Meet the Team

Compass Executive Team

Jerry Hughes

Jerry Hughes

Managing Partner, VP of Operations, Sr. Executive IT Auditor (CISA, QSA, CRISC, MCPM)

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 25 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), and Certified in Risk and Information Systems Control (CRISC), has extensive IT auditing experience, especially within the financial industry and the retail sector.

Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the Nation's premier consulting firms in the area of IT Governance, Assurance, Security and Compliance services. His team of CISA-certified auditors, all certified in the international framework called Control Objectives for Information and related Technologies (COBIT), offers a full suite of IT Compliance services within the banking, insurance, retail, higher education, and healthcare sectors.


Bill DePalma

Bill DePalma

Managing Partner, VP of Sales

William DePalma is a founding member of Compass IT Compliance, LLC. Prior to founding Compass, William spent eight successful years as Manager of Sales for the Lighthouse IT Compliance Group. In this role, William was instrumental in driving year over year revenue gains and positioning Lighthouse IT Compliance Group as one of the premier IT Security Consulting firms in the Northeast.

At Compass, William is responsible for driving strategic revenue growth while overseeing Compass IT Compliance's national sales and marketing efforts. Under his direction, Compass has consistently experienced double-digit year over year sales growth while ensuring the highest level of customer satisfaction to Compass' growing list of clients. William brings real-world knowledge of customer challenges with over 17 years of sales and customer support experience having previously worked for Lighthouse Computer Services, Sullivan and Cogliano, and Cabletron.

William holds a Bachelor of Science in Business Administration from University of New Hampshire and is a retired reservist in the United States Coast Guard with 21 years of successful service.


Adam Cravedi

Adam Cravedi

Director of Business Operations (CISA, CISSP)

Adam Cravedi is an original member of Compass IT Compliance, LLC. He brings over 26 years of experience in the Information Technology arena including Financial, Higher Education and Healthcare industries to the Compass team. He holds a Masters of Science in Management Operations and Information Technology and a Bachelors of Science in Electrical Engineering both from Worcester Polytechnic Institute.

Mr. Cravedi has worked in the IT Services arena since 1989 and during his career has provided solutions in the Financial, Health Care, Higher Education, and Small Business sectors. As a Senior IT Auditor for Lighthouse Computer Services, he headed up the PCI ASV scanning and Internal/External Vulnerability and Penetration testing functions for the organization. He also contributed to PCI, IT and Information risk and security audits. His work includes the role of Information Security Officer where he developed an in-depth Information Security Program that included Information Security Awareness Training as a baseline for information security for the organization and their employees. He also has extensive experience in planning, directing and implementing large scale Information Technology projects including WAN/LAN infrastructure, Information Systems architecture, VMware, Storage, Security and Compliance. Additionally, Mr. Cravedi has been involved in the planning, coordinating and execution of several Business Continuity and Disaster Recovery projects. 

Mr. Cravedi holds several industry certifications including ISC2 Certified Information Systems Security Professional (CISSP), ISACA’s Certified Information Systems Auditor (CISA), GIAC Web Application Penetration Testing (GWAPT), GIAC Mobile Security (GMOB), GIAC Certified Incident Handler (GCIH), and GIAC Information Systems Professional (GISP).


Derek Boczenowski

Derek Boczenowski


Derek Boczenowski is VP of IT Audit with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including Financial Services, Higher Education, and State/Local Government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA) and a Qualified Security Assessor (QSA), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT Security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk.

Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of Information Technology and Information Security.

The Best In The Business

Compass IT auditors are the best in the business. Our team consists of highly trained and fully certified specialists across the industry’s key disciplines, including information systems auditors, security professionals, network engineers, project managers, and IT governance experts. We have successfully executed audits for a range of business scales and budgets across multiple industries, including the highly regulated Banking and Financial sectors. We are an approved scanning vendor (ASV) for the payment card industry and our auditors are PCI-certified Qualified Security Assessors (QSA). 

Diverse Experience

  • Demonstrable success across a multitude of industries, platforms, and applications
  • Industry leading certifications including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Qualified Securit Assessor (QSA), GIAC Web Application Penetration Tester (GWAPT) and many others
  • Up-to-the-minute knowledge of industry best practices including the latest FFIEC Guidance and PCI DSS updates
  • Full utilization of ISO 27001/27002, CoBIT, and NIST IT frameworks

Innovative Solutions

One-size-fits-all solutions won't suffice in a world of rapidly evolving cyber threats. Our team possesses the training and experience required to adapt to real-time problems and deliver solutions tailored to a client’s specific needs.

Contact Us