Branden Williams' Security Convergence Blog

Yep, it's finally done. Nearly two years after our business unit was listed for divesting, we've closed on a buyer. VeriSign's Consulting Group is now part of AT&T Consulting Solutions.

If you are seeing THIS post, you have a small action to take! You need to update your RSS Reader or bookmark to:

Website: http://blog.brandenwilliams.com/
RSS Feed: http://feeds2.feedburner.com/BrandenWilliamsSecurityConvergenceBlog
Twitter: http://twitter.com/BrandenWilliams

Don't worry! While you will not be able to read my musings here anymore, all of the content is over on the new site, and prettified with pictures and such. You will be able to download all of my previous publications, get information on and pre-order the upcoming book, and see all my posts that you saw here with some fancy searching capability!

It's been an awesome run as a part of the VeriSign family, and I know I'll be crossing paths with you all again in the future. It's a small industry!

Finally, I want to take a moment to thank the AWESOME team at VeriSign for supporting all of us bloggers, and especially Karen Snyder for running the program!

SEE YOU IN THE TUBES!

Posted by Branden Williams at 5:32 AM | Permalink | Comments (0)

I hope to see many of you next week at the PCI Community Meeting in Las Vegas! VeriSign will have a booth and is a sponsor for the event. If you are going, please do stop by our booth and attend our sponsored cocktail hour! We'll have some goodies and some exciting news for everyone that stops to chat!

At this point, I'm not sure what kind of coverage I'll be able to provide from the meeting, but more on that soon.

Before you arrive for the sessions, I urge you to review the myriad of information available on the PCI Security Standards Council website, including the recently published SIG papers, and prepare your questions. This is your chance to ask the Technical Working Group and other members of the Council directly! Although, be prepared for them to tell you it is up to your QSA.

The best way to avoid that answer is to ask questions that don't start with "My environment has X technology," and ask for their intent behind requirements. As an example, a bad question to ask would be "Can I use whitelisting instead of anti-virus?" A good version of that question might be "Is the intent of 5.1 to stop the execution of malicious software, and can compensating controls be considered?"

It requires that you do a little homework, but as with most things in life, you will get out of the event what you put into it. Preparation goes a long way when talking to the framers of the standard.

Hope to see you there!

Posted by Branden Williams at 3:10 AM | Permalink | Comments (0)

We're getting REALLY close. All of the content is in, and the publisher is working toward production! Anton & I have worked hard to bring you the most technically accurate and useful reference book to carry with you during all of your PCI DSS efforts. You will notice that the book reads much better than the first edition, and we've included some GREAT case studies for you!

Well, I think they are great anyway; I wrote almost all of them. That was my favorite part of this process--writing the case studies. In fact, I had to put off all case study writing to the end of each chapter and use it as my motivator to get through all of the content!

All in all, about 80% of the material in this book (maybe even more, just an estimate) is NEW. Some of the larger chapters contain more than 15,000 words, while the smaller ones are under 4,000. Regardless, we've worked hard to make sure that your reading experience with this edition leaves you thinking about how to apply our teachings to your environment, and laughing a little bit along the way.

We're working on a website, but it's SUPER secret right now. If you have suggestions for what you might like to see in the site that supports the book, please leave them in the comments field below. We'll also have a couple of contests with prizes for our readers! But more on all of that LATER!

The book is scheduled to release on December 15, 2009, but pre-order now to ensure you get your copy quickly! I believe there will also be a Kindle edition, so watch for that!

Click here to see the book listed in Elsevier's catalog, and then on Amazon and Barnes & Noble (the typos in the online stores are corrected in the catalog, and should be corrected on the other sites soon).

Posted by Branden Williams at 9:33 AM | Permalink | Comments (2)

If so, go find the VeriSign booth, and ask for Rob Harvey. He is challenging attendees to a game of Blackjack! Beat Rob, and you win!

Posted by Branden Williams at 8:00 AM | Permalink | Comments (0)

Are you in love with your Kindle like I am in love with mine? Believe me, I like the feel and smell of a good book, but I'm really looking to cut down on the bulk and weight that I carry with me as I travel. So I broke down and finally got a Kindle. So far, I read the latest Dale Brown book in the Dreamland series entitled Rogue Forces, and a Stephen King novella entitled Ur, where the Kindle takes a lead role. On deck is Arctic Drift by Clive Cussler, and a few samples that I have downloaded to see if I want to read the entire book.

