Chris Mark PCI National Practice Lead AT&T

As PCI National Practice Lead at AT&T, Chris Mark helps clients ensure the security of their customers’ credit and debit card data. He’s an internationally recognized expert on the payment card industry data security standard (PCI-DSS) and payment card security. In fact, as a contractor with Visa, he was on the original team that created the PCI-DSS (then known as the CISP) in 2001.

But Chris sees his job as more than just validating compliance. His team manages every audit with an eye toward larger payment security issues and how risk can be further mitigated, always offering further recommendations for improvement.v

He came to data security via the military, serving first as an enlisted Marine and then as a Navy officer. With military specialties Marine Scout/Sniper and Reconnaissance Marine, and having seen combat in Somalia, Chris has been involved in numerous aspects of security, from data security, to physical security, and force protection. In data security, he continues to draw on those experiences, knowing that technology, standards and protocols are only part of the picture and that people represent the core problems and solutions of security. On one end of the technology is someone who’s trying cause harm, and on the other is an organization with limited resources trying to protect their assets. The challenge of security is to allocate resources the most efficient way possible to prevent a malicious person from doing damage.

He’s been on the frontlines of a variety of security battles, most recently on a ship in the Gulf of Aden, supporting anti-piracy operations for the maritime industry. Prior to that, he founded a qualified security assessor (QSA) firm,  conducting or managing over 100 assessments, and training over 2,800 QSAs worldwide. As the Visa Inc. CISP trainer, he was responsible for training another several thousand people on PCI-DSS and related topics.

Chris’s specialties include cyber espionage and risk management. He speaks, writes and blogs on these topics prolifically, and has been published in Transaction World, Secure Payments, The Counter Terrorist and PenTest magazines and on

A huge fan of Teddy Roosevelt, Chris is inspired by Roosevelt’s Sorbonne speech from 1910, the source of the famous “Man in the Arena” quote (“It is not the critic who counts… The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood…”). He enjoys reading – his and his wife’s library includes 1500 volumes – and two of his favorite books are Richard Clarke’s Cyber War: The Next Threat to National Security and What to Do About It, and Empire of the Blue Waters about Captain Morgan’s pirate army.

He lives with his wife and their 3-year-old son in Park City, Utah.

From this Author

Content Type


5 Essential Questions To Ask Your Qualified Security Advisor

06/04/13 blog

Understanding The PCI Compliance Spectrum

05/24/13 blog

In Security And Compliance, There Are No Shortcuts

03/22/13 blog

PCI DSS 101 Secrets To Success

03/08/13 blog

Defining Cardholder Data

02/25/13 blog

3 Security “Must-Do” Policies: Show, Demonstrate, And Convince

02/19/13 blog

You Can’t Unring that Bell

02/06/13 blog

The Balancing Act: Security, Convenience & Efficiency

01/30/13 blog