I've recently returned from a work trip which included my first ever visits to the Philippines and India. The purpose of the trip was to carry out a PCI DSS audit for one of my clients. As is the way these days my client has outsourced their call centre to a company in Manila, and have also outsourced some application support to another company in New Delhi, India. The thing about PCI DSS is that if you outsource work, you can only be validated as compliant if your service providers are also compliant, which is what I had to check.

For a change I wasn't traveling on my own this time. Brad from my client's security team came along with me. It actually worked out quite well as he, like me, likes a beer (or two) so we got on great. The only problem was he's an Arsenal fan ;-)

We left Brisbane on the Monday morning and flew to Singapore. We had a couple of hours at Singapore Airport and then flew to Manila. Singapore Airport has got to be one of the best airports in the world. With free wi-fi and xbox 360 the time can really fly!

The first thing I noticed about Manila was the traffic. It's by no means the first country I've visited where traffic laws seem to be non-existant but it was still a sight to behold. Talk about everyone for themselves. Surely if someone just sat the country down and explained to them that if they only followed a few basic rules of the road they would all get to their destination a lot quicker.

The second thing I noticed was the security. As well as seeing police on every corner I was surprised to find that to enter our hotel, the Holiday Inn, we had to pass through a metal detector. It wasn't just our hotel it was like that everywhere. Not just the hotels but the Malls as well. And boy are there a lot of malls! As well as the metal detectors pretty much all of the shops had guards on the door, many of them armed. It was a bit disconcerting walking into Starbucks with two armed guards on the door.

I really wasn't expecting that level of security everywhere. After all the Philippines is predominantly a Catholic country so hasn't had the problems that other countries in the region have had such as Indonesia. I questioned one of our contacts in Minala about the situation and he just answered "Well, it's an election year". Reading up on it now I see that the Philippines has had a history of trouble with militant groups so the heavy security everywhere is an effort by the Government to remove this threat. The policy seems to be working.

Work-wise the Manila visit ended up being a waste of time. The first thing I have to do when I start an audit is to properly define the scope. The scope for a PCI DSS audit in simple terms is any system that processes, stores or transmits cardholder data. However, it's not quite that simple. What many of my clients have trouble understanding is that I may have to include other systems within the scope of my audit that have nothing to do with processing credit card data, if those systems have not been completely separated, at a network level, from the systems that are in-scope. It's got to be proper network segmentation which usually means using a firewall to control traffic between networks and network segments. As an auditor I can't just take their word for it, I have to do a physical inspection of the network and firewall configuration to verify that they have indeed separated their cardholder data systems from the rest.

So this is usually the first thing that I check. This sets the scope for the rest of the audit. If everything's properly segregated then I may only have to look at a couple of systems. But if they haven't implemented network segmentation then their whole network could be in-scope and I could choose to sample as many systems as I like. When it comes to sampling it all depends on what confidence I can get that they've secured their systems in a standardised way to the same level. For instance, if they've got 50 PC's that they all build with an identical image and they apply the exact same security to all 50 and the users haven't got rights to change any of the settings, they I may only need to sample one PC. On the sample principle, if they build all their PC's, servers, routers, etc independently with different settings then I may need to choose a large sample.

I always try and warn clients about the rules regarding scoping and sampling as I often end up having a battle when I tell them I need to audit a system that has nothing to do with processing credit card data.

Anyway... The reason the Manila visit ended up being a waste of time was because their security team at their US headquarters had a problem with me looking at their firewall and servers. Not sure what they had to hide. They had plenty of advance notice of our visit so I really don't know why the issue couldn't have been sorted out before I arrived. We spent two days waiting while the local Managers in Manila tried to negotiate with the team in the US to allow me access. We even put our flight out back 24 hours to give them more time but in the end it still wasn't sorted out. I did what I could so the trip wasn't a complete waste of time. I audited some areas which I knew would definitely be in scope whether I looked at the firewall or not. But in the end no firewall access means I couldn't determine the scope which meant I couldn't complete the audit.

