PCI-DSS personnal certification

EvilAngel

Hey all,

I have worked around the PCI-DSS (security for payment card industry).
I know companies can be certified PCI-DSS.

But is there any certification to prove that I know PCI-DSS ?
As CISSP certification that I can pass to prove that I know security.

Any idea ?

Thanks

broc

Yes there is, you need to become a QSA but to take the exam, you need to work for a organisation which is QSA accredited.

You need 5 years of IT Security experience (like the CISSP) and you need to take the training and the exam every years.

https://www.pcisecuritystandards.org/education/qsa_training.shtml

EvilAngel

THanks.
As far as I understand, this is to become an official auditor of PCI infrstructure.

My question is more about being recognized for your PCI knowledge as a PCI implementor.

broc

EvilAngel wrote: »

THanks.
As far as I understand, this is to become an official auditor of PCI infrstructure.

My question is more about being recognized for your PCI knowledge as a PCI implementor.

I'm struggling to see the difference here EvilAngel

It's the QSA auditor job to advise the client/organisation on the shortcoming of his infrastructure and the give him different remediation solutions.

As far as implementation is concerned after that, that will be the job of the firewall, network security, physical security, ... engineer. Any good security engineer will be able to follow the design or advise given by the auditor to secure his network.

PCI DSS is a standard, a set of guidelines but not an implementation guide, there is many different ways to achieve compliance and no one-fit-all implementation solution.

GAngel

I'm actually working on a project for our government starting next month that's PCI related. All they wanted to know is if I had CISSP and what was my background in PCI and Info Sec.

But this job is more along the policy and procedures line.