The business of morale

Posted by Ian S. Nelson Wed, 28 Nov 2007 18:53:00 GMT

For some reason I've been getting mailings from different people hocking products to make teams better. I'm a big fan of what they are selling at Terryberry, I particularly like their corporate "class rings." I never wear jewelry of any type but I kind of want to have a big ol' superbowl champion style ring because I wrote some cool code for somebody. If someone over the age of thirty wearing one of those rings doesn't say "loser," I don't know what does. If I see that on your finger, I probably won't work with you and you've already used up a couple of your strikes.

Today I got a nice mailing from Successories. Good stuff. They have the full collection of motivational posters, including some I never thought of like this Synergy poster that just causes the viewer to want to run out and do some heavy duty team stuff.

Anyone know where I could get a rodeo champion style belt buckle made with a corporate logo on it? It could either be an award or a punishment for breaking the build.

Tags , , , , ,  | no comments

Another tidbit on PCI

Posted by Tate Hansen Wed, 07 Nov 2007 01:31:00 GMT

Today I was talking with a colleague from a partner company about the PCI certification - I think he's up for recertification.

The interesting thing is he was talking to a Qualys representative recently whom, affably speaking, offered tips on how to tune the Qualys scans based on new modifications made at Mastercard's test lab. The representative also said he could review the report Qualys automatically builds. My colleague exclaimed to me "It sounded like they already have the answers".

Of course they do. Qualys pays PCI to verify their ability to discover what PCI wants them to discover. People pay and use Qualys so they can become PCI certified. Anybody willing to click "start scan" has the ability to be an Approved Scanning Vendor.

What's my problem with all this? For one, the certification process is rotten:

http://blog.clearnetsec.com/articles/2007/05/16/pci-not-our-problem.
http://blog.clearnetsec.com/articles/2007/05/04/pci-misleading-racket

On top of that, it's costly and does little to vet engineers claiming competency. Its design is to weed out small security firms, which is probably why it fires me up in the first place and turns me into a cynical punk all day.

Tags , , , , , ,  | no comments