In the mean-time while this was all going on we had a couple of cracking nights out in Manila. The nightlife there really is quality.

The first night we just went out to a local restaurant called the Banana Leaf, where, as the name suggests, you eat your meal off a banana leaf. After that we went to a local bar which had had some live entertainment. After a band, a group of women calling themselves the Mucho Girls came on. They were like a Filipino version of the Pussycat Dolls. And you know what, they were really good!

The second night we had out in Manila we went to the Hard Rock Cafe. This is a bit of a thing for me going back to my Navy days. Whenever we were in a major city around the world we always headed for the Hard Rock Cafe. Don't ask me why.

Unlike most Hard Rock Cafe's I've been in around the world this one wasn't full of shit-faced sailors. What it was full of was middle aged and older men, mainly Americans, with young Filipino girls that they had purchased for the evening/day/week, or in one case according to a guy Brad talked to, 3 weeks. It was all a bit sad really. We were just happy to play pool.

There was one thing about Manila, and the Manila Hard Rock Cafe was representative of this, that set it apart from all the other places I've visited in the world - namely the amount of staff. Being the 12th most populated country in the world there are a lot of people, and in Manila they seem to go out of their way to give as many people as possible jobs. Unnecessarily so in many cases.

Wherever you go in Manila there seems to be more staff on than really necessary. You go into a shop and there's often more staff than customers. In hotels and office buildings there seems to be a porter in every lift. In the office buildings I visited there were not only guards on the building reception but there were also guards on the entrance doors to every floor. Now this makes for great customer service. Sometimes it can be a little annoying though, like in the shops when you're browsing (the exchange rate makes Manila a great place to shop) and the staff, thinking they're being attentive, follow you around everywhere and stand at your side when you're looking at stuff. If you reach to take an item of clothing off a rack, for instance, they'll try and beat you to it so that their customers don't have to go through the indignity of having to take clothes off of a rack themselves. It's all very bizarre. They must be the friendliest people in the world though. You lose count when walking through a mall of how many times you hear "Hi Sir", "Hello Sir", "Good Morning Sir".

In the case of the Hard Rock Cafe, this over-staffing issue resulted in us having our very own guy to look after our pool table. We didn't ask for him he was just assigned to us as soon as we started playing pool. He'd rack the table for us. If the white went down he'd retrieve it for us and replace it on the table (I was slightly disappointed he wasn't wearing a white glove and didn't inspect and dust the ball each time before replacing it), and each time we needed a drink he'd happily go off to the bar to fetch us another. This was all to easy. All, I should say, for less than $1 AU a game.

About 12 pints later when we realised we were struggling to hit a ball straight we went through to the other room to have a meal and watch the band.

When we were playing pool there was this great band on TV. They were doing cover versions of Black Eyed Peas songs and other recent hits. They were that good that at first before glancing at the TV I didn't realise that they were a cover band. It took me ever longer to realise that the band on TV were in fact playing in the room next door. I'm a bit slow on the take-up these days.

So we went through and had something to eat. The band went off and then who should come on stage... none other than Manila's very own Mucho Girls. They were following us!

The next day I felt very ill. Before you think it was really unprofessional of me going out drinking when I'm working the next day, in my defence we didn't have to start work until the afternoon. None of the staff were available to speak to me before the afternoon. I think they must be working on US time or something to align with their US counterparts but they started work in the afternoon and worked through until really late.

At first I thought I just had an hangover. I had stomach cramps and the runs and just presumed it was something to do with the lake of beer I had consumed the night before. When I was still the same 24 hours later I realised it probably wasn't the cause of the beer. I was ill for the rest of the trip and then some.

We left Manila on the Friday and headed to Singapore for the weekend. The client very nicely put us up in Singapore for the weekend so we could fly straight to India ready for Monday.

