FREE CloudSecNext Summit | Jun 3-4: At this global event, stay informed with what's next in cloud security. Register now!


To attend this webcast, login to your SANS Account or create your Account.

Real World Challenges for PCI Compliant Containers

  • Tuesday, October 29, 2019 at 10:30 AM EDT (2019-10-29 14:30:00 UTC)
  • Tim Buntel, John Pescatore, Katie Paugh


  • Threat Stack

You can now attend the webcast using your mobile device!



Many organizations follow PCI-DSS compliance standards. If you deal with any kind of credit card payment - or support a company who does - you need to maintain a secure environment, and be able to prove it, by adhering to these standards. But the standards were introduced in the early 2000s before DevOps and CI/CD, and long before containers and microservices. There are unique challenges and added complexities to leveraging containers in a†cardholder data environment (CDE).

In this webinar, SANS expert, addresses the common pitfalls organizations face meeting PCI compliance when using containers. Threat Stack customer, will walk through how they achieved PCI compliance for their containerized environment and overcame the real-world challenges along the way.

Hear how the team built a highly elastic and scalable infrastructure without worrying about underlying dependencies all while maintaining PCI compliance.

Speaker Bios

Tim Buntel

Tim Buntel is VP of Application Security Products at Threat Stack. Prior to this role, Tim has built globally recognized software businesses for 20 years at startups, midsized companies in transition, and the largest global brands, including Atlassian, Adobe, Microsoft, and XebiaLabs with an emphasis on developer tools and platforms; helping developers build better software. He is also a founding mentor and Board member at Smarter in the City, a non-profit high-tech accelerator with a mission to diversify Bostonís startup sector by providing support and resources for local minority-run ventures.

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Katie Paugh

DevOps Engineering Manager at that specializes in security and compliance in the cloud. Her team manages multiple Kubernetes clusters in AWS where they focus on balancing security and availability. She helped organize and migrate Lola services to Kubernetes clusters while focusing on maintaining PCI DSS Compliance. Before Lola she worked as a DevOps consultant helping people manage their infrastructure, automation, and pipelines.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.