PCI DSS 4.0 and TLS
In 2015, I published an addendum to our PCI DSS 4th Ed. book that covered version 3.1. I titled it, “PCI DSS 3.1: The Standard that Killed SSL” because that version removed the ability to use old and outdated versions of the standard in favor of the improved TLS standard ... Read More
Why APA is Important in your Masters Journey
Another semester has closed and the reviews are in. As always, I had one student who rails on their hatred of APA formatting and one student who loved it. OK, maybe not loved it, but mentioned that it made a positive impact on their journey. The goal of this post ... Read More
Writing a Book in Markdown with GitHub
December is the month! PCI Compliance, 5th Edition is ready for pre-order and will be shipping on the 22nd. James & I are so excited to hear what you think! But of course, this project is several years in the making. Even before James & I sat down in early ... Read More
HowTo: Kindle Paperwhite Night Mode
I’ve been a kindle reader for a very long time—pretty much since the first version of it. I traveled with one, had a waterproof case for the pool, and generally consumed the vast majority of my fiction reading on it. While my previous device was still cranking along just fine, ... Read More
PCI DSS 4.0 Released plus BOOK DETAILS!
It’s been nearly six years since we had a major release of PCI DSS, and March 31, 2022 was the day that the final version of PCI DSS 4.0 released. For those that had access to the last discussion draft (released early this year), there are virtually no changes from ... Read More
Managing to a State of Abundance
As practitioners, we are often asked to solve problems or simply change the state of something to remove a negative influence on our success. We’re not even necessarily tasked with turning a negative into a positive—but more often only removing the negative state. A great example of that is our ... Read More
Preventing Account Takeover, Enable MFA!
Welcome to October where we celebrate National Cybersecurity Awareness Month! In a previous job, we would host a Cybersecurity Expo and learn together. Last year, I presented a version of this presentation to a large audience with representation across the business (not just IT folks) and I wanted to make ... Read More
Aviation Apps I Use
A friend of mine suggested this as a blog post, the top aviation apps that I use on my phone. Now, keep in mind, I’m a pilot. So some of the apps I use, such as ForeFlight, wouldn’t make much sense unless you are a pilot (or have had some ... Read More
Sellers Buying 5-Star Amazon Reviews
tl;dr: A seller who sold a terrible product is offering me $50 to change my review from 2 stars to 4 or 5. I’m not even sure where to start with this one. It’s a scenario that I’ve never experienced before even as one of the earliest of early adopters ... Read More
Proofpoint Patches URL Sandbox Bypass Bug
Or, how a travel website’s newsletter clued me in to a huge security gap in a popular email protection service. tl;dr: I discovered URLs of sufficient length (over 770 characters) would bypass Proofpoint’s URLDefense service leaving the original link untouched, allowing malicious links directly into users’ email inboxes. Proofpoint let ... Read More
