.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Security Awareness Training for SOC 2: What Your Auditor Expects
by Janelle Lewis on March 26, 2026 at 4:41 PM
On March 15, 2026, the Chittenden Solid Waste District of Vermont lost $3 million to a single phishing attack. That was not a rounding error in someone’s budget; it was a significant portion of the district’s annual funding, gone in the span of a few fraudulent emails.
Security Consulting Firms Offering Virtual CISO Services Stand Out
by William DePalma on March 20, 2026 at 11:47 AM
The cybersecurity services market has become increasingly specialized. Some providers focus exclusively on technical testing, conducting penetration tests, vulnerability assessments, and red team exercises. Others concentrate entirely on governance, risk, and compliance (GRC), offerin …
HIPAA 2026 Security Rule Overhaul: Why the Stryker Attack Matters
by Kelly O’Brien on March 17, 2026 at 2:51 PM
On March 11, 2026, the Iran-aligned hacktivist group Handala launched a devastating cyberattack on Stryker Corporation, one of the largest medical device companies in the United States, framing it as retaliation for U.S.-Israeli military strikes that killed civilians in Iran. The atta …
We Let AI Run a Penetration Test. Here's What It Got Wrong.
by Jesse Roberts on March 13, 2026 at 12:50 PM
AI is transforming cybersecurity. From threat detection to vulnerability scanning, organizations are racing to integrate artificial intelligence into their security programs. And for good reason. AI tools can scan faster, cover more ground, and work around the clock without fatigue. B …
The Gap Between Compliant & Secure Is Where Breaches Live
by Donald Mills on March 4, 2026 at 2:43 PM
There's a conversation happening in boardrooms, IT departments, and leadership meetings across every industry right now, and it usually starts the same way: "Are we compliant?"
What the SEC Wants to See in Your 10-K Cybersecurity Disclosure
by CJ Hurd on March 2, 2026 at 2:00 PM
If you follow publicly traded companies closely, you may have noticed something tucked into their annual reports over the past few years that wasn't always there before: a section called "Item 1C – Cybersecurity." For investors, compliance professionals, and business leaders alike, th …