Overview: In this presentation, Jeff Foresman will share his insight into the 10 most common areas that cause problems with achieving and maintaining compliance with the PCI DSS standard. The session will address the common problems facing merchants and service providers and possible solutions to achieve and maintain compliance. The presentation will discuss:

• What is PCI DSS?
• Who is responsible for what?
• 10 Most Common PCI Compliance Problems

Speaker Bio: Jeff Foresman is a Principal Consultant with Fishnet Security’s compliance practice. Prior to joining FishNet Security, Jeff was the Trainer for the PCI Security Standards Council where he was responsible for the training of Qualified Security Assessors (QSA) and Payment Application Qualified Security Assessors (PA-QSA). He was also the instructor for the Standards Training class offered to merchants and service providers.

Prior to joining the PCI SSC, Jeff was both a QSA and PA-QSA while leading the PCI Remediation services practice at Cybertrust/Verizon Business. Jeff has over twenty years of IT experience with a focus on Information Security for the last ten. Jeff specializes in helping companies understand regulatory compliance issues and developing security programs to meet those requirements.

TBD

Speaker Bio: Dan Thormodsgaard, Director of Solutions Architecture. Dan Thormodsgaard has over two decades of experience in the information technology industry and engineering field. As the director of solutions architecture for FishNet Security, Thormodsgaard is a strategic advisor of Fortune 50, enterprise accounts and government institutions. He supports customers' long-term security infrastructure initiatives, evaluates security tools and provides technology recommendations for customers and FishNet Security's partner program.

Thormodsgaard joined FishNet Security in 2002, prior to his current role, he was the regional manager for FishNet Security's Minnesota region and spent several years as a sales engineer. Before joining FishNet Security, he served as a principle consultant at Midwest Systems. He has presented as a keynote speaker for wireless security events at ISWT and has spoken on other security topics at various national ISSA and ISACA chapter events.

Thormodsgaard holds a bachelor's degree in engineering from the University of Minnesota, and a number of specialized technical certifications, including CCSE, CCNP, CCSA, CCNA, MCSE and other security and infrastructure certifications.

Emerging Threats

Speakers Bios:
Shawn Moyer, Principal Security Consultant, FishNet Security &
Nathan Keltner, Security Consultant, FishNet Security

Shawn brings fifteen years of experience in Information Security, with an extensive background in penetration testing, threat modeling, and systems, application and network security. Shawn has served as a team member and consultant in enterprise security for the financial sector and the federal government, including stints with IBM Internet Security Systems' X-Force, several global financial services firms, and a large hosting provider, all with a focus on emerging network and application attacks and defenses.

Shawn has written on security topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, Businessweek, NPR, and the New York Times. Shawn is a seven-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.

Nathan Keltner has over 5 years of professional experience in Information Security, conducting vulnerability assessments, penetration tests, Web application assessments, social engineering engagements, physical security reviews, IT audits, PCI readiness and remediation assessments, as well; as exploit and tool development. He has leadership experience in assessing risks related to external and internal attackers and is familiar with various offensive and defensive strategies related to network security.

Nathan frequently speaks on such topics to various organizations, including presentations on common Information Security weaknesses, Oracle, wireless, and web penetration testing, and providing training on the penetration testing process, web security, and wireless technology. Nathan is skilled in multiple programming and scripting languages and has broad experience with most operating systems, database management systems and networking technologies.

Nathan has served in leadership roles in retail IT Internal Audit, the consulting wing of a large public accounting firm, and as a teacher’s assistant for various programming classes at a state university, in addition to being an occasional developer for the Metasploit Framework open source project.