The period of September through the end of December many have nicknamed “Busy Season” for lots of fun reasons: the return of school and fall sports, endless football games on almost every night of the week, the busiest holidays of the year, and loads of family time. Perhaps less fun, Busy Season also often includes audits and attestations for many organizations wishing to deliver audit reports by the end of the calendar and fiscal years. With so much to do—not only at work but also at home—it all may seem impossible, but there actually are proven paths to a smooth end-of-year audit process that can help streamline Busy Season in at least this one respect.

Background First coined in 1994 by Stephen Marsh in his doctoral thesis, Formalising Trust as a Computational Concept, the term Zero Trust was later popularized by a Gartner research analyst. Some years later in 2011, when Google announced its internal implementation of Zero Trust architecture, the concept helped spark a new, wide-spread interest in the technology and security communities. In response to this increased public interest, the National Institute of Standards and Technology (NIST), in coordination with the National Cybersecurity Center of Excellence (NCCoE), developed a special publication (SP 800-207) on Zero Trust architecture and have since published additional information on implementation practices.

When I first began considering a career with Schellman, I began to dig through industry jargon to familiarize myself—my background was in nonprofits, and there was a lot of new information to parse through, including many, many acronyms. Among those that I discovered was ISO, an abbreviation that up to just a few months ago, was lost among others like NBA, NCAA, and TSLA that some might argue are more important. When I initially learned, more specifically, of ISO 27001, I had no clue what it meant, but I’d eventually discern that this certification was the one that potentially could change the course of my professional career. Throughout my extensive research, it was the unique nature of ISO 27001 that was among the important gems I discovered that would eventually draw me into the industry.

Our Story Many who know me have also probably met my two-year-old twins, Everly and Porter (a girl and a boy). Over this past year, many others have probably witnessed my kids charging into my office to make several, mostly surprise, appearances during Zoom happy hours and client meetings. But what most do not know, however, are the struggles my wife, Brittany, and I went through on our journey to have them. How we got to this point with two happy, healthy children is not a short story or answer—as anyone affected knows, infertility can create so many hardships for couples, and I hope that this blog and our fundraising campaign detailed below will shed some light on the widespread impact it really can have.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.

Serving as an important reminder of the fact that the AAPI community helped build this country, Asian American and Pacific Islander (AAPI) Heritage Month also celebrates their history and many cultures, as well as those contributions to the United States. Asia is a massive continent that is home to diverse ethnicities and histories, and the innumerable customs of its many countries have intertwined with American society over the years. In fact, according to a Pew Research Center article, “a record 20 million Asian Americans trace their roots to more than 20 countries in East and Southeast Asia and the Indian subcontinent.” Learning about their fellows’ Asian norms and traditions should only serve to strengthen the bond Americans have with each other, but unfortunately, people tend to fear what they do not understand. With the recent uptick in hate crimes targeting the Asian community, recognizing and supporting Asian Americans is more important than ever before, and AAPI month presents the perfect opportunity. One of the most powerful things Asian Americans can do is to share their stories and experiences, so I decided to write about some of my AAPI family members—I wanted to give them a voice. My hope is that when people read these accounts, they will gain a new perspective or find ways to relate to the experiences.

Back in the spring of 2009, I raised my right hand and swore to support and defend the Constitution of the United States against all enemies, foreign and domestic. At the time, I knew what I was signing up for, just as I knew then that all the challenges I had faced in the past would not compare to those ahead of me. What I did not know is that one of those challenges would actually come after my service and manifest itself throughout my transition back to the civilian workforce.

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.