Josh Tomkiel is a Director and Penetration Tester based in Philadelphia, PA with over 10 years of experience within the Information Technology field. Josh has a deep background in all facets of penetration testing and works closely with Schellman's other service lines to ensure penetration testing requirements are met. Additionally, Josh leads the Schellman's Red Team service offering, which provides an in-depth security assessment focusing on different tactics, techniques, and procedures (TTPs) for clients with mature security programs.
Cybersecurity Assessments | Penetration Testing
By:
JOSH TOMKIEL
August 8th, 2023
Red teaming is a proactive approach to cybersecurity, where a group of ethical hackers simulates real-world attacks on an organization's systems to identify vulnerabilities and test its defenses. This process helps organizations improve their security posture by revealing weaknesses before malicious actors can exploit them.
Penetration Testing | SchellmanLife
By:
JOSH TOMKIEL
December 21st, 2022
There’s a Latin proverb that says, “if the wind will not serve, take to the oars.” If you’ve ever hunted for a (new) job, you likely can relate. Of course, every workplace has its idiosyncrasies, but you need to find the “wind” that serves you best.
Penetration Testing | SchellmanLife | careers
By:
JOSH TOMKIEL
December 6th, 2022
When you’re applying for a new job, you have your reasons—whether it’s to find a new challenge or to escape a toxic workplace, you want to trust that somewhere else will be better for you and your career. But when you’re sending off applications, it’s hard to know what you might be getting yourself into—most times, you won’t know until you’ve signed your new employment contract and are in (a new set) of weeds.
Cybersecurity Assessments | Ransomware Preparedness Assessment
By:
JOSH TOMKIEL
October 31st, 2022
Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?
By:
JOSH TOMKIEL
September 13th, 2022
So, you’re investing in cybersecurity and are having a web application penetration test performed. No matter your reasons for doing so—whether you’re satisfying compliance requirements, a customer request, internally assessing your flagship service offering or confirming security policies—this is a great step towards strengthening your defenses.
FedRAMP | Penetration Testing | Federal Assessments
By:
JOSH TOMKIEL
August 18th, 2022
For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.
Cybersecurity Assessments | Penetration Testing
By:
JOSH TOMKIEL
August 4th, 2022
Famous detectives throughout history have always been thrown into cases. That’s the nature of their job—the situation to create the case occurred, and it’s up to Sherlock Holmes to follow a trail of clues to determine the solution. When you perform an internal network pen test, the nature of the work is similar, but there are a few things you can do to help these cyber “detectives” maximize your knowledge gained and action items moving forward. Schellman’s Pen Test Team is experienced, and we often get asked to perform this specific type of evaluation. Having gone into these sorts of engagements many times before, we want to share some helpful insight specific to this kind of test.