Derek Boczenowski

Derek Boczenowski

Derek Boczenowski is SVP of Compliance & Risk with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including financial services, higher education, and state/local government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk. Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of information technology and information security.

Posts by Derek Boczenowski

What is Protected Health Information (PHI)?

by Derek Boczenowski on January 3, 2024 at 4:30 PM

What is Protected Health Information (PHI)?

Protected Health Information (PHI) is a key element in healthcare, governed by stringent legal and ethical standards. This blog explores what PHI encompasses, its significance under HIPAA regulations, and the crucial distinction between PHI and electronic PHI (ePHI). The blog also del …

Read Story

Topics: Healthcare Security HIPAA

Cell Phone Usage at Work & HIPAA Compliance: Uncovering the Risks

by Derek Boczenowski on November 20, 2023 at 1:00 PM

HIPAA Cell Phone Usage

The healthcare industry is increasingly embracing mobile technology, integrating smartphones, tablets, and other portable devices into everyday operations across hospitals, clinics, and other workplaces. This shift towards mobile integration, while offering substantial benefits, also …

Read Story

Topics: Compliance HIPAA Policies and Procedures

Not Using Multifactor Authentication? Your Days Are Limited!

by Derek Boczenowski on February 22, 2023 at 2:30 PM

MFA

Despite the fact the multifactor authentication (MFA) has been around for decades at this point, the majority of both business and personal logins only use it when absolutely necessary. The complaints are well known; it takes too long to login, if I forget my phone or token I can’t lo …

Read Story

Topics: Compliance Policies and Procedures Cybersecurity

PCI DSS v4.0 ROC Changes – Coming Now to an Organization Near You!

by Derek Boczenowski on August 17, 2022 at 3:30 PM

A person inserts their credit cared into a card reader

The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is here! It has been released, the documents are available publicly for anyone who would like to read them, and forms for both the 900-pound level 1 Report on Compliance (ROC) and the Self-Assessment Questionnaires …

Read Story

Topics: PCI Compliance Compliance Vulnerability Scanning Risk Assessment

It (Should) Be an MFA World, We Are Just Living in It

by Derek Boczenowski on March 24, 2022 at 3:15 PM

It (Should) Be an MFA World, We Are Just Living in It

Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …

Read Story

Topics: Policies and Procedures Social Engineering Phishing

Transitioning to CMMC 2.0 – The Five Stages of Grief

by Derek Boczenowski on November 10, 2021 at 2:46 PM

Transitioning to CMMC 2.0 – The Five Stages of Grief

Late last week, the Pentagon put out a memo that stuck a knife in the heart of CMMC 1.0, to replace it with the new and shiny CMMC 2.0! CMMC is dead, long live CMMC!

Read Story

Topics: NIST CMMC
1 2 3 4 5

See all

See all

Subscribe by email