To continue the thread with Justin Gardner, I documented the first part of my 'theory on optimizing hacking'. Before you can do anything else, we have to align on outcomes. It was fun to write up: sensecurity.io/probability-of…

You can't fault consumers for being 'checkbox seekers' when the reality is 95.4% of our industry is built around passing blame via compliance.

Is there any evidence at all to suggest that PCI compliance stops or reduces fraud and breaches?

best thread on the internet...

In 2005, CardSystems Solutions was breached and lost 40 million credit cards. They are one of the only cases where the credit card providers revoked their ability to process cards. Their penalty for all of this? Nothing. They sold the business for 47 million dollars.

"Analysis of major breach incidents reveals a concerning pattern regarding compliance status at the time of security incidents. Many organizations that experienced significant breaches had recently passed PCI DSS compliance assessments, raising critical

Arguing that doing something is better than nothing is actually quite fair-- but it is also always true. It would be better if you walk 10k steps a day. It wouldn't be good if you lost your business over not doing it because a bank said so.

I think I am just bitter that they tried to force me to fill out some stupid form and pay them money to inform them that I am not required by their own standards to do anything else.

I'd like to clarify my previous tweet. It isn't that I disbelieve that security controls work, I am just really nervous that we built a billion dollar industry on "just trust me bro" validation it works.

It will always be tweets to me; this is a hill I will die on.

Hahahaha

It really is amazing how much work I can get done if I focus...

Guy cuts people off to get off the plane first, then brags about being married to a trust-fund baby. I wish I could make this stuff up.

Being on bad wifi/internet reminds me of growing up. Kind of nostalgic in all the wrong ways.

Flying in an airplane is so absurd it always makes me ask questions about humanity.

That’s not a “flopped tweet” — that’s you showing up, even when no one is clapping.