How to get PCI DSS experience without a job

Use the cloud to your advantage and get hands on with PCI DSS

Photo by rupixen.com on Unsplash

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designed to reduce payment card fraud by increasing security controls around cardholder data

The new version of the standard came out last year and companies who deal with card data have been given a grace period by which they need to update their internal processes and controls to comply with the new requirements.

If you are interested to learn about the new requirements then check out my article here

PCI DSS sometimes gets a bad rep for being a checklist standard with companies just becoming PCI compliant to get the certificate and then reverting back once they pass.

But that is really unfair as PCI DSS is a great technical standard but companies make the mistake of looking at it as the finish goal instead of the starting point

PCI DSS jobs are also in demand especially as the 4.0 version timeline draws close but one major hurdle is how to get that experience which companies want ?

If you are not working in a PCI DSS certified company then you typically do not interact with the standard and cannot get that much-needed experience on your CV

There is one “cheat” or quick way to get PCI DSS experience and that is via the cloud as I explain below

Getting hands on with PCI DSS using AWS cloud

I am using AWS for this article as it is the most popular cloud platform.

First step would be to create an AWS Free tier account which you can do here. It allows you to get free, hands-on experience with the AWS platform, products, and services.

AWS has three types of free services as you can see below:

Source: https://aws.amazon.com/free/

A major part of PCI DSS involves detecting where cardholder data is stored in an environment and AWS gives you some awesome free services you can play around for free for a limited time

Use these services to see how to detect cardholder data within a cloud environment and put that hands on experience on your CV

Amazon Macie

Amazon Macie is described as

“a data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data”

You get a 30 day free trial of Amazon Macie with the free tier

Play around with Amazon Macie and setup jobs to detect cardholder data.

I would recommend uploading a file containing test card numbers and creating Macie jobs to detect the same

It has built in identifies that will check the same for you as you can see below:

Source: Amazon Macie

NOTE: Remember to stay within the free tier and disable Amazon Macie once you have done your tests.

Amazon Comprehend

Another cool service you get with AWS free tier is Amazon Comprehend. It is described as

“ a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text”

You get a 12 months free trial with AWS free tier for Amazon Comprehend

The truth is that card data is not just present in simple documents, excel sheets or databases but you will like emails, CRM tickets etc.

Amazon Comprehends powerful ML engine can find patterns in unstructured text and detect + redact the same.

Amazon Comprehend

NOTE: Remember to stay within the free tier and disable Amazon Comprehend once you have done your tests.

Amazon Transcribe

The last service is Amazon Transcribe which is described as a service that

“high-quality and affordable speech-to-text transcription for a wide range of use cases.”

You get 60 minutes free per month for audio files for transcribing

Call center recordings are a common use case in PCI environments especially if they are being transcribed.

Amazon Transcribe gives you the ability to redact that sensitive information as you can see below

Create an audio recording and play around with this service to see how it works

NOTE: I hope you remember by now. STAY within the free tier and disable Amazon Transcribe once you have done your tests.

Getting PCI DSS experience is not difficult

By now you have detected card data in a file, within unstructured documents and within audio recordings !

You can easily mention this on your CV to show that your knowledge of PCI DSS is not just theoretical and give you and edge over other applicants.

I hope this showed you that with a little creativity you can get PCI DSS hands on experience even without a job

Good luck on that awesome career ahead of you !

I hope you enjoyed reading this.

If you are interested in learning more about PCI DSS then do check out my recently released masterclass on the same.

Comments

[Josh Joycé]

These are some amazing tips! I definitely plan to try them out.