7MS #409: PCI Professional Certification (PCIP)
7 Minute Security9 Huhti 2020

7MS #409: PCI Professional Certification (PCIP)

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm starting a journey to become a PCI Professional (PCIP), and I'll be periodically updating the status of this journey on the 7MS forums.

You don't need to be a QSA to get a PCIP, but you do need "2 years in IT or payments related background to have your application approved."

The PCIP certification gives you (and I'm quoting from the PCI Web site):

  • Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
  • Understanding of PCI DSS requirements and intent
  • Overview of basic payment industry terminology
  • Understanding the transaction flow
  • Implementing a risk-based prioritized approach
  • Appropriate uses of compensating controls
  • Working with third-parties and service providers
  • How and when to use Self-Assessment Questionnaires (SAQs)
  • Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud)

The test costs + exam for a non-participating organization (like 7MS) is $2,500. You also have to re-up every 3 years for $260 (yay, another thing to have to pay for regularly).

In the miscellany department:

  • Do you know someone who would enjoy a live 3-song acoustic concert? Check out my family's new ministry, Q.U.A.C.K. - Quarantined Unplugged Acoustic Concerts of Kindness.

  • A Webinar on creating kick-butt cred-capturing phishing portals is happening on Tuesday, April 14! Register here!

Jaksot(719)

7MS #463: DIY Pentest Dropbox Tips - Part 5

7MS #463: DIY Pentest Dropbox Tips - Part 5

In the last two episodes of this series (#449 and #450) we've been diving into how to not only speed up the process of spinning up a DIY pentest dropbox, but how to automate nearly the entire build pr...

14 Huhti 202137min

7MS #462: Pentesting with the Hak5 Key Croc

7MS #462: Pentesting with the Hak5 Key Croc

Today we talk through our first engagement using Hak5 Key Croc to steal and exfil data. In the past, my internal monologue when a new Hak5 toy is released sounds like this: "I certainly don't need a...

7 Huhti 202137min

7MS #461: Tales of Internal Network Pentest Pwnage - Part 26

7MS #461: Tales of Internal Network Pentest Pwnage - Part 26

OK I probably say this every time, but I'm gonna say it again: this tale of pwnage is my one of my favs - and not because of the tools/tradecraft, but because of why the company needed our help in the...

31 Maalis 202147min

7MS #460: Why I'm Throwing My UniFi Gear Into the Ocean

7MS #460: Why I'm Throwing My UniFi Gear Into the Ocean

Hey friends! Warning: this is not a "typical" 7MS episode where we try hard to deliver some level of security value. Instead, today is a big, fat, crybaby, first-world problems whine-fest about how I ...

24 Maalis 202140min

7MS #459: Cyber News - Microsoft Exchange Makes the World Cry Edition

7MS #459: Cyber News - Microsoft Exchange Makes the World Cry Edition

Happy mid-March! Our good pal Gh0sthax joins us today for another hot dish of cyber news! Stories include: Microsoft Exchange cyber attack - Hacker News has a nice what we know so far story, but thi...

17 Maalis 20211h 3min

7MS #458: Interview with Tanya Janca

7MS #458: Interview with Tanya Janca

Today we're super excited to share a featured interview with Tanya Janca of WeHackPurple! Tanya has been in software development from the moment she was of legal age to work in Canada - beginning by w...

11 Maalis 202159min

7MS #457: Tales of Internal Network Pentest Pwnage - Part 25

7MS #457: Tales of Internal Network Pentest Pwnage - Part 25

Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence: Get a cmd.exe spun up in the c...

4 Maalis 202131min

7MS #456: Certified Red Team Professional - Part 4

7MS #456: Certified Red Team Professional - Part 4

Hello friends!  Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecra...

25 Helmi 202156min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
tervo-halme
rss-podme-livebox
rss-vaalirankkurit-podcast
rss-pinnalla
aihe
otetaan-yhdet
the-ulkopolitist
rss-asiastudio
rss-ulkopoditiikkaa
rss-raha-talous-ja-politiikka
rss-girls-finish-f1rst
viisupodi
et-sa-noin-voi-sanoo-esittaa
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-vain-talouselamaa