PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa. These organizations are still on the PCI SSC’s executive committee. However, there is also a board of advisors from organizations such as Amazon, Citigroup, Microsoft, PayPal, Square, Starbucks, Wells Fargo, etc.
In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates. However, it seems that exams are not on specific dates anymore but within 3 specific testing windows throughout the year. I am still surprised by the number of comments I received on this post and I wanted to do an update with some recurrent questions.
Update: I published a new post with the most frequently asked questions on this post.
Back in the summer 2013, I was interested to pass the CISA exam even if could not obtain the certification without experience. This was a way for me to demonstrate my interest in IT audit to future potential employers. I thought that I could have done the exam in December 2013, but I wasn’t enough sure that I was ready to pass the exam and considering the cost, I preferred to wait until the next date.