Derek Boczenowski

Derek Boczenowski

Derek Boczenowski is SVP of Compliance & Risk with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including financial services, higher education, and state/local government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk. Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of information technology and information security.

Posts by Derek Boczenowski

Blackbaud Breach – Time to Review Your Vendors

by Derek Boczenowski on July 29, 2020 at 1:00 PM

Blackbaud Breach – Time to Review Your Vendors

It has recently been reported that Blackbaud, one of the world’s largest providers of education administration, fundraising, and financial management software for nonprofits suffered a ransomware attack back in May of 2020.

Read Story

Topics: Vendor Management Incident Response Ransomware Higher Education

CMMC – What Is It, and Why Does It Matter?

by Derek Boczenowski on June 24, 2020 at 1:00 PM

A rounded loop of a factory's assembly line

There has been a lot of discussion around the cybersecurity interwebs lately about something called CMMC. CMMC stands for Cybersecurity Maturity Model Certification, which sounds super fancy and important, but what does it really mean?

Read Story

Topics: Government CMMC

Lessons Learned from a Part-Time Teleworker in Quarantine

by Derek Boczenowski on March 31, 2020 at 1:00 PM

Lessons Learned from a Part-Time Teleworker in Quarantine

If you read our blog on a regular basis, you have seen more than one excellent discussion on pandemic planning and how to set up remote workers with proper policies, process, hardware, and software to ensure secure and compliant ways to keep working from home.

Read Story

Topics: Organizational Culture Pandemic Planning

Top 5 vCISO Takeaways of 2019

by Derek Boczenowski on January 8, 2020 at 1:00 PM

A woman works on a mac computer

As the end of the year rapidly approaches, everyone does their best to reflect upon the prior year (or decade, since it is the end of one of those as well) and see what they might have learned from the past year. What were the top songs, top movies, and top vacation destinations, just …

Read Story

Topics: Security Information Security Cybersecurity Virtual CISO

Securing Your Cloud Environment – Who is Responsible?

by Derek Boczenowski on September 18, 2019 at 1:00 PM

cloud-2104829_1920

The speed at which technology progresses is truly staggering. I am old enough to remember having to load 9-track magnetic tapes to install a patch, and marveled at the lightning fast 384k connection for an entire organization, thinking we had finally made the big time.

Read Story

Topics: Policies and Procedures Cloud

Cybersecurity - Back to Basics

by Derek Boczenowski on June 14, 2019 at 1:00 PM

cyber-security-3374252_1920

Welcome to summer in New England! Or close to it at any rate. Today I would like to talk about a slightly different topic than usual on these blogs. For those of you that have read past entries, you know they are full of good advice on not many different compliance issues.

Read Story

Topics: Security Cybersecurity
1 2 3 4 5

See all

See all

Subscribe by email