mostly on CCTV in her house).

Similar Presentations: