Introduction by: Jeremy King, European Director, PCI Council

Panelists:

• Pravir Chandra, Security Architect, Bloomberg
• Josef Nedstam, Lead Developer, IKEA
• John Wilander, Software Developer, Svenska Handelbanken

Panel co-ordinator: John Yeo, Director, Trustwave SpiderLabs EMEA

Agenda:

• PCI Security Standards Council: history, lifecycle and vision
• The role of Application Security in PCI Security Standards
• Recent breaches and their implications in the financial services space
• Tools and Guidance for achieving and maintaining compliance
• Real-life experience with the PCI Security Standards

Jeremy King, the European Director of the PCI Security Standards Council (PCI SSC), leads the Council’s efforts in increasing adoption and awareness of the PCI security standards in the European region. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard Worldwide, and Visa, Inc. His chief responsibilities include gathering feedback from the European merchant and vendor community, coordinating research and analysis of PCI SSC managed standards in European markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), Payment Application Qualified Security Assessors (PA-QSAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Mr. King brings extensive experience in the payment card security and high-tech industries to the PCI Security Standards Council. Most recently, he served as Vice President for the Payment System Integrity Group at MasterCard Worldwide, where he played an integral role in developing payment terminal and chip card security programs. He also spent more than 14 years working in the U.K. semiconductor industry and has a strong background in payments technologies, including contactless card, encryption, and mobile payment technologies.

Josef Nedstam is a software development consultant for Swedish consultancy ab1. He finished his PhD in 2005, “Strategies for Management of Architectural Change and Evolution”, at the Faculty of Engineering, Lund University, Sweden, after cooperation with some 20 software development companies and the Software Systems Research Group at NICTA, Sydney, Australia. For the last five years he has been assigned to IKEA IT as a WebSphere Commerce developer at the IKEA website. For the last three years he has been the lead security developer of the IKEA site, and has after the outsourcing of development to CAP Gemini been responsible for making sure the development team fulfils PCI DSS requirements.

John Wilander is a frontend software developer at Svenska Handelbanken, the second strongest bank in the world according to Bloomberg Markets. He has been researching and working in application security for ten years and recently organized the OWASP Browser Security sessions in Portugal, with participants from the security teams behind Chrome, Firefox, Internet Explorer, Flash, and PayPal. During his years in academia he was elected best computer science teacher twice and nowadays gives 5-10 professional talks per year.

John Yeo is the Director of Trustwave SpiderLabs for Europe, the Middle East and Africa (EMEA). SpiderLabs is the global, advanced technical security services team within Trustwave responsible for Security Analysis and Penetration Testing, Incident Response and Investigation, Research & Development.

At Trustwave John is responsible for the SpiderLabs EMEA operation. He has extensive professional information security expertise with a particular focus on application/network security programs and enterprise class penetration testing service delivery. He has run and managed multiple outsourced global security assessment programs for large enterprises. Prior to his management roles, John delivered technical security consultancy and led security testing assessments of major IT programs within both government and the private sector. He has a particular interest in dealing with the complexities of technical security objectives within the financial services sector.

John is an experienced and regular speaker at industry events, having spoken at events such as RSA Europe, Infosec Europe, the Merchant Risk Council, MasterCard Academy of Risk Management, and various PCI events across Europe. He is often invited to speak at closed-door security working groups and workshops on data security; sharing insights on the ever evolving threat landscape.