Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Josh Tomkiel

Josh Tomkiel is a Managing Director on Schellman’s Penetration Testing Team based in the Greater Philadelphia area with over a decade of experience within the Information Security field. He has a deep background in all facets of penetration testing and works closely with all of Schellman's service lines to ensure that any penetration testing requirements are met. Having been a penetration tester himself, he knows what it takes to have a successful assessment. Additionally, Josh understands the importance of a positive client experience and takes great care to ensure that expectations are not only met but exceeded.

Blog Feature

Penetration Testing

By: Josh Tomkiel
September 13th, 2022

So, you’re investing in cybersecurity and are having a web application penetration test performed. No matter your reasons for doing so—whether you’re satisfying compliance requirements, a customer request, internally assessing your flagship service offering or confirming security policies—this is a great step towards strengthening your defenses.

Blog Feature

FedRAMP | Penetration Testing | Federal Assessments

By: Josh Tomkiel
August 18th, 2022

For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.

Blog Feature

Cybersecurity Assessments | Penetration Testing

By: Josh Tomkiel
August 4th, 2022

Famous detectives throughout history have always been thrown into cases. That’s the nature of their job—the situation to create the case occurred, and it’s up to Sherlock Holmes to follow a trail of clues to determine the solution. When you perform an internal network pen test, the nature of the work is similar, but there are a few things you can do to help these cyber “detectives” maximize your knowledge gained and action items moving forward. Schellman’s Pen Test Team is experienced, and we often get asked to perform this specific type of evaluation. Having gone into these sorts of engagements many times before, we want to share some helpful insight specific to this kind of test.

Blog Feature

Penetration Testing

By: Josh Tomkiel
June 2nd, 2022

Whether you’re considering engaging Schellman for a penetration test of some kind or you’ve already signed a contract with us for such, you’d probably agree that transparency benefits everyone.

Blog Feature

By: Josh Tomkiel
November 14th, 2017

**Since the publication of this blog, the FedRAMP PMO has, in 2022, updated the FedRAMP Penetration Test Guidance. Schellman breaks down the latest in our article here.)

{