Skip to the main content.
Contact
Contact

David Gamey

Principal Security Consultant & Researcher at Control Gap Inc.

David Gamey

Principal Security Consultant & Researcher at Control Gap Inc.

2 min read

Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More >

4 min read

8-Digit BINs and the Great PCI Truncation Reset

Read More >

2 min read

Non-Compliance Lesson No. 3: Don't upgrade or patch your old stuff

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

  • Don’t upgrade your end-of-life software, it’s fine. After all it’s not like you won’t be able to...
Read More >

2 min read

Non-Compliance Lesson No. 2: Outsource your payments/security and don't read the fine print

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

  • Assume you can outsource your accountability for security and compliance.
  • Assume your service provider...
Read More >

1 min read

Non-Compliance Lesson No. 1: Wait until your assessment to validate scope

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More >

11 min read

Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse

According to some, quantum cryptography will revolutionize cryptography, kill our current ciphers, and reveal all our secrets. But if you're a risk manager, you're likely turned-off by claims of an impending crypto-apocalypse. You want to get past the...

Read More >

5 min read

Why Organizations Need to Become Crypto-Agile and What that Means

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and other 64-bit blocked ciphers are on the way out. RSA will likely follow, and our current pre-quantum public...

Read More >

4 min read

Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values

Card Not Present Security Codes/Values are the 3 and 4 digit printed numbers on your payment cards used to verify card-not-present transactions. PCI DSS has been crystal clear for many years that payment Card Verification Codes/Values are Sensitive...

Read More >

8 min read

The DSS, MageCart, and the DOM – Part 3 e-Commerce Skimming

Cyberattacks and data breaches have risen dramatically in recent years and no industry or organization is immune to these attacks. Merchants, governments, healthcare, critical infrastructure are continuously being targeted with ransomware, Cloud leaks,...

Read More >