Perhaps the company you're working for can pick-up that cost though... which would certainly be nice

I was looking at this from the perspective of being my own company originally. There are other requirements, such as insurance coverage and such that you have to carry as well. When I was scoping it out, the insurance plan required to be an ASV was going to cost me roughly $2K-$3K/year.. can't remember exactly (though I'm sure I still have the quote sitting around somewhere...)

@Ketchup:

Good points - career-wise I've been a systems engineer/admin for almost 5yrs, and 7 yrs before that in IT operations.  It didn't strike me to structure my resume in a way that would emphasize what each job experience gave me for each knowledge domain.

Also, I hear you on the dud PCI auditors.  We are currently going through our second PCI audit, and the auditor last year was clearly underqualified.  Lately I've been reading alot about mounting pressure on QSA's which would explain the higher quality we are seeing with this year's auditor.

I do agree that passing an exam doesn't say much for your ability to assess compliance with PCI, et al.  More years under the belt will certainly produce a more qualified auditor, provided those are true years of learning and practice.  (i.e.: 10 years of experience, not 1 yr. experience times 10).

Thanks,
Justin

Bill, thank you!  I just printed out that document on the printer at work and forgot it there.   I hadn't made it to the fees section.  This certainly is a bummer, the $20,000 initially and $10,000 annually for US organizations.   

The fee schedule is structured so that you almost have to have a few clients lined up before you even consider applying to be a QSA.  One bright side is that I work for a small consulting company, so we are used crap like this.   It would be nice to take a small piece from Delloitte or KPMG .   

No problem guys

I don't know how many times I read through each of those documents a while back. I had to make sure I got all the information and the details. QSA was definitely out of reach for me (self-funded anyway) but ASV (at the time) I thought was reasonable. For $10K now.. that's a stretch. But yeah, like Ketchup mentioned, you'd definitely have to have some clients lined up - whether it's PCI scanning, testing, whatever; you'd need some decent income coming in.

@jakinne: I'm not sure how many independents there are out there. I know on the PCI site they have a list of ASV's (or did). Not sure if they also have a list of QSA's available but I'd imagine they would.

BillV