SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm starting a journey to become a PCI Professional (PCIP), and I'll be periodically updating the status of this journey on the 7MS forums.

You don't need to be a QSA to get a PCIP, but you do need "2 years in IT or payments related background to have your application approved."

The PCIP certification gives you (and I'm quoting from the PCI Web site):

  • Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
  • Understanding of PCI DSS requirements and intent
  • Overview of basic payment industry terminology
  • Understanding the transaction flow
  • Implementing a risk-based prioritized approach
  • Appropriate uses of compensating controls
  • Working with third-parties and service providers
  • How and when to use Self-Assessment Questionnaires (SAQs)
  • Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud)

The test costs + exam for a non-participating organization (like 7MS) is $2,500. You also have to re-up every 3 years for $260 (yay, another thing to have to pay for regularly).

In the miscellany department:

  • Do you know someone who would enjoy a live 3-song acoustic concert? Check out my family's new ministry, Q.U.A.C.K. - Quarantined Unplugged Acoustic Concerts of Kindness.

  • A Webinar on creating kick-butt cred-capturing phishing portals is happening on Tuesday, April 14! Register here!