by Adam M. Lechnos, CISSP Payment Card Industry Data Security Standards or PCI DSS, are a set of 12 requirements with over 300 controls which apply to any organization which stores, processes or transmits credit card data. Today, I will attempt to add some clarity around PCI compliance within AWS. Concepts and practices were sourced from the referenced document below and here I will break it down further. I do suggest you first read the Architecting for PCI DSS Scoping and Segmentation on AWS and come back to enhance your understanding of the methods being applied and its rationale. For a quick primer on PCI-DSS, please refer to the council's overview PDF.Referenced from: https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf Infrastructure Services Infrastructure services such as EC2 require the

Cybersecurity threats are a major concern for businesses of all sizes, and that challenge can have repercussions when a company puts itself on the selling block. One of the things buyers will want to know is whether the company has had a breach and, if so, how it was handled. If the business can show it addressed the breach in a satisfactory way and learned from the experience by fixing its security vulnerabilities, its sale value increases, according to 88% of respondents in a new (ISC)² study titled Cybersecurity Assessments in Mergers and Acquisitions. The study reveals that cybersecurity audits are now standard practice in the M&A process. And the results of those audits have weight: 77% of study participants,

IT service providers have recently become a common target of cyber attacks and 11 of them have been compromised since July 2018. Attackers target providers in attempts to gain access to their customers, according to a blog post by Symantec. What makes this especially ironic is that IT service providers often are the same companies that businesses hire to protect them against cyber threats. It’s not exactly a new tactic by cybercriminals, who in the past have even attacked security vendors. Perpetrators also have been known to target some companies purely to get to their business partners. This practice was the subject of investigation in a recent (ISC)² study titled, “Securing the Partner Ecosystem.” Symantec revealed that the group responsible

The cybersecurity skills gap means companies are scrambling to fill security positions, and that presents an opportunity for you to find security work – even without direct experience. Faced with a critical shortage of qualified candidates, organizations are increasingly taking chances on nontraditional applicants and training them for security roles. One way to bridge a cybersecurity experience gap and get started? Make the case for your transferable skills. Success in security requires a mix of technical and soft skills. These can potentially come from ANY previous job. Analytical skills, enthusiasm for exploring technical questions and issues, and diagnostic experience will all serve you well in the security field. Business acumen and a background in project management also prove valuable in

In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start. Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the company a stronger foothold in digital transformation and cybersecurity. One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together, the acquisitions send a strong signal by VMware and its parent company, Dell EMC, that it is serious about the role