As you can see in my barely updated linkedin page, I’ve been a CiSO for many years. Since 2013, I’ve seen many different merchant profiles. Sadly I also saw many data breaches, and more specifically Cardholder Data breaches. Most of our customers back then got hacked through a variety of means, the most popular being unpatched CMSes. They all shared a glaring, unforgiving trait : PCI-DSS requirements were not being followed.