Did you know you can get blogs on the Kindle? In fact, you can now read MY blog on the Kindle! If you have a Kindle, browse over to http://www.amazon.com/gp/product/B002BH3VKQ and check it out!

Posted by Branden Williams at 6:06 AM | Permalink | Comments (0)

OK folks, two biggies from the April issue of the ISSA. The first is this month's issue of Herding Cats entitled, Get Compliant on the Cheap, where I review some of the fantastic commentary provided at the end of last year by JD Smith, one of our esteemed PCI Consultants.

The feature of the April journal is my article, The Art of the Compensating Control. I hope that this article helps to clear up some of the fog that clouds compensating controls.

Hope you enjoy, and Happy Monday!

Posted by Branden Williams at 7:30 AM | Permalink | Comments (0)

What are you doing at 2pm eastern today? If you have that annoying budget meeting, or maybe one of those late lunches with the group of folks that bug you, how about joining me for a webcast on PCI?

Click here to register, and I'll be on Twitter during the event if you guys want to interact!

Posted by Branden Williams at 7:41 AM | Permalink | Comments (0)

My link seems to have disappeared from the right, so I'll just add it here! Follow me on Twitter at http://www.twitter.com/BrandenWilliams! I'll be tweeting from RSA in two weeks!

Posted by Branden Williams at 6:07 AM | Permalink | Comments (0)

The Bloggers at RSA are doing awards this year! The Social Security Awards need your nominations. Your nominations are due by March 31, so go vote now!

As a reminder, what you need to do to vote is as follows. Go to the link above, then click Next. Under the Most Entertaining Security Blog, put my name, the url (http://blogs.verisign.com/securityconvergence/) and that you think I'm WACKY!

Posted by Branden Williams at 5:52 AM | Permalink | Comments (0)

As a preview for next month's Herding Cats, I decided to take a suggestion from a colleague and turn it into a column. We're going to explore Hizver's Insecurity in Large Numbers Theorum!

Think you are safe in a crowd? Think again! Think that your company is too small to be noticed or targeted? Danger is afoot!

Without ruining the punchline, consider this. Let's say you work for a large company with a few thousand employees. Each one has at least one Microsoft Windows device assigned to them. Remember the emergency patch from last month? Are you 100% confident that every single last one of those devices was patched?

Also, another preview... All previous versions of Herding Cats will be posted in their printed glory by December 1!

Posted by Branden Williams at 7:24 PM | Permalink | Comments (0)

Greetings folks! Couple of updates in this post.

October's Herding Cats is up and ready for you to read! Pretty soon here I will be setting up a URL where you can download all the published versions of this column regardless of your membership status with the ISSA. Need a little time though baby birds. Until then, members of the ISSA can download the most recent version here. As you can tell, I have been reading a lot of James Patterson recently. Sorry about that.

Also, if you are going to be at the PCI Europe Community Meeting this week, look me up! I'll be wheels down in Brussels on Tuesday in time for the networking session. I am looking forward to meeting more of you this week.

I am transiting through London first, so if you are in London and want to grab a pint, drop me a line!

Posted by Branden Williams at 4:06 PM | Permalink | Comments (0)

Down Undero! Finally made it down here and nobody down here has said "G'day Mate!" or offered me shrimp on the barbie.

So disappointed.

Anyway... If you are in Sydney, shoot me an email and we'll do a pub crawl!

Posted by Branden Williams at 2:55 AM | Permalink | Comments (1)

No, Toto is not coming. I'm referring to Australia! I'll be making a trek down under in August to discuss PCI with banks and merchants alike. If you are in the area and want to meet up, please drop me an email! Hope to see you there!

Posted by Branden Williams at 7:15 AM | Permalink | Comments (0)

If so, drop me a line! I'm leaving the home base here in a few hours to head there for the conference. I will be discussing personally identifiable information and why it is important to secure.

After I speak, I'll be high-tailing it to Denver International to catch a return flight home. Hope to see you there!

Posted by Branden Williams at 11:16 AM | Permalink | Comments (0)

Well look no further! Come join VeriSign's Premier Global PCI Consulting practice!! If you are a current QSA in good standing, take a look at the job listings below. If you are a security professional that wants to get into PCI related work, we can train you!

