Douglas Barbin

Doug Barbin is a Principal at Schellman & Company, LLC. Doug leads all service delivery for the western US and is also oversees the firm-wide growth and execution for security assessment services including PCI, FedRAMP, and penetration testing. He has over 19 years of experience. A strong advocate for cloud computing assurance, Doug spends much of his time working with cloud computing companies has participated in various cloud working groups with the Cloud Security Alliance and PCI Security Standards Council among others.

Inside-out analytics: Solving the enigmatic insider threat

To protect their corporations against data breach from internal and external sources, CISOs have a tool that is effective at identifying breaches but some employees might find it intrusive: analytics.

Read Article
How Bots Can Tell When the C-Suite Is Lying

Companies are applying natural language processing (NLP), sentiment analysis and machine learning to the financial sector, evaluating earnings calls and other public meetings to unearth information.

Read Article
Rundown: The Cloudy Role of FedRAMP

On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

Read Article
Is It Time for Your Organization to Form an AI Ethics Committee?

Do you need to set up an artificial intelligence ethics committee if you are using this technology? Google certainly thought it did — until it changed its mind. Of course Google is one...

Read Article
7 Cloud Myths Debunked

Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history. Myths can be fun...

Read Article
6 Hot IT Leadership Trends — and 6 Going Cold

As the CIO role becomes increasingly strategic, risk aversion and a results-oriented mindset take a backseat to increasingly influence and driving organizational change.

Read Article
Cloudy With a Chance of Automation

Securing the cloud requires a different mindset than securing your on-prem infrastructure Adventures in securing the cloud As cloud operations become increasingly popular,...

Read Article
Debunking the 5 Biggest DevOps Myths

Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software...

Read Article
GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from...

Read Article
Rolling the Dice on AI

Moving forward, I would like to see machine learning incorporated in to web application scanning, an area untouched by AI today.”

Read Article
Crypto Currency Hacking Is Not About The Coin

Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a...

Read Article
Could updated controls from NIST drive up cloud security costs?

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...

Read Article
The Wacky World of GRC

Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

Read Article
“Keep It Simple” and Just Call Me SOC

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today. Yes, the new standard imposes some...

Read Article
Auditing DevOps – Developers with Access to Production

DevOps, like Agile development before it, accents the continuous evolving state of software development, particularly in cloud-base software. Like any technology change, there is no surprise that...

Read Article
Loading More...

Douglas Barbin

Inside-out analytics: Solving the enigmatic insider threat

To protect their corporations against data breach from internal and external sources, CISOs have a tool that is effective at identifying breaches but some employees might find it intrusive: analytics.

How Bots Can Tell When the C-Suite Is Lying

Companies are applying natural language processing (NLP), sentiment analysis and machine learning to the financial sector, evaluating earnings calls and other public meetings to unearth information.

Rundown: The Cloudy Role of FedRAMP

On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

Is It Time for Your Organization to Form an AI Ethics Committee?

Do you need to set up an artificial intelligence ethics committee if you are using this technology? Google certainly thought it did — until it changed its mind. Of course Google is one...

7 Cloud Myths Debunked

Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history. Myths can be fun...

6 Hot IT Leadership Trends — and 6 Going Cold

As the CIO role becomes increasingly strategic, risk aversion and a results-oriented mindset take a backseat to increasingly influence and driving organizational change.

Cloudy With a Chance of Automation

Securing the cloud requires a different mindset than securing your on-prem infrastructure Adventures in securing the cloud As cloud operations become increasingly popular,...

Debunking the 5 Biggest DevOps Myths

Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software...

GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from...

Rolling the Dice on AI

Moving forward, I would like to see machine learning incorporated in to web application scanning, an area untouched by AI today.”

Crypto Currency Hacking Is Not About The Coin

Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a...

Could updated controls from NIST drive up cloud security costs?

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...

The Wacky World of GRC

Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

“Keep It Simple” and Just Call Me SOC

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today. Yes, the new standard imposes some...

Auditing DevOps – Developers with Access to Production

DevOps, like Agile development before it, accents the continuous evolving state of software development, particularly in cloud-base software. Like any technology change, there is no surprise that...