SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Jonathan Garella

Jonathan Garella is a Senior Penetration Tester at Schellman, specializing in identifying and exploiting vulnerabilities across diverse customer environments. His expertise extends to assessing websites, conducting social engineering campaigns, and maintaining persistence in macOS, Windows, and Linux systems while evading anti-virus detection.

Before joining Schellman in 2021, Jonathan served as a Security Engineer, focusing on incident response and remediation management in Managed Service Provider (MSP) environments. In this role, he led regular team training sessions on attacker tactics, techniques, and procedures, aiming to reduce the time between detection and containment during security incidents. Additionally, Jonathan contributed to threat modeling, Security Information and Event Management (SIEM) implementation and optimization, and the deployment and configuration of Endpoint protection solutions.

Blog Feature

Penetration Testing | Red Team Assessments

By: Jonathan Garella
October 18th, 2024

Thinking Inside the Box Traditional red teaming approaches often focus on external threats—simulating how an outside attacker might breach a company’s defenses. This method is undeniably valuable, offering insights into how well an organization can withstand external cyberattacks. However, this "outside-in" perspective can sometimes overlook another aspect of security: the risks that arise from within the organization itself. While traditional red teaming is crucial for understanding external threats, thinking inside the box—examining internal processes, workflows, and implicit trusts—can reveal vulnerabilities that are just as dangerous, if not more so to an organization.

{