Douglas Barbin

Doug Barbin is a managing principal and firm-wide leader for cyber security and compliance services. He works with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 20 years’ experience and maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He was one of the first Cloud Security Alliance CCSK recipients and regularly trains Schellman personnel on cloud auditing, compliance, and other advanced technologies. Doug is very active in industry organizations and regularly speaks on cloud security, AI, FedRAMP, and other compliance frameworks.

Artificial Intelligence: A relative reality

To differentiate what is marketing jargon from what CISOs can do with AI-enhanced products, security leaders were interviewed to find out which products embedded with AI deliver on their promises.

Read Article
CMMC – the New Protocol Droid for DoD Compliance

US DoD has been working to revise funding procurement procedures DFARS. Most important are regulations which mandate that defense contractors meet NIST SP 800-171 standard that deals with CUI.

Read Article
The Most Important Considerations in Building a DevSecOps Pipeline

Security Boulevard reached out to a panel of DevSecOps pros to learn more about key considerations and best practices for building a DevSecOps pipeline.

Read Article
Inside-out analytics: Solving the enigmatic insider threat

To protect their corporations against data breach from internal and external sources, CISOs have a tool that is effective at identifying breaches but some employees might find it intrusive: analytics.

Read Article
How Bots Can Tell When the C-Suite Is Lying

Companies are applying natural language processing (NLP), sentiment analysis and machine learning to the financial sector, evaluating earnings calls and other public meetings to unearth information.

Read Article
Rundown: The Cloudy Role of FedRAMP

On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

Read Article
Is It Time for Your Organization to Form an AI Ethics Committee?

Do you need to set up an artificial intelligence ethics committee if you are using this technology? Google certainly thought it did — until it changed its mind. Of course Google is one...

Read Article
7 Cloud Myths Debunked

Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history. Myths can be fun...

Read Article
6 Hot IT Leadership Trends — and 6 Going Cold

As the CIO role becomes increasingly strategic, risk aversion and a results-oriented mindset take a backseat to increasingly influence and driving organizational change.

Read Article
Cloudy With a Chance of Automation

Securing the cloud requires a different mindset than securing your on-prem infrastructure Adventures in securing the cloud As cloud operations become increasingly popular,...

Read Article
Debunking the 5 Biggest DevOps Myths

Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software...

Read Article
GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from...

Read Article
Rolling the Dice on AI

Moving forward, I would like to see machine learning incorporated in to web application scanning, an area untouched by AI today.”

Read Article
Crypto Currency Hacking Is Not About The Coin

Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a...

Read Article
Could updated controls from NIST drive up cloud security costs?

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...

Read Article
The Wacky World of GRC

Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

Read Article
“Keep It Simple” and Just Call Me SOC

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today. Yes, the new standard imposes some...

Read Article
Auditing DevOps – Developers with Access to Production

DevOps, like Agile development before it, accents the continuous evolving state of software development, particularly in cloud-base software. Like any technology change, there is no surprise that...

Read Article
Loading More...

Douglas Barbin

Artificial Intelligence: A relative reality

To differentiate what is marketing jargon from what CISOs can do with AI-enhanced products, security leaders were interviewed to find out which products embedded with AI deliver on their promises.

CMMC – the New Protocol Droid for DoD Compliance

US DoD has been working to revise funding procurement procedures DFARS. Most important are regulations which mandate that defense contractors meet NIST SP 800-171 standard that deals with CUI.

The Most Important Considerations in Building a DevSecOps Pipeline

Security Boulevard reached out to a panel of DevSecOps pros to learn more about key considerations and best practices for building a DevSecOps pipeline.

Inside-out analytics: Solving the enigmatic insider threat

To protect their corporations against data breach from internal and external sources, CISOs have a tool that is effective at identifying breaches but some employees might find it intrusive: analytics.

How Bots Can Tell When the C-Suite Is Lying

Companies are applying natural language processing (NLP), sentiment analysis and machine learning to the financial sector, evaluating earnings calls and other public meetings to unearth information.

Rundown: The Cloudy Role of FedRAMP

On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

Is It Time for Your Organization to Form an AI Ethics Committee?

Do you need to set up an artificial intelligence ethics committee if you are using this technology? Google certainly thought it did — until it changed its mind. Of course Google is one...

7 Cloud Myths Debunked

Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history. Myths can be fun...

6 Hot IT Leadership Trends — and 6 Going Cold

As the CIO role becomes increasingly strategic, risk aversion and a results-oriented mindset take a backseat to increasingly influence and driving organizational change.

Cloudy With a Chance of Automation

Securing the cloud requires a different mindset than securing your on-prem infrastructure Adventures in securing the cloud As cloud operations become increasingly popular,...

Debunking the 5 Biggest DevOps Myths

Think you know everything about DevOps? Experts debunk five of the most common misconceptions. "DevOps" is a term that gets thrown around a lot, but sometimes even seasoned software...

GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance officer at Box along with Hendrik Reese, a senior manager and GDPR practice lead from...

Rolling the Dice on AI

Moving forward, I would like to see machine learning incorporated in to web application scanning, an area untouched by AI today.”

Crypto Currency Hacking Is Not About The Coin

Two weekends ago the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website. With no more detail than a statement that said there was activity of a...

Could updated controls from NIST drive up cloud security costs?

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...

The Wacky World of GRC

Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.

“Keep It Simple” and Just Call Me SOC

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today. Yes, the new standard imposes some...

Auditing DevOps – Developers with Access to Production

DevOps, like Agile development before it, accents the continuous evolving state of software development, particularly in cloud-base software. Like any technology change, there is no surprise that...