SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Josh Tomkiel

Josh Tomkiel is a Managing Director on Schellman’s Penetration Testing Team based in the Greater Philadelphia area with over a decade of experience within the Information Security field. He has a deep background in all facets of penetration testing and works closely with all of Schellman's service lines to ensure that any penetration testing requirements are met. Having been a penetration tester himself, he knows what it takes to have a successful assessment. Additionally, Josh understands the importance of a positive client experience and takes great care to ensure that expectations are not only met but exceeded.

Blog Feature

Penetration Testing | Artificial Intelligence

By: Josh Tomkiel
October 11th, 2024

Need for Secure LLM Deployments As businesses increasingly integrate AI-powered Large Language Models (LLMs) into their operations via GenAI (Generative AI) solutions, ensuring the security of these systems is on the top of everyone’s mind. "AI Red Teaming" (which is closer to Penetration Testing than a Red Team Assessment) is a methodology to identify vulnerabilities within GenAI deployments proactively. By leveraging industry-recognized frameworks, we can help your organization verify that your LLM infrastructure and execution is done securely.

Blog Feature

Penetration Testing

By: Josh Tomkiel
September 5th, 2024

For as long as the concept of cybersecurity has been around, much of the focus has centered on sophisticated technical controls—firewalls, password strength, network segmentation, endpoint protection, encryption, etc. And while implementation and regular testing of all these measures does better safeguard your organization, you also need to secure your people. In that, a social engineering campaign can help immensely.

Blog Feature

Penetration Testing | Artificial Intelligence

By: Josh Tomkiel
August 28th, 2024

Did you recently implement a new artificial intelligence (AI) feature within your application and now your customers are starting to ask for AI-specific penetration tests? Are you curious as to how an assessment like that would work? As with all these exercises, it starts with scoping.

Blog Feature

Penetration Testing

By: Josh Tomkiel
August 16th, 2024

Penetration testing is of course a major component of any security strategy. If you're preparing for your first penetration test, it's essential to ensure you're well-prepared to maximize the value of this assessment. This article outlines five key steps to help you get ready for a successful penetration test.

Blog Feature

Penetration Testing

By: Josh Tomkiel
June 27th, 2024

In our experience as cybersecurity experts and highly qualified penetration testers, there are typically three reasons why you may move forward with a penetration test and start looking around for a provider. Making that initial decision to move forward with an assessment like this is a big step, but what should you do after you make it?

Blog Feature

Penetration Testing

By: Josh Tomkiel
June 16th, 2024

Picture this: you've signed up for a social engineering attack as part of your organization's penetration test, specifically an email-based phishing campaign. The penetration testing firm is asking you to allow list their campaign through your mail filters and other technical controls. You have all those advanced protections in place - spam filters, web proxies, next-generation phishing protections - designed to protect your end users from phishing attacks. Yet, when it comes to assessing the very risk these controls are meant to mitigate, should you lower them for the tester specifically for the purpose of the test?

Blog Feature

Penetration Testing | Red Team Assessments

By: Josh Tomkiel
November 28th, 2023

If you’ve decided to undergo a red team assessment and engaged Schellman to perform it, you may be wondering what the next steps entail—as in, how will the next stages of the process work and what should you expect?

Blog Feature

Penetration Testing | Red Team Assessments

By: Josh Tomkiel
September 28th, 2023

Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetration test is not a red team assessment.

{