Evgeniy Gantman

Senior Cloud Security Architect & DevSecOps Leader

15+ Years | PCI DSS 4.0 Expert | AWS Security | Zero Trust Architecture

View My Security Journey Explore Key Projects

Key Achievements

Measurable results from security implementations

PCI DSS Level 1 - Zero Audit Findings

Achieved compliance with no findings

99.95% Uptime - Payment Processing

High availability for critical systems

📉

85% Security Incident Reduction

Through SIEM deployment and monitoring

💰

45% AWS Cost Optimization

FinOps practices implementation

🎯

60% CDE Scope Reduction

Via tokenization and segmentation

Latest Projects

Real-world security implementations from my portfolio

Enterprise SIEM Implementation with Wazuh

Comprehensive security monitoring and PCI DSS compliance through Wazuh SIEM deployment

Wazuh OpenSearch AWS Kubernetes Python CloudTrail GuardDuty
View case study →

PCI DSS 4.0 Compliance Architecture

Complete PCI DSS Level 1 compliance implementation for payment processing platform

AWS KMS Wazuh SIEM Istio Terraform Kubernetes AWS Config
View case study →

AWS Multi-Account Landing Zone

Enterprise-grade AWS foundation with Control Tower, multi-account architecture, and comprehensive security controls

AWS Control Tower Transit Gateway Terraform Terragrunt EKS ArgoCD
View case study →

From the Blog

Technical insights and security best practices

PCI DSS Encryption Tokenization AWS KMS Data Protection

Implementing PCI DSS Requirement 3: Encryption & Tokenization Strategies

Implementing PCI DSS Requirement 3: Encryption & Tokenization Strategies

Overview

PCI DSS Requirement 3 focuses on protecting stored cardholder data through encryption, tokenization, and other cryptographic methods. This article explores practical implementation strategies.

Key Components

1. Encryption Requirements

3.1: Keep cardholder data storage to a minimum

  • Implement data retention policies
  • Automate data lifecycle management
  • Regular data discovery scans

3.2: Do not store sensitive authentication data

  • Prohibit storage of full track data, CVV2, PIN blocks
  • Implement validation in CI/CD pipelines
  • Regular scanning for accidental storage

2. Cryptographic Implementation

AWS KMS Configuration:

Read more →
View All Articles