CJ Hurd

CJ Hurd

CJ Hurd is Chief Operating Officer with Compass IT Compliance. CJ holds over 20 years of experience across the information technology and cybersecurity landscape. He retired from the Coast Guard in 2018 after 21 years of active-duty service, where he was named the Coast Guard's Information Security Officer of the year in 2015, 2016, and 2017, as well as being named the Department of Homeland Security’s Information Security Officer of the year in 2016. CJ holds the Certified Information Systems Security Professional (CISSP) and Certified Data Privacy Solutions Engineer (CDPSE) certifications. In his role at Compass IT Compliance, CJ leads a team of Virtual CISOs that work with organizations of all sizes and across varying industries to develop, implement, enhance, and manage their cybersecurity programs. Serving as an organization’s Virtual CISO, members of CJ’s team oversee the strategic and operational aspects of the Information Security Program as well as work to identify and remediate realized or potential security threats within an organization’s environment.

Posts by CJ Hurd

What the SEC Wants to See in Your 10-K Cybersecurity Disclosure

by CJ Hurd on March 2, 2026 at 2:00 PM

United States Securities and Exchange Commission

If you follow publicly traded companies closely, you may have noticed something tucked into their annual reports over the past few years that wasn't always there before: a section called "Item 1C – Cybersecurity." For investors, compliance professionals, and business leaders alike, th …

Read Story

Topics: Compliance Cybersecurity

CTEM Reporting Cadence: Aligning Intelligence with Stakeholders

by CJ Hurd on January 27, 2026 at 3:54 PM

CTEM Reporting Cadence Aligning Intelligence with Stakeholders

In the evolution from periodic vulnerability assessments to continuous risk management, one of the most challenging questions organizations face is: what information matters, and when? The shift to Continuous Threat Exposure Management (CTEM) doesn't mean overwhelming security teams a …

Read Story

Topics: Vulnerability Scanning Risk Management mROC

Why the ‘CISO’ in Virtual CISO Services Shouldn’t Scare You

by CJ Hurd on July 8, 2025 at 1:00 PM

vCISO Shouldn't Scare You

For many small and midsize businesses, the term Virtual CISO (or vCISO) can be a little off-putting. It sounds big, corporate, and expensive—like something built for Fortune 500 companies, not organizations with lean teams, tight budgets, and practical day-to-day needs. After all, the …

Read Story

Topics: Cybersecurity Virtual CISO

Why One-Size-Fits-All vCISO Security Programs Fall Short

by CJ Hurd on May 9, 2025 at 3:17 PM

Custom vCISO Program

When people talk about virtual Chief Information Security Officer (vCISO) services, they tend to focus on access: access to strategic guidance, access to frameworks, access to a security expert at a fraction of the cost of a full-time executive. And those benefits are real. But what d …

Read Story

Topics: Virtual CISO

What is TISAX Assessment Level 2.5 (AL 2.5)?

by CJ Hurd on January 8, 2025 at 2:21 PM

TISAX Assessment Level 2.5

In the realm of automotive and industrial information security, TISAX (Trusted Information Security Assessment Exchange) plays a vital role in standardizing security assessments among partners and suppliers. One of its unique features is the concept of assessment levels, which determi …

Read Story

Topics: Compliance Risk Assessment TISAX

Essential Elements of an Effective Virtual CISO (vCISO) Program

by CJ Hurd on October 30, 2024 at 4:32 PM

Effective vCISO Program

In today's digital world, organizations face more cyber threats than ever before. With attacks becoming increasingly complex and frequent, businesses need strong cybersecurity leadership to stay ahead. That's where a Virtual Chief Information Security Officer (vCISO) comes in—a smart …

Read Story

Topics: Compliance Risk Management Virtual CISO
1 2 3 4

See all

See all

Subscribe by email