Stay Classy, San Diego!

Stay Classy, San Diego!

Again, with the forgetting of the months. So what was popular in September and October? Wow, lots of crazy stuff. First, we had the PCI Community Meeting for North America in Vegas. My company threw a great party on Wednesday night, and given it is a release year there was a ton of activity around the event. I would argue that not nearly enough time was spent on the Q/A portion (1 hour each day for 2 days). Then we had RSA Europe in Amsterdam and the PCI EU meeting in Nice. Josh Corman gave a great keynote at RSAC reinvigorating the focus on DevOps and information security. I also gave a talk on leveraging Lean & Kanban in information security to a standing-room only crowd. I believe this will be a big topic over the next few years.

Here are the five most popular posts from the last two months:

  1. How Starbucks is Revolutionizing Mobile (Micro) Payments. Guys, something is going on here. I don’t know if there is just a heavier push to mobile right now or what, but man this one is far and away the winner (more than 10x the traffic of any of the other posts below). You know how you see those crazy fools that pass their phone in front of some magical sensor at Starbucks and never seem to pull out their wallet, yet walk away with coffee? That is really part of a huge master plan to reduce the impact that payments has on the organization. Check out the scenarios discussed!
  2. The Only Customer Service Script You Will Ever Need. OK, maybe it’s a sign that I have hit on a few key points. Four of the five here are bigtime repeat customers. Is customer service is less important now that customers are easiser to come by? Check out this diversion from security that will make you think about how you interact with your customers.
  3. The Definition of Cardholder Data. Yet another powerhouse that is keeping on top of the links. It’s still on people’s minds, probably because they are looking for ways to drop systems out of scope of PCI DSS, or because they are looking at the new eCommerce guidance from the Council. Hopefully this is a good benchmark for you.
  4. First Impressions of the PCI DSS 3.0 Draft. Yes, this is highly anticipated among this crowd simply because we are in a release year. The draft should be made final this week, so expect a longer review by Friday. There are a number of changes that would represent critical workstreams for big and small merchants. If you have anything to do with PCI DSS, you should be planning your changes now as I believe a number of them will take you the full 12 months to plan, design, and implement.
  5. Hurry Up and Wait, PCI DSS 3.0. Yes, we are getting a new version this year and yes, I think that we should be concerned with what comes out. Watch for more posts from me in the coming weeks on some thoughts about industry consolidation and migrations to mobile.

Thanks for stopping by!

This post originally appeared on BrandenWilliams.com.