Skip to the main content.
Contact
Contact
Facebook Instagram Linkedin X YouTube Medium

David Gamey

Principal Security Consultant & Researcher at Control Gap Inc.

David Gamey

Principal Security Consultant & Researcher at Control Gap Inc.

13 min read

The Art of Reading a PCI Attestation of Compliance (AoC)

PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...

Read More >

2 min read

Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More >

6 min read

PCI DSS v4 is Coming – What Can You Rely On

PCI DSS v4.0 is coming and will bring big changes. The exact nature of the changes aren’t yet available as the standard is still evolving under the...

Read More >

4 min read

8-Digit BINs and the Great PCI Truncation Reset

Visa, MasterCard, Discover, JCB, and Union Pay hit ‘reset’ on the PCI DSS truncation rules in December 2021 and January 2022 providing an unexpected...

Read More >

2 min read

Non-Compliance Lesson No. 3: Don't upgrade or patch your old stuff

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful....

Read More >

2 min read

Non-Compliance Lesson No. 2: Outsource your payments/security and don't read the fine print

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful....

Read More >

1 min read

Non-Compliance Lesson No. 1: Wait until your assessment to validate scope

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More >

11 min read

Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse

According to some, quantum cryptography will revolutionize cryptography, kill our current ciphers, and reveal all our secrets. But if you're a risk...

Read More >

5 min read

Why Organizations Need to Become Crypto-Agile and What that Means

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and...

Read More >
1 2 3 4 5 Next