Matt Wilgus

Matt Wilgus is a Principal at Schellman, where he heads the delivery of Schellman’s penetration testing services related to FedRAMP and PCI assessments, as well as other regulatory and compliance programs. Matt has over 20 years’ experience in information security, with a focus on identifying, exploiting and remediating vulnerabilities. In addition, he has vast experience enhancing client security programs while effectively meeting compliance requirements. Matt has a strong background in network and application penetration testing, although over the past 10 years most of his focus has been on the application side, with extensive experience testing some of the most well-known IaaS, PaaS and SaaS providers.

What Does a Penetration Test Cost? Scope Factors That Matter

Wondering what a pen test costs? Your scope will play a huge part in price--we detail different kinds of pen tests and the scoping factors that will affect your final number.

Read Article
The Intricacies in Pen Test Timing

Schellman Principal, Matt Wilgus addresses one of the biggest challenges frequently seen in planning penetration tests—timing

Read Article
Schellman is Now a PCI ASV

Schellman expands services and becomes Payment Card Industry (PCI) Approved Scanning Vendor (ASV)

Read Article
Enhanced PAM Serves Up Cloud Security

Schellman principal and threat & vulnerability assessment lead Matt Wilgus comments on how authentication and cloud security standards have changed with the increase of remote workers due to COVID-19

Read Article
What I Learned at Career Day

Talking with 4th graders on security testing, online safety, and job skills for infosec.

Read Article
How To Patch Your Open Source Software Vulnerabilities

It's up to enterprises to quickly deploy patches to secure software before hackers get in.

Read Article
11 Red Flags to Watch For When Hiring

In the battle for top tech talent, the wrong hire can be devastating. So do your tech team the favor of watching out for these warning signs before offering the job. It’s a hiring...

Read Article
Every CPA Firm Needs to be a Security Company

In 2018, the year of artificial intelligence, internet of things, blockchain, and big data, it is safe to say more and more companies are emerging to be technology companies. In the...

Read Article
The 14 Soft Skills Every IT Pro Needs

Hiring managers and recruiters bemoan a soft skills gap in IT Hiring managers and recruiters bemoan a soft skills gap in IT, and recent data backs up

Read Article
The Dangers in Perpetuating a Culture of Risk Acceptance

This article details the prevalence of risk acceptance within organizations, why IT security departments may be putting too much confidence in their controls, and how excessive...

Read Article
FedRAMP: Three Stages of Vulnerability Scanning and their Pitfalls

Though vulnerability scanning is only one of the control requirements in FedRAMP, it is actually one of the most frequent pitfalls in terms of impact to an authorization to operate...

Read Article
Best Practices When Implementing Web Application Scanning into an SDLC

Web application scanning, a type of dynamic application security testing (DAST), is an important component for organizations looking to provide a secure online offering to their clients.

Read Article
How can we keep voter data safe?

Originally published on www.iapp.org

Read Article
Database Security and FedRAMP

Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP. This article details the...

Read Article
The Panama Papers, Mossack Fonseca and the Writing on the Wall

The release of details contained in the Panama Papers will be one of the biggest news stories of the year. The number of high-profile individuals implicated will continue to grow as teams comb...

Read Article
Prepping for FedRAMP – 5 Things CSPs to Note

Originally published on www.fedrampfastforward.com BrightLine works with many cloud service providers (CSPs) which have built successful business by providing services to the private sector. With...

Read Article
3 Ways Your IT Company Can Establish Trust

Technology advancements move at a blistering pace and the integration of new development languages, frameworks, databases and the like is also quickening. Some new technologies become the...

Read Article
FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements

Overview In the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels...

Read Article
Frequency of Vulnerability Scans for PCI DSS

Q: We are a SaaS provider that follows a Scrum methodology, generally with two-week sprints. We do not handle cardholder data, but several clients are requiring vulnerability scans to show...

Read Article
Loading More...

Matt Wilgus

What Does a Penetration Test Cost? Scope Factors That Matter

Wondering what a pen test costs? Your scope will play a huge part in price--we detail different kinds of pen tests and the scoping factors that will affect your final number.

The Intricacies in Pen Test Timing

Schellman Principal, Matt Wilgus addresses one of the biggest challenges frequently seen in planning penetration tests—timing

Schellman is Now a PCI ASV

Schellman expands services and becomes Payment Card Industry (PCI) Approved Scanning Vendor (ASV)

Enhanced PAM Serves Up Cloud Security

Schellman principal and threat & vulnerability assessment lead Matt Wilgus comments on how authentication and cloud security standards have changed with the increase of remote workers due to COVID-19

What I Learned at Career Day

Talking with 4th graders on security testing, online safety, and job skills for infosec.

How To Patch Your Open Source Software Vulnerabilities

It's up to enterprises to quickly deploy patches to secure software before hackers get in.

11 Red Flags to Watch For When Hiring

In the battle for top tech talent, the wrong hire can be devastating. So do your tech team the favor of watching out for these warning signs before offering the job. It’s a hiring...

Every CPA Firm Needs to be a Security Company

In 2018, the year of artificial intelligence, internet of things, blockchain, and big data, it is safe to say more and more companies are emerging to be technology companies. In the...

The 14 Soft Skills Every IT Pro Needs

Hiring managers and recruiters bemoan a soft skills gap in IT Hiring managers and recruiters bemoan a soft skills gap in IT, and recent data backs up

The Dangers in Perpetuating a Culture of Risk Acceptance

This article details the prevalence of risk acceptance within organizations, why IT security departments may be putting too much confidence in their controls, and how excessive...

FedRAMP: Three Stages of Vulnerability Scanning and their Pitfalls

Though vulnerability scanning is only one of the control requirements in FedRAMP, it is actually one of the most frequent pitfalls in terms of impact to an authorization to operate...

Best Practices When Implementing Web Application Scanning into an SDLC

Web application scanning, a type of dynamic application security testing (DAST), is an important component for organizations looking to provide a secure online offering to their clients.

How can we keep voter data safe?

Originally published on www.iapp.org

Database Security and FedRAMP

Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP. This article details the...

The Panama Papers, Mossack Fonseca and the Writing on the Wall

The release of details contained in the Panama Papers will be one of the biggest news stories of the year. The number of high-profile individuals implicated will continue to grow as teams comb...

Prepping for FedRAMP – 5 Things CSPs to Note

Originally published on www.fedrampfastforward.com BrightLine works with many cloud service providers (CSPs) which have built successful business by providing services to the private sector. With...

3 Ways Your IT Company Can Establish Trust

Technology advancements move at a blistering pace and the integration of new development languages, frameworks, databases and the like is also quickening. Some new technologies become the...

FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements

Overview In the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels...

Frequency of Vulnerability Scans for PCI DSS

Q: We are a SaaS provider that follows a Scrum methodology, generally with two-week sprints. We do not handle cardholder data, but several clients are requiring vulnerability scans to show...