Donald Mills

Donald Mills

Donald Mills is a Virtual CISO with Compass IT Compliance. Donald is an information technology & cybersecurity professional with over 15 years of experience in the field. He maintained security programs at the base level for the USAF and managed numerous system and network accreditations for USSTRATCOM and the Air Force Weather Agency. Donald holds multiple industry level certifications and has a background in security consulting and enabling businesses to align security controls effectively into their organization. He has extensive experience in PCI assessments and has performed audits for multiple Fortune 500 companies.

Posts by Donald Mills

Shadow IT Is Now Shadow SaaS & Shadow AI: A Practical Cleanup Guide

by Donald Mills on April 22, 2026 at 2:45 AM

Shadow IT Is Now Shadow SaaS & Shadow AI: A Practical Cleanup Guide

If you caught yourself searching "what is shadow IT" this week, you are not alone, and you have probably already lived through it. The term used to conjure rogue modems in a closet, a dusty Access database on somebody's C: drive, or a "just for the team" WiFi router plugged in under a …

Read Story

Topics: Policies and Procedures Virtual CISO Artificial Intelligence

The Hidden Cybersecurity Risk Nobody Talks About: Executive Turnover

by Donald Mills on April 7, 2026 at 9:44 AM

The Hidden Cybersecurity Risk Nobody Talks About Executive Turnover

When security leaders talk about risk, the conversation usually gravitates toward ransomware, zero-day vulnerabilities, or third-party breaches. Those threats are real, and they deserve the attention they get. But there is another risk vector that quietly undermines cybersecurity prog …

Read Story

Topics: Cybersecurity Virtual CISO

The Gap Between Compliant & Secure Is Where Breaches Live

by Donald Mills on March 4, 2026 at 2:43 PM

The Gap Between Compliant & Secure Is Where Breaches Live

There's a conversation happening in boardrooms, IT departments, and leadership meetings across every industry right now, and it usually starts the same way: "Are we compliant?"

Read Story

Topics: Compliance Security

Managing Vendor Risk Without a Dedicated Team

by Donald Mills on September 23, 2025 at 2:00 PM

Managing Third-Party Vendor Risk without a Dedicated Team

High-profile breaches have shown that attackers often take the path of least resistance—and that path is frequently through a third party. The 2013 Target breach is the textbook example: attackers used a compromised HVAC vendor to access Target’s network, leading to a massive payment …

Read Story

Topics: Vendor Management Virtual CISO

RTO vs. RPO: How to Prepare for a Business Impact Analysis

by Donald Mills on February 16, 2023 at 1:00 PM

RTO vs. RPO: How to Prepare for a Business Impact Analysis

In my time as a security and compliance auditor and virtual CISO, I have reviewed countless business continuity plans (BCPs) resulting from regulatory and industry requirements to which clients must adhere. For the most part, the business continuity plans I have reviewed were written …

Read Story

Topics: Business Continuity Planning

Risk Management – Everyone Needs a Seat at the Table

by Donald Mills on March 17, 2022 at 1:00 PM

Effective risk management strategies

In the security world there’s a common saying that compliance isn’t security and security isn’t compliance. I believe what gets missed in this saying is the role proper risk assessments and risk management play in marrying up security and compliance.

Read Story

Topics: Compliance Risk Management Risk Assessment
1 2

See all

See all

Subscribe by email