I’m glad to see that the Council is following through on their commitment to hold assessors to a certain level of work and expertise.
Sadly we run into low-balling competition all the time and it’s sometimes hard to explain to potential clients that there is, really, a difference between what NetSPI provides and what the low-balling competition is actually delivering.
PCI QSA assurance program penalizes assessors.

It’s interesting that in this very educated, very suspicious society, we still at times need some help in understanding the hidden agendas of the organizations that we work with.
In the world of information security (particularly in the retail space) things are still a little ‘Wild West’ as there are not a lot of well-defined boundaries between consulting, selling product, and auditing. This creates an interesting environment where conflict of interest issues abound.
There are two areas in particular that I think it is extremely important to understand properly:

A PCI consultant …