Click here and enter keywords "qualified security assessor" to learn more!

Posted by Branden Williams at 7:28 PM | Permalink | Comments (0)

It's time to celebrate American Independence! I'll be taking a holiday for a few days, but will return next week. I will have a post hit on Monday though, so keep your eyes peeled (ouch?)!

Posted by Branden Williams at 5:42 AM | Permalink | Comments (0)

I haven't written, called, emailed, faxed, or even sent you guys anything via carrier pidgeon. For that, I grovel at your feet and request my penance (tee hee, I love the occasional translation error, especially when it reminds me of the most beautiful thing I have ever seen). What have I been up to?

Last week was fun. Boston & Cincinnati in two days. Was great seeing many of you out there! Especially when a coworker and I started eating at the wrong party! This week, so far, I have met with the Visa CISP and Incident Response teams over two days, and I am headed home to fly out to Atlanta for a couple of customer meetings. If you are in town, drop me a line!

Some PCI News for you...

The PCI Security Standards Council has announced their community meetings for 2008. We will be there! They have also announced training dates for PA-DSS assessors.

I'm off to DFW!

Posted by Branden Williams at 6:41 PM | Permalink | Comments (0)

If so, shoot me an email! I will be there for the 5th 3rd Customer event tomorrow (if I can ever get out of Boston!).

Posted by Branden Williams at 7:38 PM | Permalink | Comments (0)

Bout to go board my jet-fueled chariot right now. If you are going, look me up on Twitter! I'm planning on taking a cab to the hotel, checking in, and seeing if any conference goings on are... going on.

See you there!

Posted by Branden Williams at 5:16 PM | Permalink | Comments (0)

I arrive tomorrow and will see you there! Please stop by the VeriSign booth!

Posted by Branden Williams at 9:42 PM | Permalink | Comments (0)

This month's issue of the ISSA Journal features my article on simplifying data flows entitled "Data Flows Made Easy." So far, the feedback has been positive, but what do you think?

Also in this issue, the first installment of my monthly column, "Herding Cats: Practical Security Tips for a Wacky World" (Thank YOU Fred Langston!). In here, I explore a simple tip for locating that sensitive data inside your organization.

Finally, we have another VeriSign consultant being published this month, Bindu Sundareson's article entitled "Converged Compliance Management" is included in the March ISSA Journal.

Check out the links and read up on the thought leadership that is common in the Global Security Consulting group at VeriSign!

Posted by Branden Williams at 7:12 AM | Permalink | Comments (0)

Greetings out there! If you happen to be at eTail next week, please stop by the VeriSign booth and say "Hi!" I would be happy to discuss the NRF or Tim Callan's EV-SSL.

See you there!

Posted by Branden Williams at 7:40 AM | Permalink | Comments (0)

Yep! Time to tackle the world! Hope everyone's holiday was fantastic.

Posted by Branden Williams at 12:38 AM | Permalink | Comments (0)

Greetings folks! It has been quite a year. I've only been lucky enough to spend the last 5 months with you writing in this blog, but I sure had fun. I enjoy zoning out for 10 minutes on YouTube looking for silly videos that promote sanity in the workplace.

I hope you all enjoyed reading along this year... see you next year!

Seasons Greetings!

Posted by Branden Williams at 6:36 AM | Permalink | Comments (0)

Please use the following link for the RSS feed for this blog. Waiting on the developers to update the one on the bottom left....

http://feeds.feedburner.com/BrandenWilliamsSecurityConvergenceBlog

Posted by Branden Williams at 7:51 AM | Permalink | Comments (0)

Hello everyone! Thanks for stopping by. I have been graciously asked to take over this blog as Jeff Pettorino has now left the building (and thanked you all for the fish).

Just to be forward, I am a security generalist with a technical background, but I concentrate in PCI related consulting today. I currently run the PCI Practice for our Global Security Consulting group.

I will make a commitment to you Joe Reader to balance my posts. This will not be ALL PCI, ALL THE TIME! I will be sure to post alerts that we see with links, but I will put a nice balance of things in place.

Yes, I am heavily influenced by PCI; however, many of the work that we do bleeds into other areas of the organization. PCI blazes the path for many companies, and allows security programs to flourish. I am looking forward to great interactions and frequent posts!

Let the fun begin!

Posted by Branden Williams at 7:00 AM | Permalink | Comments (0)