The Byte Stops Here

Ok, so we're doing e-Commerce, and obviously we want our managed hosting environment to be PCI Compliant. For all the hoopla around PCI Compliance, I only found like a dozen or so hosts with PCI Compliance certification for creating, managing, and maintaining a PCI compliant environment. Given that 90%+ or more provide some sort of shopping cart/e-commerce lite functionality, this is pretty scary. And the more I dig in to this, the more scarier it becomes. Let's face, your data is not secure. And those who are meeting PCI Compliance, have yet to meet the latest requirement, section 6.6 of the PCI DSS.

There are some hosts who even say they are PCI Compliant and advertise that, but they are NOT. What they mean, is that their own operations are PCI Compliant, but their hosting environment are not. Others say, you know what, this could mean a lot of things, referring to the vague and unclear PCI guidelines, which makes it even worse.

As a result, I'm doing a presentation internally on PCI DSS, and clearing some of the FUD surrounding it. Its a matter of how close can you get to being certified when pursuing the self-certification path. When you hire one expert, they will tell you something different from the 2nd, so the smart thing to do is to be tech-savvy, think like a hacker, and start doing a GAP analysis to see what and how you can slowly move towards compliance, given your budget constraints.

Anyone interested in me posting a primer on PCI Compliance that clears some of the FUD?

Previously, I was Architect and Principal Engineer at my workplace. As of late last week, I've been promoted to Architect and Manager of the Software Engineering department, now overseeing the full development lifecycle, including Business Analysis, Project Management, Development, and QA (besides IT/Admin rights).

Its tough enough being a CF developer building a full SaaS product suite (using ColdFusion of course), pushing OO RAD to the limit, and using strong software engineering principles adapted to the web (which puts in me unique place compared to other CF folks), but having product development experience is itself an art, and try to top that off with budgetary, increased HR, department goal setting, increased inter-department coordination and management functions, and your plate is overflowing (along with your brain).

Fortunately, the management stuff is all stuff I've done in past roles. And having two degrees in business helps.

But the question I'm presenting you guys with is how you handle being promoted? Do you take charge right away, do make changes? How does your relationship with your peers get affected? Are they like, "finally", or are there issues that completely change the dynamic of things? Are you shy (taught and trained by dear mom to be humble always) like me?

I'd like to know how you handle it, what issues you deal with, and any tips you'd like to share. Now that I'm blogging, and with my background in Human Resources, I'm curious!