Skip to main content
Image coming soon

The Payments Cybersecurity Intern Field Manual

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Payments Cybersecurity Intern Field Manual

Walk into the SOC on day one knowing how to package control evidence, triage a card-data alert, and write findings a senior will sign.

You were hired into a payments cybersecurity team because you are smart and you learn fast. The team assumed you would pick up PCI DSS, the cardholder data environment scope, the SIEM workflow, the evidence-pack format, and the finding-writing conventions on the job. Three weeks in, you are sitting in front of a Splunk console with a folder of half-completed control narratives and you do not know which artefact actually counts as evidence.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Cybersecurity internships at payments processors share a specific shape. The work is real, the production environment is touched, the audit clock is real, and the gap between what the intern was taught in coursework and what the SOC actually does is wider than anyone admits. Coursework covered the CIA triad and a generic NIST overview. The SOC runs on PCI DSS Req 10 evidence cycles, Req 3 key-rotation attestations, internal control narratives that have to match SOC 2 Type II language, and a ticket queue that mixes real alerts with QSA follow-up questions. The intern is expected to absorb all of that by osmosis. The course turns that absorption into a structured ninety days. Each module names an artefact a payments security intern is actually handed, and walks through the steps to produce the output a senior engineer or audit lead will accept without rewrites.

What you walk away with

  • Build a PCI DSS Req 10 evidence pack from a SIEM export end to end, with the control narrative, log samples, retention proof, and review log in the format a QSA expects.
  • Triage a card-data anomaly alert and write the incident ticket in the structure a senior SOC engineer signs without rework.
  • Map a single cloud account against the cardholder data environment scope using a defensible inclusion or exclusion rationale.
  • Draft a control finding that survives review the first time, with the right artefacts attached and the right control reference cited.
  • Run a key-rotation attestation for Req 3 cryptographic key management without missing the dual-control evidence.

The 12 modules

Module 1. What an evidence pack actually is in a payments shop
A payments processor evidence pack is not a screenshot folder. It is a structured artefact set, named per control, dated, with retention proof, attestation log, and reviewer signature. This module walks through a real Req 10 evidence pack as a senior engineer assembles it, names every artefact by type, and explains why each one is there and what a QSA looks at first. The intern finishes with a checklist they can apply to any control they are handed.
Module 2. Reading the cardholder data environment scope diagram
The cardholder data environment scope is the map every payments-security task references. This module takes a real CDE scope diagram, decomposes it into the in-scope systems, the connected-to systems, and the out-of-scope-with-controls tier. The intern learns to identify which AWS account, which Kubernetes cluster, and which database flag matters for which control, and where the segmentation evidence has to live to defend the scope boundary.
Module 3. Building the PCI DSS Req 10 logging evidence pack
The senior hands the intern a folder marked Req 10 and a Friday deadline. This module walks through producing the evidence pack from a CloudWatch and Splunk export. The intern learns which log sources are in scope, how to capture retention attestation, how to demonstrate review cadence, and how to format the control narrative so the audit lead does not send it back.
Module 4. Triaging a card-data anomaly alert
The SIEM lights up with a Splunk alert on a card-data lookup pattern. The intern has to decide in fifteen minutes whether this is a false positive, a tuning issue, or a real incident. This module walks through the triage decision tree the senior SOC engineer uses, the questions to ask before escalating, and how to capture the triage notes so the eventual incident ticket is grounded in evidence rather than guesswork.
Module 5. Writing the incident ticket a senior will sign
Incident tickets in a payments SOC follow a specific structure. Trigger condition, observed artefacts, hypothesis tested, evidence captured, containment action, escalation path. This module takes a real card-data anomaly and walks through writing the ticket in the SOC lead's voice, with the specific phrases and artefact references that pass review the first time. The intern finishes with a ticket template and a worked example for each of the three most common payments-side alerts.
Module 6. Mapping a single AWS account against the CDE
The GRC manager asks the intern to confirm whether a new AWS account is in scope for PCI. This module walks through the inclusion and exclusion rationale, the segmentation evidence, the IAM trust relationships that matter, and how to write up the scoping decision so the next auditor or new joiner can re-derive it. The intern leaves able to handle the most common scope-question ticket without escalating.
Module 7. Req 3 cryptographic key management evidence
Key rotation attestations are deceptively simple to get wrong. The intern is asked to produce the Req 3.5 and Req 3.6 evidence for the payment HSM and the AWS KMS-backed keys. This module walks through capturing the dual-control evidence, the rotation cadence proof, the access list, and the attestation log. It names the three common gaps QSAs find on first-year analyst evidence packs and how to close them before the QSA arrives.
Module 8. Drafting a control finding that survives review
When a control fails or is partially effective, the finding write-up determines whether remediation gets prioritised or stalls. This module walks through writing a finding in the format the security director expects, with the control reference, the observed gap, the artefacts that prove the gap, the remediation path, and the residual risk view. The intern leaves with a finding-writing template and three worked examples drawn from real payments SOC findings.
Module 9. Reading the SOC 2 Type II control narrative and mapping it to PCI
Most payments processors run a parallel SOC 2 Type II engagement and the controls overlap heavily with PCI. The intern is asked to confirm whether a SOC 2 narrative covers a PCI requirement. This module walks through reading a SOC 2 control narrative, identifying the overlapping PCI requirement, and writing the cross-reference attestation in the form the GRC team uses. The intern leaves able to navigate both frameworks rather than treating them as separate worlds.
Module 10. QSA question-and-answer cycle survival
When the QSA arrives, the intern often gets pulled into question-and-answer follow-ups because they hold the most recent context on a specific evidence pack. This module walks through what a QSA actually asks, how to answer without volunteering scope creep, when to defer to the senior, and how to capture the QSA exchange so the follow-up artefact lands without a second round. The intern leaves prepared for their first QSA interaction without freezing.
Module 11. Working with the SIEM the way a senior does
Splunk and the equivalent SIEM tools are powerful and the intern usually learns them by random Stack Overflow searches. This module walks through the specific saved searches, dashboards, and tuning operations a payments SOC engineer relies on day to day. The intern leaves with a starter pack of saved searches, a tuning workflow for noisy alerts, and the vocabulary to participate in a tuning standup rather than just listen.
Module 12. The first ninety days plan and the ask for your next assignment
An intern who delivers a clean evidence pack, a triaged alert, a defensible scoping decision, and a survived QSA round opens the conversion-to-analyst conversation. This module walks through the deliverable cadence to aim for, the artefacts to keep in a personal portfolio, and the language to use when asking to own a control end to end. The intern leaves with a written ninety-day plan they can hand to their manager.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Module 3 maps to the Friday Req 10 evidence pack deadline the senior just put on your desk.
Module 4 and 5 map to the next SIEM alert that lands in your queue and asks for a triage decision.
Module 6 maps to the inevitable scope question about a newly provisioned AWS account.
Module 10 maps to the QSA visit on the calendar, where you will be pulled into follow-up questions.

