Kelly O’Brien

Kelly O’Brien

Kelly O’Brien is the Senior Vice President of Risk & Compliance at Compass IT Compliance, bringing more than 20 years of experience in information technology and cybersecurity. She has built her career around helping organizations manage cyber risk, strengthen compliance programs, and align security initiatives with business strategy. Ms. O’Brien holds several distinguished certifications, including CISM, CRISC, CISA, CDPSE, CFE, and CMMC CCP. She is an active contributor to the professional community through organizations such as ISACA, Infragard, where she serves as a Board Member, and the Association of Certified Fraud Examiners. Her expertise spans a broad range of industries and encompasses key cybersecurity frameworks, regulatory standards, and specialized assessments, including CJIS. She has also authored articles for industry publications, delivered webinars for ISACA, and shared her expertise as a panelist and speaker at conferences on cybersecurity, risk management, and compliance. Beyond her professional work, Kelly volunteers with The Honor Foundation as a career coach, guiding transitioning U.S. Special Operations Forces personnel into private-sector careers. In this role, she focuses on helping veterans explore opportunities in Cyber Risk & Compliance, where her mentorship and practical insight make a meaningful impact.

Posts by Kelly O’Brien

What Does It Mean to Be CJIS Compliant?

by Kelly O’Brien on December 1, 2022 at 3:00 PM

CJIS Compliance

If your organization is involved with government entities and operations, chances are you have heard of Criminal Justice Information Services (CJIS) compliance and the importance of CJIS certification. The term is commonly used in law enforcement but can also apply to civil entities. …

Read Story

Topics: Compliance Government CJIS

Are You Protecting Your Attack Surface?

by Kelly O’Brien on August 25, 2022 at 1:00 PM

An empty office with mostly gray tones

Does your organization understand its attack surface? Gartner, Inc., a technological research and consulting firm, recently published the top trends in Cybersecurity for 2022, with attack surface expansion coming in at number one.

Read Story

Topics: Vendor Management Security Awareness Training Vulnerability Scanning Risk Management Social Engineering

Ignorance Is Not Bliss When It Comes to Security Assessments

by Kelly O’Brien on May 6, 2022 at 4:00 PM

Ignorance Is Not Bliss When It Comes to Security Assessments

It is no surprise that bad actors constantly seek to take advantage of current events and changing circumstances to exploit vulnerabilities and gaps in the security of organizations across a myriad of industry verticals and sizes.

Read Story

Topics: Compliance Penetration Testing Vulnerability Scanning Risk Management Risk Assessment

Bypassing Multi-Factor Authentication via Prompt Bombing

by Kelly O’Brien on April 27, 2022 at 1:00 PM

A woman logs into Facebook on her phone

It is the middle of the night, and you have finally fallen asleep, only to be awakened by the constant beeping of your phone. Bleary-eyed, you look at your phone to see it is prompting you to agree to log in on one of your accounts. You half wonder if you are dreaming and may instinct …

Read Story

Topics: Security Awareness Training Social Engineering Vishing

Cyber & Physical Security: Why You Need Both

by Kelly O’Brien on January 27, 2022 at 2:30 PM

Cyber & Physical Security: Why You Need Both

Cybersecurity attracts an enormous amount of attention due to cyberattacks that are publicized daily. As more devices are connected to the Internet, they become attractive targets for criminals; therefore, the attack surface increases exponentially.

Read Story

Topics: Information Security Cybersecurity Social Engineering Internet of Things Asset Management

Is Your Head in the Cloud? Traditional Security vs. Cloud Security

by Kelly O’Brien on December 31, 2021 at 3:30 PM

Is Your Head in the Cloud? Traditional Security vs. Cloud Security

When someone asks you if your head is in the clouds, there is an implication of being impractical. However, in a cloud-based environment, or in those organizations that conduct part or all of their operations in the cloud, the question has quite the opposite meaning.

Read Story

Topics: Security Cloud
1 2 3 4

See all

See all

Subscribe by email