New Training and Certification Program to Attract Cybersecurity Talent to the Payment Card Industry and Ensure High-Quality Assessor Services for Merchants
WAKEFIELD, Mass., 18 January 2018 — As cybercriminals continue to target payment data, cybersecurity skills are critically important to the payment card industry. Today the PCI Security Standards Council (PCI SSC) announced it is now accepting applications for the new Associate Qualified Security Assessor (AQSA) Program, an initiative aimed at attracting cybersecurity talent to the payment card industry to ensure the sustainability and quality of QSA services for merchants and service providers.
QSA Companies are data security firms certified by the PCI SSC to perform on-site assessments of a company’s PCI Data Security Standard (PCI DSS) compliance to ensure that robust policies and procedures are in place to safeguard payment data against cyberattacks. The AQSA Program provides QSA Companies a path for bringing in new cybersecurity professionals and developing them into full QSAs under the guidance of an experienced mentor.
“An overall shortage of cybersecurity talent is making it difficult for QSA Companies to find suitable new assessors. As a result, assessors are increasingly expensive to hire and retain, driving assessment costs up for merchants that rely on their services,” said PCI SSC Chief Operating Officer Mauro Lance. “The Associate QSA Program provides a professional track for new entrants to join the industry and gain experience to qualify as a QSA, easing the resource constraints for QSA Companies, and ensuring high quality QSA services are available for merchants and service providers into the future.”
QSA Companies are invited to review the QSA Qualification Requirements and submit applications for eligible employees via the PCI SSC website. In addition to being employed by a QSA Company and working under the supervision of an experienced QSA mentor, Associate QSA pre-requisites include a college or university degree in an IT or security-related field, or two years’ experience in IT or security. Successful applicants will need to complete the online pre-requisite PCI Fundamentals course, attend an instructor-led training, and pass an exam before becoming an Associate QSA. Upon certification, they will be listed on the PCI SSC website.
For additional information on the program and application requirements, view the Associate QSA Program FAQ and the Associate QSA Program overview on the PCI SSC website.
“As one of the largest QSAs in Europe NCC Group is pleased to have been involved in the development of the Associate QSA program. We believe it will provide a route to develop junior staff effectively, and we look forward to joining the program once it is launched,” said NCC Group Principal Consultant and AQSA Task Force member Jake Eliasz.
“The AQSA program enables QSA companies to provide greater support and guidance to our rapidly expanding global community of merchants and service providers handling payment card data,” stated Michael Aminzade, vice president of global compliance and risk services at Trustwave and member of the AQSA Task Force. “Trustwave is honored to have participated in the Task Force to create
this significant program, and we look forward to enrolling some of the newly developed talent into our own organization.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.