Tom Wojcinski, CISA, CRISC
Principal
Tom Wojcinski is a principal in Wipfli’s cybersecurity and technology management practice. He specializes in helping organizations reduce and manage the risks that modern technology and information systems introduce to their organization. In today’s business environment, customers, trading partners, regulators, and employees expect continuously available and secure information systems. To help meet this expectation, Tom works with clients to increase the security, availability, and recoverability of their information assets.
Tom leads a variety of engagements designed to help improve organizations’ cybersecurity posture, including cybersecurity risk assessment, control program development and implementation, incident response planning and simulation, vulnerability and penetration testing, security audit, control verification, and managed detection and response. He is a frequent author and speaker on cybersecurity and information technology (IT) risk management topics.
Certifications
- Certified Information Systems Auditor
- Certified in Risk and Information Systems Controls
Professional Memberships and Activities
- American Institute of Certified Public Accountants (AICPA) - Member
- Information Systems Audit and Controls Association (ISACA) - Member
- Cloud Security Alliance (CSA) - Member
- Health Information Trust Alliance (HITRUST) - Member
Services
Business consulting servicesAreas of Focus
- Cybersecurity
- IT risk management
- Managed services
Education
Marquette University- Bachelor of science degree in business administration with majors in finance and information technology
Recent Insights
Articles
How cybersecurity boosts business resilience
Mar 15, 2023
Protect your manufacturing operations from digital disruption
Jan 23, 2023
Your nonprofit’s cyber and IT assessment checklist
Apr 04, 2022
New data security laws for insurers: How to comply with NAIC cybersecurity model law
Mar 27, 2022
Cyber regulations reach insurance industry with NAIC insurance data security model law
Mar 09, 2022
Why nonprofits should kick off 2022 with an IT and cyber assessment
Dec 12, 2021
The four biggest CMMC 2.0 changes
Dec 06, 2021
3 cybersecurity tips for financial services
Dec 05, 2021
Top cybersecurity and IT assessment tools for nonprofits
Oct 28, 2021
How CEOs can be proactive in cybersecurity
Sep 13, 2021
What you need to know about CMMC — today
Feb 09, 2021
A guide to CMMC: Who it applies to, how it will impact you, what parts of your org it applies to
Feb 08, 2021
How to prepare for CMMC
Feb 05, 2021
SolarWinds’ cyberattack may impact you — here are immediate actions to take
Dec 16, 2020
New interim rule continues DoD push to increase the security and resilience of the Defense Industrial Base sector
Oct 22, 2020
Multifactor authentication: Why you need it now
Jun 02, 2020
Investing in cybersecurity pays dividends
May 11, 2020
Cybercrime and your money: Banking on human error
May 08, 2020
How to protect your business from ransomware
Apr 17, 2020
Managing risk from vendor dependencies in a crisis
Apr 01, 2020
Fighting the wave of coronavirus phishing scams
Mar 17, 2020
5 steps to strong cybersecurity for remote employees
Mar 15, 2020
Public Wi-Fi hygiene for your employees
Mar 13, 2020
DoD adds critical verification component to defense contractor cybersecurity requirements
Feb 07, 2020
How cybercriminals are targeting construction companies — and how to prevent it
Dec 11, 2019
5 cybersecurity due diligence best practices
Sep 30, 2019
Iranian cyberattacks and BlueKeep: What you need to know
Jul 16, 2019
Blogs
Healthcare is cybercriminals’ most targeted sector — here’s what you can do
Nov 13, 2020
Iranian cyberattacks and BlueKeep: What financial institutions need to know
Jul 31, 2019
BlueKeep and Iranian cyberattacks: What manufacturers need to know
Jul 23, 2019
Webinars
Build resilience through an effective cybersecurity plan
Mar 10, 2023
What is a red team exercise, and how is it different from a purple team exercise?
Oct 21, 2022
What is MDR, and do you need it?
Oct 13, 2022
What should you look for when selecting a penetration test?
Oct 06, 2022
Healthcare Connections: Build a more cyber resilient healthcare organization
Sep 27, 2022
Cyber insurance readiness with JKJ
Apr 18, 2022
NAIC cybersecurity model rule implementation
Jan 12, 2022
Diving into CMMC 2.0
Nov 19, 2021
SEC fines for cybersecurity breaches: How to increase your security and avoid penalties
Oct 21, 2021
Business continuity planning post-pandemic. Keeping your program current and flexible
Jun 22, 2021
Best practices for manufacturers to boost hybrid workforce productivity and keep your Microsoft environment secure
May 05, 2021
Managing cyber risks for businesses
Mar 11, 2021
Diving into CMMC requirements — including recent updates
Nov 18, 2020
Managing cyber risk: Protecting yourself beyond HIPAA
Nov 17, 2020
Asset management webinar: OCIE risk alert updates
Sep 30, 2020
What you need to know to comply with DoD cybersecurity certification requirements
Mar 11, 2020
Cloud Security and Data Privacy for Tech Companies
Oct 22, 2019
In The News
External News
Banks can face costly fallout of breaches
Wisconsin Bankers Association | Dec 07, 2020