Many QSAs come from an auditing background and are very good at the auditing portion of PCI. To provide more customer value, focus on understanding tactical security. In talking with customers, many auditors can tell them what is wrong, but few can provide ideas or suggestions on how to become compliant. The QSAs who are security professionals first and auditors second may well set themselves apart from their competition.
This was first published in June 2007