Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Education | Penetration Testing

By: Francis Kim
March 3rd, 2025

What is the Offensive Security Certified Professional (OSCP) Certification? The Offensive Security Certified Professional certification, or OSCP, is an ethical hacking certification that demonstrates proficiency in penetration testing using Kali Linux tools. This test can be undeniably grueling if you are ill-prepared, with nearly 24 hours of hands-on keyboard hacking followed by another 24 hours of documentation/report writing.

Blog Feature

Penetration Testing | Red Team Assessments

By: Austin Bentley
February 25th, 2025

You may feel confident that your organization has a mature cybersecurity program if you’re able to thwart the vast majority of threats through established practices and procedures. However, despite those efforts, even amongst the most secure of organizations there is still the ever-looming threat of the legendary Advanced Persistent Threat (APT). Furthermore and unfortunately, it’s difficult to ascertain if you’ve been compromised by one. Thankfully though, it is possible to simulate an external APT attempting to breach your organization’s perimeter through a red team exercise.

Blog Feature

Penetration Testing

By: Austin Bentley
February 19th, 2025

It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It’s often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enrolled in training. While this approach can certainly check the “quarterly phishing exercise” box, you should consider demanding even more from your phishing assessment. After all, when you engage with a third-party provider, they should provide both depth and value within their specialization.

Blog Feature

Penetration Testing

By: Austin Bentley
February 14th, 2025

Web applications grow and evolve each year. There’s always a new feature, a new API, and a new way of doing things. These constant changes may introduce some form of vulnerability, which is not ideal when web applications often sit on your external network. This makes web applications an ideal vector for an attacker to migrate into your internal network or compromise customers. Therefore, any web application test deserves an adequate level of thoroughness and attention. Below, we’ve provided a list of questions you should consider asking prospective pen test providers to ensure the most effective web application pen test experience.

Blog Feature

Penetration Testing

By: Austin Bentley
February 7th, 2025

When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your internal network (cloud environment and/or on-premises network). As these networks typically change year to year with new devices, cloud migrations, on-premises migrations, and firewall migrations, periodic testing may be necessary. This can leave you wondering how to find the right pen test provider to ensure your organization's network security posture is thoroughly assessed.

Blog Feature

Penetration Testing

By: Austin Bentley
January 28th, 2025

You think you’re close to picking the right team. Your goals align, and you think the team is of sufficient quality. But, there’s one aspect that can be easily overlooked – yet it may ultimately determine whether the exercise was worth conducting.

Blog Feature

Penetration Testing

By: Austin Bentley
January 17th, 2025

So, you’ve decided you need a pen test – and you have your requirements in mind. Now comes the process of finding your team to perform the test. As with any service or product, there are large variances in quality between vendors and individuals – so you’ll need to perform a balancing act. Below, we’ll walk through questions designed to help you assess the capabilities, experience, and ability of any prospective provider to meet your specific requirements.

Blog Feature

Penetration Testing

By: Gabriel Rivera
December 4th, 2024

Among the several offerings the Sektor7 Institute has related to evasion, privilege escalation, malware development, and persistence, cyber security professionals of various disciplines, from red team operators to incident responders- can all find something of value in Sektor7 Institute’s RED TEAM Operator: Windows Evasion Course.

{