Let's make compliance fun!

If you are like most information technology and information security professionals, the idea of becoming compliant with PCI DSS or countless other regulations doesn't sound fun. It's much more common to associate compliance efforts with pain. Whether it's the pain of not knowing what to do, pain of failing your first assessment, or pain of complying without any budget, there are plenty of challenges for anyone tasked with doing this well.

We faced a challenge, to write a fun, useful, and insightful book about PCI DSS. We are committed to the challenge! We’d like to invite you, our reader, to travel with us in the hopes that when you turn the last page, you would come to realize that PCI DSS compliance can indeed be fun!

We have an active community and website over at GitHub with links to all kinds of materials to help you along your journey. Check out our GitHub Repository that supports the book for links, discussions, our Discord Server, errata, and more!

Meet the Team

Avatar Team Member

Branden Williams


Avatar Team Member

James K. Adamson


Avatar Team Member

Yousef Hamade

Technical Editor

Order PCI Compliance, 5th Edition now!


Want to know what industry experts say who have read our book? Here's just a few thoughts from people you can trust.

What's Inside

We've compiled a solid PCI DSS guide that is grounded in decades of cybersecurity and compliance experience. Our goal is to share stories, tips, and tricks from the field, and arm you with everything you need to get through PCI DSS. And maybe have a little bit of fun along the way.


See our evolving guide with community discussions and tools to help you build a sustainable PCI program.

Case Studies

Stories of PCI DSS challenges help connect the technical dots with practical advice on compliance.

All Inclusive

We cover all aspects of PCI as it relates to small and large businesses from merchants to service providers.

Let's Talk PCI DSS

We're blogging about it! If you have ideas for posts, don't hesitate to reach out and let us know. But in the meantime, here's a selection of recent posts on PCI DSS.

Article Blog Image

iFrames and PCI DSS 4.0 (including SAQ A)


PCI DSS compliance dates are fast approaching, and we are a little more than a year away from the SAQ A iFrame changes that many merchants and service providers will need to deal with. iFrames used to be the primary escape hatch that companies would use to avoid bringing vast parts of their websites into scope for PCI DSS, but this has now changed.

Article Blog Image

Get Ready for your PCI DSS 4.0 Gap Assessment


It’s that time of the year (or at least it was) when we earnestly weigh pushing tasks to next year, with a focus on what might be coming across our task lists. And perhaps you are looking at that PCI DSS 4.0 gap assessment as something to get done prior to 2024 budgeting season.

Article Blog Image

The Bob Loblaw Log Blog

Requirement 10

Logs provide an important role in the security of your environment. They are a recording what happened and a method to recreate events that led to a security incident. That’s if you capture all of them, if you protect their integrity, and if you are looking for the right things. These common pitfalls affect the ability to monitor your environment and meet PCI requirements.