PCI-DSS Professional (PCIP) Certification?

Jinuyr

I recent attended a web conference and heard from a PCI-DSS representative that a new certification was coming from the PCI Council called PCIP.

Has anyone heard of this or have some inside info on possible release dates, testing material (other that the PCI guidelines), etc? This certification applies to my job more than any other security or networking certification currently out on the market so becoming an early adopter for me will make a huge improvement in my career.

JDMurray

Well, a few minutes of Googling has revealed:

A trademark application for "PAYMENT CARD INDUSTRY PROFESSIONAL (PCIP)" was filed on 6/8/12 by PCI SECURITY STANDARDS COUNCIL, LLC.

The keyword "PCIP" is not recognized in the search engine at the PCI SECURITY STANDARDS COUNCIL, LLC Web site.

There's no mention (that I can find) of the PCIP cert at PCI Compliance Guide.

The PCIP name collides with the PCIP (Professional in Critical Infrastructure Protection) certification, which was formerly named the CCISP. (I can see why they changed it.)

Given all that, I think this PCIP is extremely new, unadvertised, and will have serious problems being confused with the other, well-establish PCIP cert that has nothing to do with PCI-DSS.


Have you tried emailing the PCI Security Standards Council?

ptilsen

Jinuyr wrote: »

This certification applies to my job more than any other security or networking certification currently out on the market so becoming an early adopter for me will make a huge improvement in my career.

Will your employer actually pay you more for this certification? Does it actually make achieving and maintaining compliance easier for the company? Does it do this better than an established certification such as CISSP? If so, great, but I'm immediately pessimistic that the answer to any of these questions is "yes".

Don't get me wrong, there's a lot of companies out there that need to adhere to PCI-DSS, but that doesn't mean this is going to make sense to study over the certifications that are already out there. From a career standpoint, CISSP is much more transferable than this PCIP.

Jinuyr

ptilsen wrote: »

Will your employer actually pay you more for this certification? Does it actually make achieving and maintaining compliance easier for the company? Does it do this better than an established certification such as CISSP? If so, great, but I'm immediately pessimistic that the answer to any of these questions is "yes".

Don't get me wrong, there's a lot of companies out there that need to adhere to PCI-DSS, but that doesn't mean this is going to make sense to study over the certifications that are already out there. From a career standpoint, CISSP is much more transferable than this PCIP.

I completely understand the hesitation to jump into something that's completely brand new and untested in the field, but the short answer for me is "Yes". Achieving the certification will definitely yield a positive return in my career within the organization and they have even offered to support me in paying for any classes, fees, that might come up. It was recently announced in a web conference so I haven't had much time to do a lot of research on it but contacting them directly does sound like a great next step to getting some timelines.

While I wait, I suppose I really should finish my CISSP... I just need to save up to another $1,000 for travel to Honolulu and pay for the exam. Boo for not having discounted vouchers, haha

Thanks for the help! ^_^

paul78

JDMurray wrote: »

Well, a few minutes of Googling has revealed:

Hmm, I need to take some google lessons at my local library. I kept getting hits about pre-existing condition insurance plans. The trademarkia link was interesting.

@Jinuyr - this certification when it becomes available sounds like it would be a good one. I had thought that PCI Council was only certifying organizations not actually professionals so I imagine that there would be quite a bit of interest in it. Do you currently work for a QSA or PA-QSA? You may want to start by having your company to get you qualified first.

GoodBishop

I'm at the 2012 PCI NA Conference, and I went to the PCI SSC booth - I've got the inside scoop! I'm also typing this after having 4 drinks (mmmm, sangria), so if it is not coherent, I know nothing. Nothing, I tell you!

Necessary skills/abilities - candidates must have at least 2 years of work experience in an IT or IT-related role and possess a base level of knowledge and awareness of IT, network security and architecture, and the payment industry.

Benefits - provide a starting point to launch a career in the payment industry, offers a industry credential, provides you with a competitive career advantage, etc etc

Snapshot of course content - this entry level course outlines the PCI standards and provdes a solid foundation to other PCI qualifications: principles of PCI DSS, PA DSS, PCI PTS, and PCI P2PE. Understanding PCI DSS 2.0 requirements and intent. Overview of basic payment industry terminology (heh, I almost typed terminator). Appropriate use of compensating controls. How and went to use SAQs. Recognizing how new tech effects the PCI DSS.

