Andrew Paull

Andrew Paull

Andrew Paull is a Cybersecurity Practitioner with Compass IT Compliance, providing valuable information security risk identification and mitigation strategies to clientele from a range of industry verticals. Andrew is an established professional in the information technology field with more than a decade of network engineering, security solution architecture, and security program development and audit experience. Andrew currently holds a CISA certification and has received multiple commendations and achievement awards from the United States Army Reserve during the last 10 years of service for distinguished technical ability as an IT Specialist and Combat Medic.

Posts by Andrew Paull

Which NIST Standard Is Most Important for Small Businesses?

by Andrew Paull on July 19, 2024 at 2:53 PM

NIST for Small Business

Navigating the complexities of cybersecurity can be challenging for small businesses, but the National Institute of Standards and Technology (NIST) offers robust frameworks to help. This blog analyzes the various NIST initiatives and guidelines designed to enhance cybersecurity for sm …

Read Story

Topics: Compliance NIST

CCPA vs. GDPR: A Comprehensive Comparison

by Andrew Paull on April 11, 2024 at 2:15 PM

CCPA vs GDPR

Compliance laws such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) were established to safeguard user data from unauthorized access and breaches. These laws are applicable to businesses involved in the collection, usage, or sharing of …

Read Story

Topics: Compliance CCPA Privacy

ProxyNotShell – Microsoft Exchange Exploit Explained

by Andrew Paull on March 23, 2023 at 1:15 PM

ProxyNotShell – Microsoft Exchange Exploit Explained

ProxyNotShell – What is it? Cyberattacks have become increasingly sophisticated and widespread in recent years, with hackers constantly finding new ways to infiltrate networks and steal sensitive information. One such vulnerability that has recently come to light is ProxyNotShell, ide …

Read Story

Topics: Cybersecurity Microsoft

The Online Shopping Scam That Almost Duped a Security Professional

by Andrew Paull on December 10, 2020 at 3:15 PM

The Online Shopping Scam That Almost Duped a Security Professional

A great many things have changed in our daily lives since the COVID-19 pandemic began rampaging across the world at the beginning of this year. We have been collectively forced to adapt to working from home, schooling from home, shopping from home, and even receiving healthcare from h …

Read Story

Topics: Social Engineering Phishing

Vendor Risk Management: Third-Party Risk Analysis / Annual Review

by Andrew Paull on October 8, 2020 at 2:00 PM

Vendor Risk Management: Third-Party Risk Analysis / Annual Review

We live in a world where our interactions with each other are generally benign, observed to be candid at face value, making it easy to take the assurances of success, functionality, and capability of our colleagues and acquaintances as they are meant. Unfortunately, business interacti …

Read Story

Topics: Vendor Management

Vendor Risk Management: Information Security Responsibilities

by Andrew Paull on January 29, 2020 at 3:30 PM

Vendor Risk Management: Information Security Responsibilities

Welcome back! This article serves as part two in my Vendor Risk Management blog series, continuing the discussion on some important factors of creating and renewing third-party contracts.

Read Story

Topics: Vendor Management Information Security
1 2

See all

See all

Subscribe by email