ANX Corporate Blog

We know you are out there!  You live your life based upon a spreadsheet.  Your finances, sports team statistics, your Star War's collection, your wedding, and even the number of times you mow/fertilizer/aerate your lawn.  We get it.  Not only does this spreadsheet addiction personify the person you are, but you validate for everyone else that you are 'that guy'.  

When performing a PCI assessment, risk assessment, or tracking vulnerability trending, you are the person everyone clamors around because you are the most organized and can easily pull it together.  True, a few more of you are savvy enough to have entered into the cloud computing space using solutions, such as, Google Docs.  The element that remains is that often times such solutions aren't adopted throughout the...

Read more

In my last blog post, I wrote about the then-upcoming CCSK training offered by the CSA in San Jose on June 8-10th. Details of the course content can be found here. The training was hosted by Ebay/Paypal and administered by independent security firm, Securosis.

I attended the first two days of training, which were made up of a Basic and Plus session. The first day (Basic) was a high-level overview of cloud computing in general and also went into detail on the topics covered in the CCSK exam. The second day (Plus) was a hands-on session where students worked through the process of deploying servers into the Amazon cloud. These lab exercises were focused deploying servers securely within Amazon's public cloud. Amazon's cloud offering is probably the most flexible, but also the...

Read more

Last week, I was on more Payment Card Industry Data Security Standard (PCI DSS) sales calls than usual.   It reminds me of a lesson I learned when I first started working with merchants on payment card compliance in 2003: providing effective answers requires security and payments knowledge.  For most of us, security is the easy part.  We’ve built a career as security professionals and it’s second nature to keep up with the latest developments in the security community.  However, when it comes to securing cardholder data and providing effective compliance advice, security knowledge is not enough.  It’s important to understand the mechanics of how a payments transactions is captured, processed, transmitted, and stored.  We have to understand the alphabet soup of service...

Read more

Most of us go through our daily routines of digesting a healthy amount of SPAM without ever noticing its nutritional value.  There are several factors that help those responsible for securing ourselves with understanding the multiple flavors this wonderful package brings us in the form of email.  For security administrators, we often choose "delete" like every other user, but certainly there are some value in determining the various trends associated that make people want more SPAM!  Why?  Because if it didn't work, we would no longer have all this SPAM sitting around.

Don't knock it 'till you try it!  Go ahead, open up that email and take a look at the messaging involved, and you'll notice the increasing smell from 'phishing'.  For those that don't know, 'phishing' is a...

Read more

This week I was planning on writing about my experience with the CSA's CCSK certification exam. There has been a slight change of plans. Once I started going through the CCSK study guides (CSA's Security Guidance for Critical Areas of Focus in Cloud Computing V2.1  and the ENISA report Cloud Computing: Benefits, Risks and Recommendations for Information Security) did I realize just how much material the exam covers. While I have "real world" hands on experience through my work here at ANX, and have been through the study material several times, I was beginning to doubt my readiness for the CCSK. For those of you that will be taking the test soon, how confident are you about passing the exam?

Well, thankfully, the CSA has us covered. On June 8-10 the CSA will be offering CCSK...

Read more