The 2022 PCI Community was in person for the first time in three years.
As a reminder PCI v4 is not required until March 2024, with some “Future Dated” requirements not required until March 2025. Time flies though, so ensure you use 2023 to at least understand what impact the new PCI v4 may have on your organization.
After 3-years of the conference being exclusively virtual, the 2022 PCI Community Meeting was in person and took place in the beautiful city of Toronto. It was an exciting opportunity to finally connect with payment professionals around the globe face to face and discuss the recently released PCI v4 and emerging threats seen in the payment landscape.
- Sub-resource Integrity (SRI)
- Content Security Policy (CSP)
- Third Party Tooling
These methods could each be blog posts unto themselves we would like to cover in the future; however, for now let’s cover all three at a high level.
Sub-resource Integrity (SRI)
Content Security Policy (CSP)
Third Party Tooling
Carl specializes in designing and implementing Cybersecurity programs that incorporate risk reduction strategies aligned to industry standards while minimizing business operational disruptions.
Carl has acted as the interim CISO for multiple healthcare organizations, in which responsibilities include developing cybersecurity strategies that incorporate Key Performance Indicators (KPI), overseeing and executing the implementation of cybersecurity tooling, and managing the day to day operations and personnel of the team.
Carl is a subject matter expert in Payment Card Industry Data Security Standards (PCI DSS). Carl has performed multiple cybersecurity risk assessments against industry leading frameworks including NIST CSF, ISO 27001, PCI DSS, and FFIEC.
Carl regularly presents to executive management to communicate cybersecurity risks and strategy. He oversees a consulting division of ~40 personnel and acts as Chief Compliance Officer for Security Risk Advisors.