By:
Mike Finkel
September 3rd, 2025
As a penetration tester, few things are more frustrating than firing up Burp Suite, configuring your proxy, and then watching Java applications completely ignore your interception attempts. While web browsers play nice with proxy certificates, Java applications seem determined to make your life difficult.
By:
Schellman
August 28th, 2025
TAMPA, Fla. – August 27, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce that Marci Womack, Managing Director in Schellman's Federal Practice overseeing the emerging Cybersecurity Maturity Model Certification (CMMC) assessment program, has been appointed to Cyber AB’s inaugural CMMC Third-Party Assessment Organizations (C3PAOs) Advisory Council.
By:
Chad Goubeaux
August 27th, 2025
If you’re considering a SOC 2 audit, be it due to a customer request or to strengthen your security posture, you may already understand that this examination will include an evaluation of your product or service on a more operational and security-oriented level. You may even already grasp that during a SOC 2, your scope will be evaluated against a set of trust services criteria (TSC) that provide the backbone of the assessment. But what are the trust services categories, the criteria that make up each category, and which ones will you actually need for your SOC 2 audit? At Schellman, we have over two decades of experience in SOC 2 examinations, and we want to help you navigate what can be a complex process. Read on to discover what inclusion of each category will mean for your SOC 2 examination. From there, we’ll give you some guidelines for your internal conversations when making your choice. Afterwards, you’ll be that much closer to pinning down what you need from your upcoming SOC 2 report.
By:
Josh Tomkiel
August 26th, 2025
After nearly a decade of leading penetration testing engagements and growing our team from one tester to 43 professionals, we've learned that the questions you ask during vendor selection can determine whether you'll receive genuine security value and a successful engagement, or just frustrating checkbox exercises.
Cybersecurity Assessments | Compliance and Certification | Crypto and Digital Trust
By:
Avani Desai
August 20th, 2025
On July 18, 2025, President Trump signed the GENIUS Act into law, marking a major milestone for the U.S. digital asset ecosystem. For the first time, there is a federal framework that governs how payment stablecoins are issued, secured, and monitored.
FedRAMP | Federal Assessments | CMMC
By:
Matt Hungate
August 19th, 2025
If you develop or sell commercial-off-the-shelf (COTS) technology that ends up in Department of Defense (DoD) environments, there’s a new bar you have to clear. Katie Arrington, the acting DoD CIO has issued a new memo that directly impacts how you manage your software supply chain, and it’s going to change how COTS vendors prepare for procurement.
Artificial Intelligence | ISO 42001
By:
Danny Manimbo
August 18th, 2025
As the need for innovative artificial intelligence grows, regulatory bodies are working quickly to create frameworks that balance acceleration with safety, accountability, and trust. Notably, the European Union’s AI Act is poised to reshape how organizations approach AI governance, especially when it comes to general-purpose AI (GPAI) models.
Cybersecurity Assessments | Federal Assessments
By:
Douglas Barbin
August 13th, 2025
This signals document reviews the current state of software security initiatives in the federal government and the Department of Defense (DoD), highlighting key programs and policies aimed at enhancing cybersecurity. This includes the recent Executive Order 14306 (signed on June 6th), the DoD’s new Software Fast Track (SWFT), and SSDF and associated CISA attestations under the Biden Administration, part of which were rescinded via Executive Order 14144.