I completed the PCI Professional Certification (PCIP) today. It wasn’t very difficult actually, but this is coming from a guy who has gone through more than a dozen projects for PCI-DSS for clients ranging from merchant, service provider and bank, doing gap assessments, implementation and coordinating certification with our partner QSA. So yeah, I found it OK, but that’s not to say the other guy might find it so. The questions are really taken from the PCI 12 requirements, and our understanding of it. There are a bit of PTS, P2PE and PA-DSS, but the bulk of it is really in the implementation of PCI in an organisation. It’s a good exam for someone wanting to know more of PCI and needing some good security foundation, but I’d say the QSA cert would be better. Unfortunately it’s not available for me, so PCIP it is then.

In order to be a PCIP, you need to obviously pay for the exam – right now it’s a whopping USD1390. Last year, it was just about USD995. I should have taken it, but the joys of procrastination has no end. You can have an optional training online as well, but for me, since I have been eating and drinking PCI – and also training my clients as well – USD1390 was plenty enough. Once done, we need to submit our CV to PCI-SSC for them to see whether we are….well, qualified. I don’t know what is non-qualified – do they require some sort of years of service etc? I don’t know, because they responded I was fine and time to set my exam with VUE at any exam center. This is really convenient, because I have an exam center like 5 minutes walk from my home.

So what next? We are planning to start our PCI training program next month. I noticed a lot of my clients are in need of understanding of PCI, and what better than to tie up our program with PCIP? Stay tuned!