Tuesday, April 29, 2014

Live from Chicago

Poor lodgings
Our hotel is nicer than this one.
Hi Folks!

I just wanted to check in from the 2014 Treasury Institute for Higher Education PCI DSS Workshop. I have to say that in my four years of attending this event, this year's program seems outstanding. We have had a number of great guest speakers and member-provided programs that show off the amazing talent and depth of knowledge this group possesses.

One theme that has been coming through this week is that there is no other event like this: a three-day workshop (or conference) focused on educating the attendees about information security and PCI DSS. The closest thing to this that I am aware of is the Community Meeting sponsored by the PCI Security Standards Council itself. And considering that we are not the authors of the standard, the higher education PCI compliance community can take a lot of pride in what we teach and share about our nuts-and-bolts, boots-on-the-ground experiences with trying to apply this standard in the most complex environments in the world.

We have heard for years that the unique environments of our college and university campuses are less like a merchant and more like a city full of diverse (and sometimes unruly) merchants when it comes to working with the PCI DSS. And most of us have far fewer resources to work with than a major retail, hospitality, or healthcare corporation. How do we do it?

Commitment. Teamwork. Knowledge. Communication. Sharing.

We have put into practice here and on our PCI Listserv a true Open Source Community in the classic sense. The private business sector could not duplicate what we do here every spring with our PCI Workshop. Can you imagine business rivals working together to share examples of how they conduct their operations? To encourage and help their competitors find the solutions that would keep them in business? To be open to engaging with their rivals to work together and share their corporate intellectual property and the results of their years-long research projects? It's a stretch for me to think of something like that, but it is what we do here intensely for three days every spring and what we do day-in and day-out on our listserv and in e-mails and phone calls to one another.

You know, we're not the ones who came up with the idea of putting unencrypted credit account data on a magnetic stripe stuck to the back of a piece of plastic. We didn't build the systems that can be used to easily steal that data from computers and networks, and then duplicate the cards in order to steal money from innocent victims. An we're not the ones who said "Oops, we better fix that with these 286 security requirements that we'll make merchants who are already broke prove they can meet, every single day without fail. No prior knowledge of InfoSec required." I know none of you thought up this situation. (Although I often get blamed for it.)

But each day we rise to the challenge of PCI DSS compliance and say, "OK. Bring it on!" I'm really proud of all of us here. For me, you guys make my success in my job possible. You challenge me and make me think of how to solve my problems in whole new ways. I am so grateful that I get to meet with you all every year and soak up your energy and optimism.

Thank you Treasury Institute for Higher Education. Thank you PDG and Katy. Thank you Dennis, Ron, and all of you who came from schools spread out from Florida to Alaska. And thank you, Walt Conway, for bringing everything you had to build this workshop into what is has become. I hope we have been able to honor you, in gratitude for what you gave to us. I hope you are also proud of what we have been able to do here this week. We'll remember you always.

Tuesday, April 22, 2014

2014 PCI DSS Workshop - Still Open

Bob Russo
There are still some remaining spaces left if you want to attend the 2014 Treasury Institute PCI DSS Workshop. Go now to http://www.treasuryinstitute.org/pages/PCI-DSS-Workshop-2014.html for more information and to register today.
We have a terrific lineup of presenters and programs this year, with sixteen program sessions, several of them targeted specifically toward each of our main attendee groups: a Business Track and a Technical Track. Our general sessions include industry experts who will speak on threat analysis, data breach response, PCI DSS v3.0 in Higher Education, and our always popular expert panel. And once again we will gain insights directly from the Council, as Bob Russo, General Manager at PCI Security Standards Council, will be with us to talk about PCI DSS 3.0 and Business as Usual.

So please join us next week in Chicago at the historic Palmer House Hilton if you can. You don't want to miss this one!



Palmer House Hilton, Chicago, IL
The Palmer House Hilton in Chicago, Illinois