PCI

This project focused on closing gaps in the company’s Payment Card Industry (PCI) compliance before a scheduled audit for a telephony-based product where customers can configure sending entered digits to a third-party payment processor. I led the architectural design and rollout of security enhancements across voice and contact-center systems—implementing robust encryption, stronger access controls, and network segmentation. By isolating voice traffic behind proxy servers and deploying dedicated management systems in a segmented PCI environment, the team remediated all critical findings ahead of schedule. The resulting audit produced zero major findings and ensured that sensitive client data is handled securely. Key contributions Designed the Active Directory structure for the project. Architected outgoing HTTPS traffic flow to be limited and compliant with PCI requirements. Led the implementation of network segmentation and proxy servers to isolate sensitive traffic. Developed and enforced access control policies, including 2FA and restricted access to the PCI environment. Coordinated with application teams to ensure full-path encryption (TLS, SRTP, Secure-SIP) for all relevant communications. Established procedures for secure OS and application updates within the restricted environment. Collaborated with the Security Team and external auditors to validate all remediation measures and achieve PCI-DSS compliance. Highlights All requirements were aligned with Protecting Telephone-Based Payment Card Data v3.0 by the PCI Security Standards Council. Ensured every possible call path between caller and payment processor was fully compliant, eliminating any non-compliant routes. Built an isolated environment with strict access controls, including enforced 2FA and least-privilege principles. Developed a secure and auditable process for OS and application updates, accommodating PCI restrictions and minimizing downtime. Achieved zero major findings in the PCI-DSS audit, demonstrating the effectiveness of the remediation approach. Implementation Conducted a comprehensive design and architecture phase, mapping all data flows and identifying compliance gaps. Built a pre-production environment that mirrored production, enabling thorough validation of TLS, SRTP, and Secure-SIP across all applications and integrations. Deployed a fully isolated production environment with enforced 2FA, implemented the validated design, and integrated with common infrastructure while maintaining PCI boundaries. Established continuous monitoring and alerting for compliance-related events and access attempts. Coordinated with the Security Team and auditors to review, test, and approve all remediation steps, ensuring readiness for the PCI-DSS audit.