The Schellman Blog

When you’re applying for a new job, you have your reasons—whether it’s to find a new challenge or to escape a toxic workplace, you want to trust that somewhere else will be better for you and your career. But when you’re sending off applications, it’s hard to know what you might be getting yourself into—most times, you won’t know until you’ve signed your new employment contract and are in (a new set) of weeds.

Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?

So, you’re investing in cybersecurity and are having a web application penetration test performed. No matter your reasons for doing so—whether you’re satisfying compliance requirements, a customer request, internally assessing your flagship service offering or confirming security policies—this is a great step towards strengthening your defenses.

For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.

If you find yourself wondering what exactly an internal network penetration test is and whether or not your organization needs one, then you're in the right place. Many businesses invest heavily in external security but unknowingly remain vulnerable from the inside. That’s where internal pen tests come in handy. Yet despite their proven ability to help strengthen your overall security posture among numerous other notable benefits, it can be difficult to know where to start.

Whether you’re considering engaging Schellman for a penetration test of some kind or you’ve already signed a contract with us for such, you’d probably agree that transparency benefits everyone.

**Since the publication of this blog, the FedRAMP PMO has, in 2022, updated the FedRAMP Penetration Test Guidance. Schellman breaks down the latest in our article here.)