Pre reqs - you are strongly encouraged to familiarize yourself with the docs on the PCI website

Formate - 8 hour elearning course

Exam - Pearson Vue exam.

Qualification - individual. Recertification every two years. Unknown what that requires.

I asked, and the cost of the training was something like 96.95. Let's say a even 100. Plus the exam fee is something like 395. Let's say a even 400. So to get the cert, it is around $500.

For more info, call them or email them.

I filled out the info for them to email me. I'll talk to my boss - boss, it's good for me to get this, since I'm running the whole PCI project.

Good times. Also, the conference is very good - I'm enjoying the sessions. Very informative.

JDMurray

Thanks for the bleeding-edge info!

What kind of training do you get for $100? Just a book written by the organization?

I'm not directly involved in PCI-DSS at the moment, but it sounds like I could use this cert to get my feet wet in it. Tell them if they comped me the training/certification I could write a killer blog article on it.

GoodBishop

JDMurray wrote: »

Thanks for the bleeding-edge info!

What kind of training do you get for $100? Just a book written by the organization?

I'm not directly involved in PCI-DSS at the moment, but it sounds like I could use this cert to get my feet wet in it. Tell them if they comped me the training/certification I could write a killer blog article on it.

From what it sounds like, for a hundred bucks you get 8 hours of e-learning training online about PCI.

Heh, I'll see what I can do.

the_Grinch

PCI is actually not very difficult to do. At my previous job I was in charge of bringing one of our clients into compliance when their outside vendor determined they were not. Problem with PCI is that there are tons of companies that do it and for cheap. I interviewed with a company that was scaling back their PCI operations because they were basically losing money doing it (when you factor in the cost of being a company that is allowed to do it).

erpadmin

I'm currently involved in PCI Compliance this very second. In our case, because Oracle will not open up parts of their PeopleSoft code to ensure PeopleSoft compliance, they have advised us that many shops who take tuition via credit cards will have to go to a hosted payment model (meaning the CC information (and by extension, ACH since it has to be all or nothing) has to be hosted by an outside vendor who is PCI compliant. Our current payment processor was selected to host our payments.

I wouldn't pay $25, much less $100 for a "cert" that offers little to no value other than to say "I know what PCI-Compliance is." It's just one of those things that either you will deal with at least once in your career, or not for most IT professionals. PCI-DSS is just something to keep in mind if you work for an IT shop that deals with handling customer payments made with a credit card.

JDMurray

Requirements for the PCIP certification (PDF): Qualification Requirements For Payment Card Industry Professionals (PCIP)™

GoodBishop

JDMurray wrote: »

Tell them if they comped me the training/certification I could write a killer blog article on it.

I asked, and they said no. Sorry dude.

GoodBishop

Something interesting that they had said at the booth was that people who work with PCI all the time wanted something that stays with them. If you're a ISA or QSA, if you leave that firm, you lose the cert. This cert was created for the individual.

JDMurray

GoodBishop wrote: »

I asked, and they said no. Sorry dude.

Thanks for trying. One day I might get an email from someone in their marketing department whose job it is to get their cert noticed. Or they may just pay to have a nice article written about their cert at certmag.com.

GoodBishop

Add the PCIP to the list of certs that I have (didn't even have to take the PCIP exam... had to take something harder).

Woo hoo!!!

the_Grinch

Do they have any study materials? I've done PCI Compliance audits before, but doesn't look like they have study materials.

GoodBishop

They have a eLearning course that you can take - you can register for that from the PCI SSC webpage.

bobloblaw

What's the level of difficulty? I've seen a couple Verizon jobs that want some PCI compliance cert/experience that pay well.

GoodBishop

I have been deeply immersed in PCI for about 9 months, so the difficulty was minimal...

It might require a bit of study through the PCI DSS though if you are unfamiliar with it.

bobloblaw

Thanks.

colemic

So I was looking into this today. The cost of the exam is now $1390 (non participating organizations, $790 for participating organizations)... that's just the exam. The actual training course is $2245 non-participating, $1390 for participating orgs. Ouch!

GoodBishop

WOW! That's a huge price increase! Just wow. Yeah, it's on their site - I just checked - https://www.pcisecuritystandards.org/training/pcip_training-schedule-pricing.php

And the numbers are going up for PCIPs, I was at the latest PCI conference in September and I think they said they were over a thousand PCIPs.

Also interesting, they are now going to require CPEs for this certification.