Every spring we here at Cimcor look forward to watching the topics that emerge from the world-renowned RSA conference in San Francisco. It is a first-class event that thousands of attendees make their way to the Bay area each year. In fact, this year garnered a record turnout for the event with 33,000 people making their way to the Moscone Center.
This year’s installment of the conference didn’t disappoint. There were a lot of great topics that were addressed by the speakers’ presentations again this go around. Just like last year, we’ll be covering some of the highlights that struck a chord with us.
POS & PCI Security has Room to Improve
Addressing the Payment Card Industry (PCI) and point-of-sale (POS) machines are easy ways to perk up our ears. David Byrne of Bishop Fox addressed the security weaknesses of POS machines [1] and Troy Leach, the Payment Card Industry Security Standards Council (PCI-SSC) Chief Technology Officer (CTO), presented on the compliance standard’s evolution and migration away from the SSL protocol [1b].
These points underline the need to keep tabs on how threats are emerging at all times and the methodologies necessary to combat them. It is likely that you heard or read about the recent POS malware outbreak known as Punkey and the PCI-DSS 3.1 standard that will soon be released this June.
Show Me All the People…
Another issue that has been getting a lot of press over the last few years in the information technology (IT) security field is the lack of skilled professionals available to handle the workloads that are required to keep organizations' infrastructures safe [2]. How are companies expected to do more with less? Additionally, there is growing concern regarding diversity in the workplace in terms of women and people of color [3]. In an effort to combat the sentiment the IT community is not friendly to women, the RSA Conference instituted new attire requirements for companies’ booth employees and contractors [4]. The long tradition of “booth babes” is now officially frowned upon and will hopefully usher in a more inclusive climate for attendees.
Wrapping up
Overall it looks like there are still some long-standing hurdles that the industry still needs to leap over to keep technology and data safe as well as make the conversation more holistic.
References
[1] https://www.scmagazine.com/news/incident-response/rsa-2015-point-of-sale-system-security-is-lacking
[2] http://www.welivesecurity.com/2015/04/24/rsa-conference-2015-much-technology-not-enough-people/
