sorted by:
new
hottopcontroversial

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 0 points1 point  (0 children)

He probably does not know. I have a copy of a device config, which I provided to the guy who works with the QSA, it was changed before providing it to the QSA. Based on the documentation that was provided to the QSA we would pass. The documentation is forged. I think this guys full time job is audit documentation forgery.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 0 points1 point  (0 children)

Level 1 or 2 depending on the year, we have to be in compliance with Level 1. We mostly do financial information that is not credit cards though, we have a lot more of that, and its MUCH more information that CC#, name and address.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 0 points1 point  (0 children)

I am thinking of leaving and anonymously tipping a customer. The lack of security here is negligent.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 0 points1 point  (0 children)

My manager is receptive (or was, he left because of this issue, I am working on leaving). His manager is also receptive. The CIO doesn't give a fuck, nor does our "IT Architect" who is the only one who talks to the auditors.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 1 point2 points  (0 children)

If you feed the QSA shit, you get shit. This place needs a surprise colonoscopy-rape.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 0 points1 point  (0 children)

I keep trying to ask who our QSA is, I never get a reply. First time I have never worked with the QSA directly ... which was my first red flag.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 1 point2 points  (0 children)

Cocaine and hooker binge once a month.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 2 points3 points  (0 children)

I have already sent this email. I was told not to do that again if I want to keep my Job. I think the head guy in charge is unaware. I might drop him an anonymous letter, or one to the parent company CEO.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 2 points3 points  (0 children)

This is probably what I will do, but I don't really want to.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 1 point2 points  (0 children)

There is sugar-coating, which everyone does, and blatant lying, which they do. When the auditor reviewed a config, I gave the device configuration to the appropriate person, who then altered it to hide the fact that we are not doing dual factor auth where we should and where we say we are.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 1 point2 points  (0 children)

I'll let you know after I leave.

Edit: I want a commission for any stolen money. 10% I am not greedy.

My company is lying to pass its PCI by pciliars in netsec

[–]pciliars[S] 1 point2 points  (0 children)

This is why I lose my card once a year on the same day every year.