The blog is problematic. It came out pre-GDPR and doesn't reference GDPR.
It also has incorrect statements: "A simple attestation by the company along with referencing Privacy Shield creates compliance": No, really it does not.
So yes, would advise you to get a real DPO and Art 27 Rep in. They aren't expensive and with CCPA present now too, will likely be a good investment.
Privacy shield is an ALTERNATIVE method of to GDPR compliance for legal controls (other alternatives are SCCs/BCRs etc). US companies can either do Privacy Shield or implement GDPR themselves.
You are correct on their lack of an Art 27 Rep however.