Security's Everyman

Security's Everyman

Tuesday, June 05, 2007

Singing the PCI Blues

Back in December I posted about being happy that I had finally been able to get an answer to my question as to whether or not my then current employer was subject to PCI/DSS. The answer was that they were not and I was happy.

Now that I'm in my new job PCI is a part of my daily life. I'm now having to refresh my memory on PCI (I boned up a little in the past just in case) and am having to start the process of checking out what we are doing and what we still need to do. I like it though. It's new ground in some ways.

This position is much different than my past jobs in that I'm doing less hands on with the network devices and more security support work. Things such as working on updating policies, reviewing configs and change request, reviewing results of a 3rd party Pen Test and working to ensure the issues are corrected. After I get my self firmly planted here and get many of these projects either well under way or completed I am supposed to take over some hands on jobs. I'll have to see how that works out. There is lots to do here and I'd like to see this continue in a position where I continue to focus on moving us into a more secure direction and let others do the hands on under my guidance. But then again I the "geek" in me doesn't want to get too far removed from the 1's and 0's.


3 comments:

McKeay said...

Andy,

A couple of quick PCI resources for you:

http://pcianswers.com - Michael is very knowledgeable about PCI and posts about it frequently.

The PCI standards mailing list in Yahoo Groups is also a good source of information. It's a low bandwidth mailing list on PCI issues.

And finally, you can ask me. I'm not doing PCI on a daily basis any more, but I can still answer a lot of questions. Or at least point you in the right direction.

Martin

Andy, ITGuy said...

Martin, Thanks! I knew I that you would have some input into this. I may well holler at you before long. This is a new adventure in many ways but one I'm loving so far.

AskPCI said...

Yes, you can call, email, or post comments to the PCI Answers blog. We read all email and get you an answer quick.
http://pcianswers.com/

If you email in, we can call you back and discuss as well.

There's also a forum, http://forum.pcianswers.com/

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.