Derek Boczenowski

Derek Boczenowski

Derek Boczenowski is Chief Architect with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including financial services, higher education, and state/local government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk. Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of information technology and information security.

Posts by Derek Boczenowski

PCI DSS v4.0 ROC Changes – Coming Now to an Organization Near You!

by Derek Boczenowski on August 17, 2022 at 3:30 PM

A person inserts their credit cared into a card reader

The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is here! It has been released, the documents are available publicly for anyone who would like to read them, and forms for both the 900-pound level 1 Report on Compliance (ROC) and the Self-Assessment Questionnaires …

Read Story

Topics: PCI Compliance Compliance Vulnerability Scanning Risk Assessment

It (Should) Be an MFA World, We Are Just Living in It

by Derek Boczenowski on March 24, 2022 at 3:15 PM

It (Should) Be an MFA World, We Are Just Living in It

Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …

Read Story

Topics: Policies and Procedures Social Engineering Phishing

Transitioning to CMMC 2.0 – The Five Stages of Grief

by Derek Boczenowski on November 10, 2021 at 2:46 PM

Transitioning to CMMC 2.0 – The Five Stages of Grief

Late last week, the Pentagon put out a memo that stuck a knife in the heart of CMMC 1.0, to replace it with the new and shiny CMMC 2.0! CMMC is dead, long live CMMC!

Read Story

Topics: NIST CMMC

The Difficulties of Remaining Compliant in the New COVID Landscape

by Derek Boczenowski on November 18, 2020 at 1:00 PM

The Difficulties of Remaining Compliant in the New COVID Landscape

If there is one thing that everyone can agree on in these interesting times, it is that COVID-19 has upset the apple cart in lots of different ways. Everything from school to work to social gatherings has been disrupted and changed over the last eight months, and some of these changes …

Read Story

Topics: Compliance Security Penetration Testing Vulnerability Scanning Pandemic Planning

Blackbaud Breach – Time to Review Your Vendors

by Derek Boczenowski on July 29, 2020 at 1:00 PM

Blackbaud Breach – Time to Review Your Vendors

It has recently been reported that Blackbaud, one of the world’s largest providers of education administration, fundraising, and financial management software for nonprofits suffered a ransomware attack back in May of 2020.

Read Story

Topics: Vendor Management Incident Response Ransomware Higher Education

CMMC – What Is It, and Why Does It Matter?

by Derek Boczenowski on June 24, 2020 at 1:00 PM

A rounded loop of a factory's assembly line

There has been a lot of discussion around the cybersecurity interwebs lately about something called CMMC. CMMC stands for Cybersecurity Maturity Model Certification, which sounds super fancy and important, but what does it really mean?

Read Story

Topics: Government CMMC
1 2 3 4 5

See all

See all

Subscribe by email