Information security compliance regulations like PCI, HIPAA, SB1386 have been around for many years now, but we continue to suffer large data breaches. In this talk, an experienced PCI QSA will discuss why even the best efforts at compliance fail to prevent breaches, provide examples from the field of what goes wrong despite these best efforts, and how to win by not playing - by getting the sensitive data the thieves want out of your environment.

Bio: Jeff Elliot is an Associate Director at Protiviti, where he is responsible for delivering Information Security services to many of Protiviti's largest clients. With seven years as a PCI QSA, and as the "Primary Contact" for Protiviti with the PCI Council, Jeff leads or consults on many of Protiviti's largest PCI assessment and remediation projects. Jeff and his teams typically find real security gaps that other assessors and client personnel have missed, sometimes for years.

Back to BSides Las Vegas 2014 video list