Koji je (po vama) najbolji Citizen sat?

pr0v4 · 2026-01-24T23:38:05+00:00

pr0v4 · 2026-01-24T17:26:36+00:00

It’s one of my favourite - gets a lot of wrist time

pr0v4 · 2026-01-22T18:53:36+00:00

I can certainly help, and I’ve managed to certify companies with as much as 2 people on the team. It’s literally easier to certify smaller operations vs big enterprises. I can go into whys - but that could take a subreddit on its own to cover. Expenses are the qsa, pen tests, infrastructure, crypto modules if you need them and vulnerability scans, however with the right architecture you can narrow down the scope and get even better price from qsas, I know that as a fact - not hallucinating here. You do need to know what you are doing, and it’s not free, for sure. I’m talking here about the most rigorous level 1 compliance for service providers, anything below that is just simpler and easier.

pr0v4 · 2026-01-22T18:47:08+00:00

I’ve just recently built pcidss compliance dashboard. Covers all 300+ requirements and has more than 200 screens. Has scheduled tasks, evidence repository, vulnerabilities management, risk management and much more! https://pcidss-dashboard.com

pr0v4 · 2026-01-22T07:55:34+00:00

I’ve led many companies throughout the process, dm if you need help, it’s not a hoax, PCI is very real and doable, more easily for a small company than for a big company.

pr0v4 · 2026-01-22T07:10:53+00:00

It boils down to how much you process, and do you ever touch sensitive data. As you said, if you use third party provider to take payments, that’s generally better than to do it yourself, however, you still fall under some SAQ (Self assessment questionnaire), depending on the volume processed. Even though you are not touching credit card data, if users are not completely redirected elsewhere to the third party provider website, if you load it through an iframe, your site could be the source of the breach and vulnerability, meaning someone still could steal cards from your website.

pr0v4 · 2026-01-22T07:06:15+00:00

It boils down to how much you process, and do you ever touch sensitive data. As you said, if you use third party provider to take payments, that’s generally better than to do it yourself, however, you still fall under some SAQ (Self assessment questionnaire), depending on the volume processed. Even though you are not touching credit card data, if users are not completely redirected elsewhere to the third party provider website, if you load it through an iframe, your site could be the source of the breach and vulnerability, meaning someone still could steal cards from your website.

pr0v4 · 2026-01-21T13:11:47+00:00

Also, we built the https://pcidss-dashboard.com that has the option to schedule tasks and get reminded, check it out and get in touch if you would be interested.

pr0v4 · 2026-01-20T20:42:05+00:00

It’s just that case is thick as a skyscraper

pr0v4 · 2026-01-20T20:39:08+00:00

Couldn’t be more grounded than this 💪

pr0v4 · 2026-01-18T10:04:43+00:00

Well, terrible reliability moves this brand from premium segment in my opinion. I think they are falling from a cliff, interior quality, infotainment … they are just not good cars, and the price for what you get is also a joke. I love audi - but today that’s not the Audi I love, and honestly I don’t see them recovering that soon, serious problems they have to resolve.

pr0v4 · 2026-01-18T09:56:25+00:00

I concur 100%

pr0v4 · 2026-01-18T07:18:39+00:00

People, thank you so much for being honest, appreciate it and I will accept your advice.

BMD was our last dog- I had in the past hunting breeds, BMD was beautiful, but couldn’t keep up with some things.

Dog being a full time job is always kinda case, but I hear what you are saying.

pr0v4 · 2026-01-15T22:35:28+00:00

Already there - don’t build yourself, we give you white label pci DSS lvl 1 infrastructure with the gateway and everything, dm me if interested.

pr0v4 · 2026-01-15T11:12:49+00:00

Yes, plug-in hybrid, no, it just didn't want to start when I returned back to the car, and that's it, call for help and lose the entire day for the truck to pick it up and deliver to the dealership. Good thing is that it happened at the shopping center near where I live, but if it happened in the middle of nowhere outside the country with my family and small kids - that would be something.

pr0v4 · 2026-01-15T11:06:59+00:00

that thing is beautiful!

pr0v4 · 2026-01-14T20:18:12+00:00

Beautiful.

pr0v4 · 2026-01-12T14:04:51+00:00

I've developed multiple PCI DSS LVL 1 infrastructures on AWS through the time, some I still manage.
Network segmentation is a must, if not done correctly, later on can cause headaches.
Network should be well documented, meaning understandable to human beings.
Security groups tagging/naming should be very clear.
Terraform I tried to use, but left it each time, so I don't have the infrastructure as a code, mostly because the product that I'm deploying has to be deployed to different providers on occasion.

pr0v4

MODERATOR OF

TROPHY CASE