Douglas Barbin

Doug Barbin is a Principal at Schellman & Company, LLC. Doug leads all service delivery for the western US and is also oversees the firm-wide growth and execution for security assessment services including PCI, FedRAMP, and penetration testing. He has over 19 years of experience. A strong advocate for cloud computing assurance, Doug spends much of his time working with cloud computing companies has participated in various cloud working groups with the Cloud Security Alliance and PCI Security Standards Council among others.

  • Artificial Intelligence: A relative reality

    Artificial Intelligence: A relative reality

    To differentiate what is marketing jargon from what CISOs can do with AI-enhanced products, security leaders were interviewed to find out which products embedded with AI deliver on their promises.

    Read Article
  • CMMC – the New Protocol Droid for DoD Compliance

    CMMC – the New Protocol Droid for DoD Compliance

    US DoD has been working to revise funding procurement procedures DFARS. Most important are regulations which mandate that defense contractors meet NIST SP 800-171 standard that deals with CUI.

    Read Article
  • The Most Important Considerations in Building a DevSecOps Pipeline

    The Most Important Considerations in Building a DevSecOps Pipeline

    Security Boulevard reached out to a panel of DevSecOps pros to learn more about key considerations and best practices for building a DevSecOps pipeline.

    Read Article
  • Inside-out analytics: Solving the enigmatic insider threat

    Inside-out analytics: Solving the enigmatic insider threat

    To protect their corporations against data breach from internal and external sources, CISOs have a tool that is effective at identifying breaches but some employees might find it intrusive: analytics.

    Read Article
  • How Bots Can Tell When the C-Suite Is Lying

    How Bots Can Tell When the C-Suite Is Lying

    Companies are applying natural language processing (NLP), sentiment analysis and machine learning to the financial sector, evaluating earnings calls and other public meetings to unearth information.

    Read Article
  • Rundown: The Cloudy Role of FedRAMP

    Rundown: The Cloudy Role of FedRAMP

    On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

    Read Article
  • Is It Time for Your Organization to Form an AI Ethics Committee?

    Is It Time for Your Organization to Form an AI Ethics Committee?

    Do you need to set up an artificial intelligence ethics committee if you are using this technology? Google certainly thought it did — until it changed its mind. Of course Google is one...

    Read Article
  • 7 Cloud Myths Debunked

    7 Cloud Myths Debunked

    Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history. Myths can be fun...

    Read Article
  • 6 Hot IT Leadership Trends — and 6 Going Cold

    6 Hot IT Leadership Trends — and 6 Going Cold

    As the CIO role becomes increasingly strategic, risk aversion and a results-oriented mindset take a backseat to increasingly influence and driving organizational change.

    Read Article
  • Cloudy With a Chance of Automation

    Cloudy With a Chance of Automation

    Securing the  cloud requires a  different mindset  than securing your on-prem  infrastructure Adventures in securing the cloud As cloud operations become increasingly popular,...

    Read Article
  • Debunking the 5 Biggest DevOps Myths

    Debunking the 5 Biggest DevOps Myths

    Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software...

    Read Article
  • GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

    GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

    This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from...

    Read Article
  • Rolling the Dice on AI

    Rolling the Dice on AI

    Moving forward, I would like to see machine learning incorporated in to web application scanning, an area untouched by AI today.”

    Read Article
  • Crypto Currency Hacking Is Not About The Coin

    Crypto Currency Hacking Is Not About The Coin

    Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a...

    Read Article
  • Could updated controls from NIST drive up cloud security costs?

    Could updated controls from NIST drive up cloud security costs?

    Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...

    Read Article
  • The Wacky World of GRC

    The Wacky World of GRC

    Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

    Read Article
  • “Keep It Simple” and Just Call Me SOC

    “Keep It Simple” and Just Call Me SOC

    SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today.  Yes, the new standard imposes some...

    Read Article
  • Auditing DevOps – Developers with Access to Production

    Auditing DevOps – Developers with Access to Production

    DevOps, like Agile development before it, accents the continuous evolving state of software development, particularly in cloud-base software. Like any technology change, there is no surprise that...

    Read Article
  • loading
    Loading More...