I will be joining some very smart folks for a panel on PCI at Shmoocon next year. Yes, PCI at a hacker con. No, not a Pointy-Haired-Boss type presentation, but a panel discussion of PCI and its impact on our industry. This is part of a larger effort to bring compliance issues to a broader audience, focused on PCI but with insights into the larger compliance realm- look for more presentations and some podcasts in the new year. In this panel I will be joining Michael Dahn, Dr. Anton Chuvakin, and Joshua Corman to discuss everything from the origins of PCI through its unintended consequences and speculation about the future of PCI.
The abstract for this session:
Whether you love it, hate it, or are merely "friends with perks"- compliance is significantly changing what we call security. PCI has been accused of being the Spawn of Satan by some, and yet it has also been credited with advancing security by others. This panel of PCI experts, analysts, and victims will discuss and argue the realities of PCI: its origins, goals, and consequences (intentional and otherwise). PCI is having an impact on priorities, budgets, and personnel, which is being felt throughout the security industry. Unfortunately, there have been few informed discussions of PCI and compliance issues in the technical ranks of the security community. This panel will bring PCI subject matter experts with real-world experience to the technical security professional and hacker audience to discuss, engage, enrage, and argue about what may well be an existential threat to information security as we know it. The diverse viewpoints and experiences of panel members will guarantee a lively and often heated discussion, and will provide a broad base for fielding audience comments, questions, and criticisms. Bring plenty of Shmooballs to this session, you will need all you can get.
As far as Shmoocon in general- Yes, there will be a Shmoobus. Maybe more than one. There will be great talks, great people, much hilarity, etc. I hope to see you there.
Jack