write, by the trial

Aside from a rather embarrassing moment last night with Keynote1, I spoke to a local group of PCI DSS enthusiasts about the mistakes that QSAs make, and how to deal with them.  I came up with several, but would really like to see what YOU FOLKS out there think!

Submit comments below anonymously or with your name, either way.  This is open to anyone!  QSAs, ASVs, acquirers, issuers, merchants, service providers, ISOs, security professionals, PCI HAY-TAHs, payment brands, Council members, Jim, forensic investigators, and other PCI experts.

Don’t worry, we’ll find time to pick on others as well, but for today, let’s focus on this.  What I’m not looking for is X QSA said that two-factor authentication had to be RSA SecurID only.  I’m more looking for something like a QSA sending a newbie to lead an assessment, or not asking the right questions.

Let me know!  The lines are open!

This post originally appeared on BrandenWilliams.com.

  1. Note to self, make your FIRST and LAST slides different, and actually test MOVING slides before the room is filled with expectant eyes boring holes through my skull into the screen behind me. []