What you get with this course

  • Twelve text-based modules in the Art of Service learning environment, each with worked examples drawn from real payments-security artefacts.
  • Downloadable templates: PCI Req 10 evidence pack skeleton, incident ticket template, finding write-up template, ninety-day intern plan.
  • Worked example evidence packs for Req 3 key rotation and Req 10 logging review.
  • The hand-built implementation playbook tailored to a payments processor scope, delivered alongside course access.
  • Thirty-day money-back guarantee.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

The twelve modules are unlocked from day one. Work through at your own cadence, typical first pass is two to three weeks at one module per evening.

The downloadable templates are usable from day one even before completing the relevant module.

Before and after

Before

Three weeks in, sitting in front of a SIEM with a folder of half-completed control narratives, unsure which artefact counts as evidence, hesitant to ask the senior the same question twice.

After

Ninety days in, owning a Req 10 evidence pack end to end, triaging the first card-data alert that lands solo, writing findings that pass review the first time, and having a written conversation on the manager's desk asking for the next assignment.

What happens if you do not address this

An intern who never quite figures out the evidence-pack format, the triage shape, and the finding-writing convention spends the internship on tasks that do not lead to a conversion offer. The senior engineer remembers who turned in a clean Req 10 pack and who turned in a folder of screenshots. Three months is short. The next intern cohort lands and the conversion conversation gets crowded.

Who it is for

A cybersecurity intern, recent intern hire, or first-year analyst at a payments processor, acquirer, issuer-processor, or merchant services platform. Sitting in a security operations function or a GRC function that supports the SOC. Holds an undergraduate computing or information security degree, has touched a SIEM in a lab, has never owned a Req 10 evidence pack end to end. Reports to a senior security engineer or a GRC manager who is too busy to teach the basics line by line.

Who this is NOT for. Not for senior security engineers who already own PCI scope. Not for compliance executives who set policy rather than build evidence. Not for general SOC analysts outside the payments sector, because the case studies, control mappings, and artefacts are payments-specific.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Roughly twenty to twenty-five hours of focused reading and template work spread across two to three weeks. Each module is forty to sixty minutes of reading plus a short template exercise. The implementation playbook is a reference artefact rather than a study item.

Why $199 is the right number

PCI DSS official documentation is comprehensive but written for QSAs and security architects, not first-year interns assembling an evidence pack on Friday. Free SANS reading-room papers cover concepts but not the artefact-by-artefact production work. Vendor SIEM training teaches the tool but not the payments-control context. This course teaches the intern-level production work the existing material assumes you already know.

FAQ

Is this an official PCI DSS certification?
No. This is a working field manual for a payments cybersecurity intern. It maps to PCI DSS requirements and uses real control language, but it is not a QSA credential. The intent is to make you effective in the SOC, not to certify you.
Do I need access to a real SIEM to follow the modules?
No. The worked examples use anonymised Splunk and CloudWatch exports included with the course. If you have access to your employer's SIEM you can replay the modules against real data, but the course stands on its own.
How tailored is the implementation playbook?
The implementation playbook is hand-built against a payments processor scope after purchase, sized to a cybersecurity intern's first ninety days, and delivered alongside course access. It is not a generic PDF.
What if I am at an acquirer or issuer-processor rather than a merchant-facing processor?
The CDE scope shape differs slightly but the artefact work is the same. The playbook is tailored to your specific employer type after purchase so the worked examples match your environment.
What is the refund policy?
Thirty days, no questions. If the course does not give you a working Req 10 evidence pack template you can take to your senior, request a refund.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!