“How can we reduce the scope of PCI DSS Scope?” is a questions I get in most of the consulting / auditing engagements. Some of them were looking for network segmentation and others were looking for segmentation in the software components. Here are some thoughts on segmentation as a method to…