As soon as I got the hotel I went straight to bed as I felt awful. I still had stomach cramps but then I started to get cold sweats. I couldn't get warm. I had the air-con turned off (it was over 30 degrees and 100% humidity) and the quilt doubled over on top of me but I couldn't stop shaking. I finally got off to sleep and woke up the next morning feeling a little better. Through the night I had sweated that much that the bedding looked like someone had soaked it in a bath and then crumpled it up in heap on the bed.

It was nice to have the Saturday to chill out and not do anything. I was determined to not let the side down and get myself right so I could have a night out with Brad that Saturday night.

Before the trip, on the advice of the client, I had been to the Travel Doctors to get a load of shots (6 in all) for India, and they also gave me a 'Gastro pack'. This is basically a travel pack containing anti-biotics, re-hydration tablets, etc and a travel health booklet. I took a few tablets through the day and just drank water, and come the evening I felt much better. There was no way I was going to miss a night out in Singapore.

To start the evening we did the touristy thing and headed to the Long Bar at the Raffles Hotel for a Singapore Sling. I had been to Singapore with Rach and Lauren before but having Lauren with us we never made it to the Long Bar.

I must say I'm not usually that bothered about cocktails but the Singapore Sling tastes amazing. We had two of them, although when we got the bill we had a bit of a shock. $24 each, i.e. per cocktail!

We then took a rickshaw down to the Riverside - Clarke Quay and Boat Quay, where there's a large collection of riverside restaurants and bars. The poor guy sure worked for his money cycling with us two on the back. He had a right sweat on by the time we arrived. He also tried to charge us a fortune for the privilege. We haggled him down to a reasonable price but it still would have been cheaper getting a taxi. We also looked like a gay couple on the back of the rickshaw being given a guided tour of Singapore!

We started off at a pub and watched a bit of Premier League footie, and then chose a Japanese restaurant to get some scran. The food was great but I couldn't eat that much as I still felt like I'd been kicked in the stomach.

In hindsight drinking alcohol while I was still clearly ill and after taking anti-biotics wasn't a good idea. The next day the runs had returned.

We had an early evening flight to India on the Sunday so went for a whistle-stop tour of Singapore on Sunday afternoon to take a few pics.

I really like Singapore. It's not as cheap as the Philippines, Thailand or other parts of South East Asia but you also don't get any of the traffic chaos and you don't risk damaging your digestive system when you go for a meal. In fact, they drive better in Singapore than they do in Brisbane. It's all very civilized. The strict health and safety laws in Singapore also means that all of the restaurants and other food retailers must display a health certificate grading it from A to D.

It was a little bit different to New Delhi, that's for sure.

It was my first time in India - my only prior knowledge of India mainly from watching Slumdog Millionaire. I know Slumdog Millionaire was mainly set in Mumbai but that film made it look like paradise compared to what I saw.

Immediately from arriving at the Ghandi International Airport I knew we'd be in for a culture shock.

We had been assigned a driver by the company we were visiting so on exiting the Arrivals lounge we looked for our names amongst the huge group of signs being held up by other drivers. We slowly walked past them all but couldn't see our names. We hung about outside for a while figuring he might be running late and every now and again went and walked the line of drivers holding signs to check we hadn't missed ours.

We thought about just getting a taxi but when I went to try and find the taxi rank all I could find was mini-cab drivers. I couldn't find any official taxis or even taxi rank like you get in most city airports.

After a while a couple of Indian guys approached me and asked if I needed help saying they had noticed that we'd been waiting ages. Obviously I was a bit wary of a couple of strangers approaching me out of the blue for no good reason and held on tight to my luggage. Well, you hear stories don't you! They were actually really friendly. They told me they were Australians and advised me never to get one of the mini-cabs as you never know where you might end up. They also told me that our driver might be waiting for us at the other exit. What! There are two exits! I couldn't believe it. We had been waiting about an hour by that time without realising that there was a second exit. It was also well past midnight.

