Let's make compliance fun!


If you are like most information technology and information security professionals, the idea of becoming compliant with PCI DSS or countless other regulations doesn't sound fun. It's much more common to associate compliance efforts with pain. Whether it's the pain of not knowing what to do, pain of failing your first assessment, or pain of complying without any budget, there are plenty of challenges for anyone tasked with doing this well.

We faced a challenge, to write a fun, useful, and insightful book about PCI DSS. We are committed to the challenge! We’d like to invite you, our reader, to travel with us in the hopes that when you turn the last page, you would come to realize that PCI DSS compliance can indeed be fun!

We have an active community and website over at GitHub with links to all kinds of materials to help you along your journey. Check out our GitHub Repository that supports the book for links, discussions, our Discord Server, errata, and more!

Meet the Team


Avatar Team Member

Branden Williams

Author

Avatar Team Member

James K. Adamson

Author

Avatar Team Member

Yousef Hamade

Technical Editor

Order PCI Compliance, 5th Edition now!

Reviews


Want to know what industry experts say who have read our book? Here's just a few thoughts from people you can trust.

What's Inside


We've compiled a solid PCI DSS guide that is grounded in decades of cybersecurity and compliance experience. Our goal is to share stories, tips, and tricks from the field, and arm you with everything you need to get through PCI DSS. And maybe have a little bit of fun along the way.

Community

See our evolving guide with community discussions and tools to help you build a sustainable PCI program.

Case Studies

Stories of PCI DSS challenges help connect the technical dots with practical advice on compliance.

All Inclusive

We cover all aspects of PCI as it relates to small and large businesses from merchants to service providers.

Let's Talk PCI DSS


We're blogging about it! If you have ideas for posts, don't hesitate to reach out and let us know. But in the meantime, here's a selection of recent posts on PCI DSS.

Article Blog Image

The Bob Loblaw Log Blog

Requirement 10

Logs provide an important role in the security of your environment. They are a recording what happened and a method to recreate events that led to a security incident. That’s if you capture all of them, if you protect their integrity, and if you are looking for the right things. These common pitfalls affect the ability to monitor your environment and meet PCI requirements.

Article Blog Image

Starbucks & PCI

Alternative Payments

Chapter 19 of our book goes through a number of fun topics, including alternative payment schemes, emerging technologies, and a prediction or two on where we see things going and how you can prepare for these changes. There are a couple that we wanted to expand on here in a blog especially with respect to your obligations with PCI DSS compliance.

Article Blog Image

Truncation is a Friend

Truncation

We felt like the echos just kept getting louder in the book. You don’t have to secure what you don’t store, which means your scope is reduced with a solid truncation strategy. In fact, truncation is the next best thing to secure destruction when it comes to scope reduction and PCI DSS.