After much deliberating, and finally succumbing to twitter I've finally decided to start a blog.
The purpose of this is really to help answer or to start discussion on the question I get asked most often. "How do we make it compliant?" - As an information security consultant, IT security auditor and a PCI-QSA I must hear this question on a daily basis. So I thought I'd start to post some of the thoughts, conversations and various other info I have for the benefit of who-ever is listening.
A few words of warning, I'll probably rant, I'll probably go off at tangents and I'll probably not give you all the answers. That being said I'll certainly try to keep this as useful as possible.