Viviana Wesley

PCI QSA, ISO 27001 Auditor, CISM. Principal Consultant, Governance, Compliance and Engineering Services, HALOCK Security Labs

Viviana Wesley is one of the few experts on the intersection of payment card security and cybersecurity risk management. Viviana helps organizations prepare for PCI DSS compliance so that they can demonstrate reasonable security as the law defines it and serves regulators to help them evaluate the reasonableness of controls in breached organizations. Her strong technical and information security background gives Viviana a unique skillset that allows her to provide vital technical insights in how to meet regulatory requirements and effectively communicate with technical resources and executives.

Viviana has over 23 years of practical experience within information technology, with a focus on information security for the past 14+ years. Viviana has been the PCI Subject Matter Expert for HALOCK since 2012. Viviana has also been involved in developing HALOCK’s GDPR, CMMC, Privacy and Risk Management offerings for clients.

Acting as the PCI Practice Lead for HALOCK she has:

• Developed framework, project management and QA materials, mentors, and trains new QSAs and has provided PCI education to dozens of organizations. She has managed hundreds of PCI-related projects
• Been the lead PCI QSA on several of HALOCK’s enterprise level clients and several Higher Education institutions
• Develops and manages remediation programs to help compromised and non-compliant clients achieve and maintain PCI DSS compliance
• Performs hands-on reviews of environments, including documentation and evidence reviews as well as network device and server configurations and observational validations

Viviana serves as an expert witness for State Offices of Attorney General and Multidistrict Litigation matters.

Viviana is also a member of the Sedona Conference Working Group 11- Data Security and Privacy Liability, to identify and comment on trends in data security and privacy law, to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.

Viviana Wesley's Events

Advancing Payment Security: Comprehensive Strategies for Reducing PCI Scope

Date: Wednesday, September 11

Track One

Moderated by: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council

Panelists: Tony James, ISA, CISSP, CISA, C-RISC, Director of Cyber Security, Target Corporation; Eric Kitchens, Principal, Technical Governance, Toast Inc. and Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM. Principal Consultant, Governance, Compliance and Engineering Services, HALOCK Security Labs

The continuous evolution of payment security strategies aims at enhancing the protection of cardholder data and reducing the PCI scope for merchants. This panel discussion seeks to illuminate the spectrum of solutions that effectively minimize merchant exposure to cardholder data, including the established point-to-point encryption (P2PE), innovative end-to-end encryption (E2EE) solutions, and models where solution providers act as merchants. Featuring insights from a solution provider (Toast), an experienced merchant (Target), and QSAC (HALOCK Security Labs), the session will provide a holistic view of the technologies and methodologies that can lead to a significant reduction in PCI scope while maintaining or enhancing security measures.