This month, we’re excited to feature Aly Miller, Manager of the PCI Compliance Program at The Home Depot, one of the largest home improvement retailers in the nation, where she established the PCI Ongoing Compliance process and leads various compliance assessments. Aly and her team are responsible for understanding all of The Home Depot’s payments-related systems and ensuring that applicable PCI controls are implemented. Prior to joining The Home Depot, Aly started her career at PwC in Cybersecurity GRC (Governance, Risk, and Compliance) Advisory from Intern to Senior Associate in Atlanta, GA. 

‍

‍1. Can you share a bit about your journey into cybersecurity and what led you to PCI Compliance and retail security?

My journey into cybersecurity began with a college internship in PwC’s Cybersecurity Advisory practice in Atlanta. That experience opened the door to a full-time role, where I quickly advanced to Senior Associate. During my time at PwC, I had the opportunity to work with Fortune 500 clients across industries, helping them build and operationalize cybersecurity governance and risk management frameworks. While I enjoyed the learning opportunities consulting provided, I found myself looking for a consistent team and area of expertise that I could pour my energy and focus into. That led me to The Home Depot as a Cybersecurity Staff on the PCI Compliance Team. At The Home Depot, I've found a supportive and collaborative team that continuously raises the bar of excellence across the Cybersecurity organization and PCI Compliance space. 

‍

‍2. For those who may not be familiar, what exactly is PCI Compliance?

PCI (Payment Card Industry) was created by the five leading payment brands (American Express, Discover, JCB International, MasterCard, and Visa) in an effort to protect customer payment card data from theft and fraud. This drove the creation of the PCI Data Security Standard (PCI DSS), which provides a uniform industry standard for payment card data security by defining requirements that must be implemented to protect credit card transactions. PCI DSS is a set of rules that help keep credit card transactions safe, whether it’s with the technology, the people, or processes that handle the payments.

‍

3. What is unique to cybersecurity for retail compared to other industries? What excites you most about the future of cybersecurity in the retail sector?

Unlike companies across the technology and financial services industries, which usually have everything centralized and are governed by strict rules set by regulators, companies in the retail sector have unique challenges when it comes to keeping things safe and secure. Retail companies often have many locations that are spread out with workers that are more temporary than other industries. They also have to make sure to balance speed, convenience, and security for their customers. All of this makes it difficult to protect against cyber attacks, so companies in the retail space have to use specialized strategies to stay secure.

As for the future of cybersecurity in retail, I'm most excited to see how POS (point of sale) systems continue to evolve around the customer and work to identify new attack surfaces and vulnerabilities that arise with those technologies.

‍

4. What skills or experiences from college and your first post-college job(s) do you think were most important in helping you grow into your current role?

Networking and curiosity were key in opening doors for opportunities I never thought possible. Cybersecurity continues to grow in popularity making it a challenging industry to break into, which is why it is crucial to put yourself out there and build your network whenever and wherever possible. Curiosity is also key as it shows your hunger to learn and your willingness to keep up in the ever-evolving cybersecurity space. 

‍

5. What advice would you give to someone in college or early in their career who’s interested in working in cybersecurity?

My top two pieces of advice are to stay open-minded and actively build relationships with others in the cybersecurity field. It can be challenging to find openings for entry level positions or roles that do not require previous experience, so having connections and mentors can make a big difference in discovering opportunities and getting noticed by hiring managers. Once you land your first cybersecurity role, the possibilities are endless. That’s why it’s so important to keep an open mind, you never know which path will ignite your passion within the field.