We toddled off to the other exit and sure enough our driver was there holding the sign. He didn't look very happy. We realised later in the trip that that was just his face. As we approached him he put his hand out so I reached my hand out to shake his hand but what he was actually doing was reaching out to take my bags. I did feel like an idiot!

It took nearly an hour to get to our Hotel which was in Noida, an industrial and business area north of New Delhi, chosen for the proximity to the company I was visiting. As it was dark I couldn't really see much of our surroundings.

We stayed at the Park Plaza Hotel in Noida. The hotel was really nice, as nice as any I have stayed in. I can't quite say the same about the location though.

When we arrived at the airport the first thing I noticed was that the visibility in the terminal didn't seem quite right. It seemed really smoky. I couldn't really smell smoke but there was definitely something in the air. I presumed it was just smog that had infiltrated the airport terminal. Again when we got to the hotel the hotel also seemed to be full of smog. This time it did smell more like smoke though.

The next morning I woke up and opened the curtains to get my first proper glimpse of India and the result was nothing. Zero visibility. It was like a thick cloud had descended and smothered the entire city. I presumed this was really bad smog. With a population of 12 million in New Delhi I was half expecting it.

I was wrong. Later in the day it started to clear, and I spoke to our hosts who told us that it was fog. It happens every year in that region of India about the same time. The smoky smell I was getting in the hotel was just due to the fact that it's not a non-smoking hotel. They don't even have any non-smoking rooms. Every morning that week there was zero visibility until the fog cleared later in the day. It's a good job we had evening flights as all planes were grounded in the morning.

When the fog eventually cleared this is what I saw out of my hotel window:


Not exactly the Taj Mahal.

Although the hotel was luxury it was quite a shock to find it was situated smack bang in the middle of a residential area.

As we left the hotel to head to the office the sights and sounds were overwhelming.

On the sides of every road were tents and corrugated iron shelters housing people. Many of these were across the road from relatively wealthy homes. The contrast between rich and poor living side-by-side was startling. People seem to do everything at the side of the road. They live at the side of the road, eat, sell goods and inevitably shit and piss at the side of the road. We lost count of the amount of people we saw happily taking a piss at the side of the road.

Besides the road-side dwellings there were also plenty of slums that seemed to sprawl all over the landscape.

The roads were also an experience. We thought Manila was bad but that was nothing compared to India. At least Manila had things like traffic lights, even if most people ignore them.

The roads were full of potholes and no one stuck to a lane. In most cases there weren't any proper lanes. The traffic pretty much crawled everywhere. Every now and then we'd get going and then we'd suddenly have to stop for a cow in the middle of the road. Every time we did stop we'd get old ladies or kids, no older than Lauren, running out tapping on the car windows begging.

I really felt awful. I wasn't sure whether I should give something to them or not. The driver made a point each time we left the hotel or office of immediately using the central locking to lock all the doors and made sure all the windows were fully up. Much like Manila, security in Delhi is taken very seriously. I couldn't help feeling guilty all the time I was there. Seeing all that poverty really puts things into perspective. In Britain and Australia people moan about being poor but even the poor have a proper roof above their head and get at least 2000 calories a day. The poor in Britain and Australia just have to shop at Netto (just kidding).

So was this a life-changing experience making me want to give up my capitalist materialistic ways? Maybe for a couple of days... and then I saw the Apple iPad announcement!

Throughout our trip there were regular power cuts. Both at the hotel and office there were regular power interruptions. The office had their server room on a UPS (Uninterruptible Power Supply) as is normal for most companies, but they didn't extend this to the office environment. I'm surprised half of the equipment isn't fried. We had a morning of repeated power cuts in Brissie a few weeks ago which has resulted in knackering our fridge/freezer and our DVD player.

