.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Shadow IT Is Now Shadow SaaS & Shadow AI: A Practical Cleanup Guide
by Donald Mills on April 22, 2026 at 2:45 AM
If you caught yourself searching "what is shadow IT" this week, you are not alone, and you have probably already lived through it. The term used to conjure rogue modems in a closet, a dusty Access database on somebody's C: drive, or a "just for the team" WiFi router plugged in under a …
The Hidden Cybersecurity Risk Nobody Talks About: Executive Turnover
by Donald Mills on April 7, 2026 at 9:44 AM
When security leaders talk about risk, the conversation usually gravitates toward ransomware, zero-day vulnerabilities, or third-party breaches. Those threats are real, and they deserve the attention they get. But there is another risk vector that quietly undermines cybersecurity prog …
Security Consulting Firms Offering Virtual CISO Services Stand Out
by William DePalma on March 20, 2026 at 11:47 AM
The cybersecurity services market has become increasingly specialized. Some providers focus exclusively on technical testing, conducting penetration tests, vulnerability assessments, and red team exercises. Others concentrate entirely on governance, risk, and compliance (GRC), offerin …
vCISO Cost in 2026: Pricing, Ranges & What Drives the Price
by Jeffrey Torrance on January 13, 2026 at 4:06 PM
If you’re considering a virtual CISO (vCISO) this year, you’re likely asking two practical questions: “How much does it cost?” and “What actually drives the price up or down?” The short answer is that vCISO services are flexible by design, and good programs are intentionally scalable. …
Rising CISO Salaries & Tight Budgets Drive Virtual CISO Adoption
by Jeffrey Torrance on November 20, 2025 at 1:14 PM
Chief Information Security Officers have never been more important to an organization’s success. Their responsibilities span far beyond traditional security operations and now include risk governance, digital transformation, compliance strategy, incident readiness, and cross-functiona …
Managing Vendor Risk Without a Dedicated Team
by Donald Mills on September 23, 2025 at 2:00 PM
High-profile breaches have shown that attackers often take the path of least resistance—and that path is frequently through a third party. The 2013 Target breach is the textbook example: attackers used a compromised HVAC vendor to access Target’s network, leading to a massive payment …