<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

PHIL DORCZUK

Phil Dorczuk is a Senior Associate with Schellman & Company, LLC. Prior to joining Schellman & Company, LLC in 2013, Phil worked as a PCI DSS auditor with Coalfire Systems and a consultant at GTRI. At Coalfire, Phil specialized in PCI DSS audits and gap assessments and at GTRI specialized in Cisco network equipment installation and configuration.

Blog Feature

By: PHIL DORCZUK
February 6th, 2019

Introduction Welcome! In the upcoming series of articles (this is Part 1), I’ll be discussing some things to consider if you want to use Kubernetes to host an application that is subject to PCI DSS. I have been interested in containers for quite a while now and have recently had a lot of PCI DSS clients asking about Kubernetes. The concepts and controls in PCI DSS don't always translate well to a containerized environment which gave me the idea to write this series. The series will be split up into PCI DSS domains and I'll do my best to provide some discussion topics as well as demonstrations for each. Nothing in this series is a guarantee that you'll be compliant with PCI DSS; there are too many variables to consider. My hope is that this provides a good starting point for planning a migration onto Kubernetes.

Blog Feature

PCI

By: PHIL DORCZUK
March 22nd, 2017

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications.  It is notably different than working within traditional virtualization environments, and/or “standard” image-based cloud deployments at Amazon or Microsoft.  With that comes opportunity for deployment engineers, but also challenges for security and compliance professionals.  This post provides you with some perspective on technical architecture for Docker and specific use cases for configuring Docker containers for PCI compliance.  Where I could, I provide screenshots and examples for a test Docker environment created for this purpose.  

Blog Feature

By: PHIL DORCZUK
March 9th, 2017

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/HITECH, or ISO assessment, you already know that detailed configuration standards are a must. If you haven’t been through one of these assessments …get ready for some serious typing!

Blog Feature

Payment Card Industry (PCI) Data Security

By: PHIL DORCZUK
June 18th, 2014

Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization. However, companies that store, process, or transmit credit card transactions are required to comply with PCI's Data Security Standards (DSS). PCI DSS includes up to 13 requirements that specify the framework for a secure payment environment. The PCI requirements are prescriptive in nature and provide guidance for organizations to become secure. As a QSA, BrightLine has performed hundreds of audits. From our experience, there are five steps to follow when preparing for a PCI DSS assessment.

Blog Feature

Payment Card Industry (PCI) Data Security

By: PHIL DORCZUK
April 28th, 2014

The goal of PCI DSS is to reduce the risk of credit card breaches. That, however, is a broad statement intended to apply to any business model and security control set.