On our first evening in India our hosts took us out for a meal. We went to a place called the Kebab Factory. My stomach was still in a precarious state but when in Rome and all that. I could hardly go to India and not have an Indian meal. There are two choices on the menu at the Kebab Factory - Vegetarian and Non-Vegetarian. Being a carnivore I chose none-veggie. The way it works is they bring you out a starter to try, and then another one, and then another one, and so on until you're about 20% past full, and then they start on the main courses. Pretty much everything was spicy, ranging from warm and tingly to Nuclear.

It wasn't even my first curry of the day. When it came to Lunch at the office I was auditing, our hosts led us into a room where a chef had prepared a small curry banquet just for us.

Normally I would love this. I do like a good curry but by this time I'd already had a good 4 days of running to the toilet. I ate it, I didn't want to offend our hosts after all, but with every mouth-full I was dreading the impending explosion in my bowels.

The curries in India are not like the ones I used to eat in the UK. Some of the curry houses in Australia are a bit closer to the real thing. The main difference seems to be the sauces. They don't use so much of the thick gravy sauces like you get with the traditional British curry.

On our second day in India (Tuesday) we had a day off due to it being Republic Day. Incidentally it was also Australia Day; a public holiday for pretty much the same reason (independence from the colonial masters).

We was hoping that we might be able to make it into Delhi for the parades. We had no chance though. The security was really tight. We would have needed to have booked tickets week in advance. We couldn't get anywhere near the centre of Delhi due to the security. All the news channels and papers were speculating about the possibility of a terrorist attack.

I watched some of the parades on TV. For the most part it was a parade of their Armed Forces. Much like the old Soviet Union and China, they like to parade their ballistic nuclear missiles down the road.

Instead of going to the parade our driver took us to the Mall. When we got there it was pretty much empty, most people were probably still at home watching the parades. That soon changed in the afternoon. It was heaving!

We did some shopping and had some lunch. The malls in Manila and India are just as good as you get in any western country, but the prices are amazing. It just goes to show how cheap they can make the goods for and how much markup we have to pay in Australia.

When we left the mall a few hours later we expected we'd have to ring our driver to come and pick us up. We had him mobile number. But no, when we exited the mall we found that he was still sat there patiently waiting for us. He'd been there all the time. Poor sod. It was great having our own driver the whole time we were there so we made sure we gave him a good tip at the end of the stay.

The hospitality we received in India was faultless. Both the company and the hotel we stayed in even went as far as giving us gift-wrapped gifts when we left.

In the end, the India visit also seemed to be a bit of a waste of time as well. As I discovered, the only reason they are in scope is because they have the ability to access a table in a database which contains card numbers. They have no reason whatsoever to access that table. Once my client sorts out the table by rendering the card numbers unreadable (e.g. encryption or truncation) as they must do to be PCI compliant, and then remove access to the table, then the Indian company will not need to be audited.

The flight back from India was quite a trip. To save a bit of money my client had us returning via Dubai and then Singapore with Emirates, rather than going straight back via Singapore with Singapore Airlines, who we flew with on our outbound trip. All in all the travelling time was 24 hours (with a 4 hour stop in Dubai and 2 hours in Singapore). To make it worse it was a night flight from India to Dubai so we'd already been up all day. By the time I got home we'd been up for 48 hours and i'd spent most of the journey burning up and feeling like shit. I was worried that when we got to Brissie they might have the SARS scanners in place looking for people with fevers and I might get quarantined. In my own town!

It looks like I may be going back to Manila again quite soon. I don't think I'll need to go back to New Delhi. I loved Manila and Singapore but New Delhi was probably not the best introduction to India. The people are lovely but I'm not sure I'd want to holiday there. Saying that we didn't really get too see that much of the city. We didn't even see any of the final preparations for the Commonwealth Games.

That two weeks was the longest I've ever spent away from Rach and Lauren. I love traveling and I'm grateful for the opportunities that my job brings. But it is nice to get home again.

More trip photo's on Flickr (I've made the pics Public so no need to log in).