.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Your GRC Tool Has Limits: Why a CPA Must Be Behind Your SOC Report
by Jerry Hughes on April 9, 2026 at 12:30 PM
There is a quiet misconception circulating in the compliance space, and it is worth addressing directly. As GRC automation platforms have grown in popularity, and as their marketing has increasingly emphasized “SOC 2 readiness,” “continuous compliance,” and “audit preparation” some or …
The Hidden Cybersecurity Risk Nobody Talks About: Executive Turnover
by Donald Mills on April 7, 2026 at 9:44 AM
When security leaders talk about risk, the conversation usually gravitates toward ransomware, zero-day vulnerabilities, or third-party breaches. Those threats are real, and they deserve the attention they get. But there is another risk vector that quietly undermines cybersecurity prog …
Why Most Cybersecurity Tabletop Exercises Fail (and How to Fix It)
by Kyle Daun on April 3, 2026 at 10:30 AM
.jpg)
There is a question that comes up in every security community eventually: has anyone actually been in a tabletop exercise that felt worthwhile? The frustration behind that question is completely valid. Too many organizations have sat through exercises that were clearly theater, where …
Security Awareness Training for SOC 2: What Your Auditor Expects
by Janelle Lewis on March 26, 2026 at 4:41 PM
On March 15, 2026, the Chittenden Solid Waste District of Vermont lost $3 million to a single phishing attack. That was not a rounding error in someone’s budget; it was a significant portion of the district’s annual funding, gone in the span of a few fraudulent emails.
Security Consulting Firms Offering Virtual CISO Services Stand Out
by William DePalma on March 20, 2026 at 11:47 AM
The cybersecurity services market has become increasingly specialized. Some providers focus exclusively on technical testing, conducting penetration tests, vulnerability assessments, and red team exercises. Others concentrate entirely on governance, risk, and compliance (GRC), offerin …
HIPAA 2026 Security Rule Overhaul: Why the Stryker Attack Matters
by Kelly O’Brien on March 17, 2026 at 2:51 PM
On March 11, 2026, the Iran-aligned hacktivist group Handala launched a devastating cyberattack on Stryker Corporation, one of the largest medical device companies in the United States, framing it as retaliation for U.S.-Israeli military strikes that killed civilians in Iran. The atta …