What is ISO 27001? At a basic level, ISO/IEC 27001:2022 (ISO 27001) is a management system framework for an information security management system (ISMS) that a company can be certified against by conforming to the ISO 27001 standard. Structured primarily around how a company manages information security and its related risk, this standard is a powerful one, as almost every company in the modern age now “manages information security” of some sort.

Our Story Many who know me have also probably met my two-year-old twins, Everly and Porter (a girl and a boy). Over this past year, many others have probably witnessed my kids charging into my office to make several, mostly surprise, appearances during Zoom happy hours and client meetings. But what most do not know, however, are the struggles my wife, Brittany, and I went through on our journey to have them. How we got to this point with two happy, healthy children is not a short story or answer—as anyone affected knows, infertility can create so many hardships for couples, and I hope that this blog and our fundraising campaign detailed below will shed some light on the widespread impact it really can have.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.

Serving as an important reminder of the fact that the AAPI community helped build this country, Asian American and Pacific Islander (AAPI) Heritage Month also celebrates their history and many cultures, as well as those contributions to the United States. Asia is a massive continent that is home to diverse ethnicities and histories, and the innumerable customs of its many countries have intertwined with American society over the years. In fact, according to a Pew Research Center article, “a record 20 million Asian Americans trace their roots to more than 20 countries in East and Southeast Asia and the Indian subcontinent.” Learning about their fellows’ Asian norms and traditions should only serve to strengthen the bond Americans have with each other, but unfortunately, people tend to fear what they do not understand. With the recent uptick in hate crimes targeting the Asian community, recognizing and supporting Asian Americans is more important than ever before, and AAPI month presents the perfect opportunity. One of the most powerful things Asian Americans can do is to share their stories and experiences, so I decided to write about some of my AAPI family members—I wanted to give them a voice. My hope is that when people read these accounts, they will gain a new perspective or find ways to relate to the experiences.

Back in the spring of 2009, I raised my right hand and swore to support and defend the Constitution of the United States against all enemies, foreign and domestic. At the time, I knew what I was signing up for, just as I knew then that all the challenges I had faced in the past would not compare to those ahead of me. What I did not know is that one of those challenges would actually come after my service and manifest itself throughout my transition back to the civilian workforce.

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

While the latest version of any product is often seen as the greatest, there is more nuance involved when trying to determine which version of the HITRUST CSF® framework to utilize for certification. Currently, users can choose from versions 9.1, 9.2, 9.3, and 9.4. With the impending release of HITRUST CSF v10p (preview) in mid-May 2021, and a full release of v10 scheduled for later in the year, it adds more questions about whether to make the jump to 10 right away, if you have to make the jump to 10, and when will you be required to make the jump to version 10; all of which we’ll tackle.

Overview Offensive Security has released several new courses recently, including Evasion Techniques and Breaching Defenses (PEN-300), which primarily focuses on “penetration tests against mature organizations with an established security function.” After reading that overview on the website, I was excited to take on the challenge and expand my knowledge base in preparation for obtaining the OSEP certification.