News

PCI SSC program aims to increase ranks of qualified security assessors

January 19, 2018

The PCI Security Standards Council is accepting applications for its new Associate Qualified Security Assessor program. According to a press release, the initiative aims to attract cybersecurity talent to the payment card industry and ensure the quality of QSA services for merchants and service providers.

QSA companies are certified by the PCI SSC to perform on-site assessments of a company's PCI Data Security Standard compliance. The AQSA program helps QSA providers to develop cybersecurity professionals as QSAs under the guidance of an experienced mentor.

"An overall shortage of cybersecurity talent is making it difficult for QSA companies to find suitable new assessors," Mauro Lance, chief operating officer at PCI SSC, said in the release. "As a result, assessors are increasingly expensive to hire and retain, driving assessment costs up for merchants that rely on their services.

"The Associate QSA Program provides a professional track for new entrants to join the industry and gain experience to qualify as a QSA, easing the resource constraints for QSA Companies, and ensuring high quality QSA services are available for merchants and service providers into the future."

Prerequisites for the program include employment by a QSA company under the supervision of an experienced QSA mentor; a college or university degree in an IT or security-related field; or two years' experience in IT or security.

To become an Associate QSA, applicants must complete an online PCI fundamentals course and an instructor-led training course, and pass an exam. Upon certification, they will be listed on the PCI SSC website.

Additional information about the program is available on the PCI SSC website.