I recently collaborated on a piece for InformationWeek entitled “A How-To Guide To Cloud Computing“.  My portion was a tight 700 or so words regarding what security topics to consider when utilizing the cloud for the first time. I would have liked to write a lot more and go indepth, but it was not the [...]

Video blog rant on information security programs. This started as me just playing around with the isight camera and evolved into a full on rant.

I learned that I have no future in media.

The great folks over at the PCI council have finally done something I agree with.  They have provided a clear and concise explanation of PCI 6.6.  Typically, their direction is unclear and left to the masses to decipher.
In the new PCI 6.6 supplement, the council has given more direction on how to meet the dreaded [...]

Recently I posted about PCI’s new payment application mandate coming out. Today I was lucky enough to receive a draft version, a comment sheet, and the associated NDA (thus why I have not posted the documents here).
A quick review basically outlines what we expected. PCI is taking Visa’s PABP program, transitioning it into PCI [...]

Currently there are several offerings in the market for application security testing. There is black box, white box, grey, and finally binary analysis.

Black Box Testing
Like all things in life, black box testing has its ups and downs. Through this testing method, the tester focuses on portions of the application which the user [...]

Today I read a well written article about the California wild fires intitled, Why Californians Don’t Leave. The article discusses, as the title would suggest, why people do not move from wild fire prone areas even though the threat is repeated yearly. The basic theory of this article is so simple and applies [...]