From system descriptions to control matrices, strong SOC 2 documentation sets the stage for compliance success. Explore our guide on how to prepare effectively.

Preventing social engineering attacks requires more than tools—it takes verification, training, and strong protocols. Our latest blog highlights practical ways organizations can stay ahead.

Compass cybersecurity expert Patrick Laverty joined WPRI 12 News to discuss FTC data showing scammers stole $445M from Americans 60+ in 2024, often posing as agencies or businesses by phone or online.

Compass cybersecurity expert Patrick Laverty is at the 2025 ChannelPro DEFEND: Boston event today, connecting with IT and security leaders to discuss the latest strategies for protecting businesses against evolving threats. Stop by and chat with him if you’re on-site!.

From role definition to regulatory alignment, incident response planning requires more than a checklist. Our latest blog outlines the key elements of a high-performing IRP you can build and test with confidence.

As social engineering tactics grow more sophisticated, organizations must adapt. A Compass expert shares key insights into how these attacks succeed and what proactive measures can reduce risk.

Jeff, Tommy, and Chanci from the Compass team were on the ground at Black Hat USA in Las Vegas this week. From cutting-edge threat intelligence to hands-on demos with leading technologies, they brought back critical insights to strengthen our clients’ #cybersecurity strategies.

This week, OSINT expert and Compass Social Engineer Patrick Laverty is speaking at OSMOSIS: DC Expo, while several members of our team are attending Black Hat USA in Las Vegas to connect with the infosec community and explore the latest in cybersecurity. Hope to see you there!.

Even global brands aren't immune to simple cybersecurity mistakes—like using "12345" as a password. Our latest blog breaks down why small missteps can lead to big consequences and why every business needs a cybersecurity professional on their side.

As AI capabilities grow, so does the need for responsible oversight. Our latest blog unpacks the fundamentals of AI, the rise of agentic intelligence, and what organizations must do to stay ahead.

Higher education is undergoing a notable shift toward Virtual CISO models as institutions adapt to budget constraints and increased compliance demands. Our latest blog examines the factors driving this change.

For organizations balancing risk, compliance, and day-to-day security tasks, CIS Controls and NIST CSF 2.0 offer a powerful combination. Learn how to apply them together effectively.

SOC 2 audits are essential—but too often inefficient. Our latest blog explores how modern audit platforms are helping organizations streamline workflows, reduce confusion, and improve collaboration.

Preparing for a SOC 2 audit starts well before the formal assessment begins. Our latest blog outlines the critical steps to take during the readiness phase to ensure a smoother, more successful audit experience.

HIPAA is evolving in 2025, with major changes on the horizon. Learn what healthcare organizations need to know to stay compliant and reduce risk.

Hearing “CISO” can make some leaders assume Virtual CISO services are too advanced or expensive. Our latest blog explores why that perception is often misplaced—and what these scalable services actually look like in practice.

Happy Independence Day from all of us at Compass. Today, we honor the values of freedom, resilience, and unity that define our nation.

As cybersecurity threats evolve, many organizations are turning to Managed Security Service Providers (MSSPs) for support. Our latest article explores the role MSSPs play, the services they offer, and their place within a comprehensive security strategy.

Cyber threats don’t just target service providers—and your security reporting shouldn’t be limited either. Explore how the SOC for Cybersecurity report helps organizations of all types demonstrate robust cyber risk management.

Effectively managing third-party risk starts with the right tools. Download our Vendor Security Risk Assessment Checklist—a structured resource to support due diligence, security assessments, and vendor onboarding decisions.