𝐋𝐚𝐤𝐬𝐡 𝐑𝐚𝐠𝐡𝐚𝐯𝐚𝐧 · Apr 7, 2021 · 4:55 PM UTC

𝐋𝐚𝐤𝐬𝐡 𝐑𝐚𝐠𝐡𝐚𝐯𝐚𝐧

@laraghavan

7 Apr 2021

1/8 Now that the poll has closed, I'd like to disclose that I'm with the minority (No) on this one. Rationale summarized in this thread 👇 #pci #training #appsec #swsec cc: @shehackspurple @bilcorry @robertauger @cigitalgem

𝐋𝐚𝐤𝐬𝐡 𝐑𝐚𝐠𝐡𝐚𝐯𝐚𝐧

@laraghavan

31 Mar 2021

Do devs need to be trained “about” PCI compliance?

Bil Corry · Apr 7, 2021 · 7:12 PM UTC

Bil Corry · Apr 7, 2021 · 7:12 PM UTC

Bil Corry @bilcorry

7 Apr 2021

Replying to @laraghavan @shehackspurple @robertauger @cigitalgem

I agree. If the policies, processes, and tooling make compliance invisible, there isn't much to say other than follow/use/audit the policies, processes, and tooling to remain PCI compliant.

Apr 7, 2021 · 7:12 PM UTC

Gary McGraw · Apr 7, 2021 · 7:20 PM UTC

Gary McGraw @cigitalgem

7 Apr 2021

Replying to @bilcorry @laraghavan @shehackspurple @robertauger

Exactly. Build compliance in as a side effect. I recall that @abedra had to do this once...