Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Douglas Barbin

As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.

Blog Feature

By: Douglas Barbin
February 4th, 2019

Securing the  cloud requires a  different mindset  than securing your on-prem  infrastructure Adventures in securing the cloud As cloud operations become increasingly popular, enterprises are recognizing that they require automated cloud security services to mitigate risk. But the road to automation is not always a smooth journey, or one with a distinct destination. Security experts discuss the promise and the perils of embracing automated cloud security services. Karen Epper Hoffman reports.

Blog Feature

By: Douglas Barbin
November 19th, 2018

Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software developers don't fully grasp all of its nuances. Far more than a switch that organizations can turn on and off, DevOps is a fundamental shift in how companies think, work and innovate. Just how accurate are your DevOps beliefs and assumptions? We asked experts to weigh in on five of the most pervasive myths surrounding DevOps.

Blog Feature

By: Douglas Barbin
October 22nd, 2018

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from PwC’s consulting practice in Germany.  The topic for the panel was “The reality of GDPR: Learnings from the First Three Months”. We addressed a variety of topics, but I wanted to recap on some of the key takeaways from my perspective.

Blog Feature

By: Douglas Barbin
July 23rd, 2018

Fear can be a great motivator. If you are afraid that a human cannot make a decision fast enough to stop a cyberattack, you might opt for an artificial intelligence (AI), machine learning system. But although fear, uncertainty and doubt — the FUD factor — of not responding quickly enough might motivate you to take this action, that same FUD factor that the action your automated system takes might be wrong is an equally strong motivator not to employ this technology. Welcome to this year’s Catch 22.

Blog Feature

By: Douglas Barbin
July 16th, 2018

Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a "cyber intrusion" and that it had managed to "freeze" certain coins with others being kept in a cold wallet. The exchange is now offline (hence no link to the website and its announcement).

Blog Feature

By: Douglas Barbin
October 19th, 2017

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes to get approved.

Blog Feature

By: Douglas Barbin
March 7th, 2017

Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

Blog Feature

SOC

By: Douglas Barbin
March 6th, 2017

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today.  Yes, the new standard imposes some important but relatively minor changes; changes which guide us, the service auditors performing these assessments.  You may even see some adjustments to our approach in your next SOC examination.