Good post, just one thing to point out - individuals can’t do PCI DSS audits. To be a QSA, you must be employed by a QSA company as an employee, not a freelancer.
You can, however, consult in the space - helping companies prep for their annual PCI DSS audits, implementing controls and remediations, or even assisting with a self-assessment if they are eligible.
If someone is looking to go into that niche, it’s highly recommended that they obtain the only PCI SSC certification that is portable - the PCI Professional (PCIP) certification. Along with two industry certifications, the CISSP and CISA.
Good post, just one thing to point out - individuals can’t do PCI DSS audits. To be a QSA, you must be employed by a QSA company as an employee, not a freelancer.
You can, however, consult in the space - helping companies prep for their annual PCI DSS audits, implementing controls and remediations, or even assisting with a self-assessment if they are eligible.
If someone is looking to go into that niche, it’s highly recommended that they obtain the only PCI SSC certification that is portable - the PCI Professional (PCIP) certification. Along with two industry certifications, the CISSP and CISA.
Thanks Jim ! Yes that is what I meant but should have bee more clear about the consulting part :)