7MS #409: PCI Professional Certification (PCIP)
7 Minute Security9 Apr 2020

7MS #409: PCI Professional Certification (PCIP)

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm starting a journey to become a PCI Professional (PCIP), and I'll be periodically updating the status of this journey on the 7MS forums.

You don't need to be a QSA to get a PCIP, but you do need "2 years in IT or payments related background to have your application approved."

The PCIP certification gives you (and I'm quoting from the PCI Web site):

  • Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
  • Understanding of PCI DSS requirements and intent
  • Overview of basic payment industry terminology
  • Understanding the transaction flow
  • Implementing a risk-based prioritized approach
  • Appropriate uses of compensating controls
  • Working with third-parties and service providers
  • How and when to use Self-Assessment Questionnaires (SAQs)
  • Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud)

The test costs + exam for a non-participating organization (like 7MS) is $2,500. You also have to re-up every 3 years for $260 (yay, another thing to have to pay for regularly).

In the miscellany department:

  • Do you know someone who would enjoy a live 3-song acoustic concert? Check out my family's new ministry, Q.U.A.C.K. - Quarantined Unplugged Acoustic Concerts of Kindness.

  • A Webinar on creating kick-butt cred-capturing phishing portals is happening on Tuesday, April 14! Register here!

Episoder(720)

7MS #424: Cyber News - Everything is Pwned Edition

7MS #424: Cyber News - Everything is Pwned Edition

Hello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include: Hackers are trying to st...

22 Jul 202033min

7MS #423: Tales of Internal Pentest Pwnage - Part 18

7MS #423: Tales of Internal Pentest Pwnage - Part 18

This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from these test...

15 Jul 202059min

7MS #422: Eating the Security Dog Food - Part 2

7MS #422: Eating the Security Dog Food - Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](https://safepass.me/?7ms422 for more details, and te...

10 Jul 202042min

7MS #421: Cyber News - Verizon DBIR Edition

7MS #421: Cyber News - Verizon DBIR Edition

Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network! I'm especially excited because to...

1 Jul 202036min

7MS #420: Tales of Internal Pentest Pwnage - Part 17

7MS #420: Tales of Internal Pentest Pwnage - Part 17

Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever. I ...

26 Jun 202044min

7MS #419: Eating the Security Dog Food

7MS #419: Eating the Security Dog Food

Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a good sec...

17 Jun 202040min

7MS #418: Securing Your Mental Health

7MS #418: Securing Your Mental Health

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

11 Jun 202044min

7MS #417: Vulnerability Scanning Tips and Tricks

7MS #417: Vulnerability Scanning Tips and Tricks

Today's episode is all about getting the most value out of your vulnerability scans, including: Why, IMHO you should only do credentialed scans Policy tweaks that will keep servers from tipping ov...

4 Jun 202043min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
fotballpodden-2
rss-gukild-johaug
lydartikler-fra-aftenposten
nokon-ma-ga
det-store-bildet
hanna-de-heldige
dine-penger-pengeradet
rss-ness
rss-espen-lee-usensurert
aftenbla-bla
e24-podden
rss-dannet-uten-piano
rss-penger-polser-og-politikk
frokostshowet-pa-p5