Tom Wojcinski, CISA, CRISC
Director
As a director in Wipfli’s risk advisory services practice, Tom Wojcinski specializes in helping organizations reduce and manage the risks that modern technology and information systems introduce to their organization. In today’s business environment, customers, trading partners, regulators, and employees expect continuously available and secure information systems. To help meet this expectation, Tom works with clients to increase the confidentiality, availability, and integrity of their information assets.
Tom leads a variety of engagements designed to help improve organizations’ cybersecurity posture, including cybersecurity risk assessment, control program development and implementation, incident response planning and simulation, vulnerability and penetration testing, security audit, control verification, and managed detection and response. He is a frequent author and speaker on cybersecurity and information technology (IT) risk management topics.
Certifications:
- Certified Information Systems Auditor
- Certified in Risk and Information Systems Controls
Professional Memberships and Activities
- American Institute of Certified Public Accountants (AICPA) - Member
- Information Systems Audit and Controls Association (ISACA) - Member
- Cloud Security Alliance (CSA) - Member
- Health Information Trust Alliance (HITRUST) - Member
Services
ConsultingAreas of Focus
- Cybersecurity
- IT risk management
- IT audit
- System and Organization Controls (SOC) examinations
Education
Marquette University- Bachelor of science degree in business administration with majors in finance and information technology
Recent Insights
Articles
SolarWinds’ cyberattack may impact you — here are immediate actions to take
Dec 16, 2020
New interim rule continues DoD push to increase the security and resilience of the Defense Industrial Base sector
Oct 22, 2020
Multifactor authentication: Why you need it now
Jun 02, 2020
Investing in cybersecurity pays dividends
May 11, 2020
Cybercrime and your money: Banking on human error
May 08, 2020
How to protect your business from ransomware
Apr 17, 2020
Managing risk from vendor dependencies in a crisis
Apr 01, 2020
Fighting the wave of coronavirus phishing scams
Mar 17, 2020
5 steps to strong cybersecurity for remote employees
Mar 15, 2020
Public Wi-Fi hygiene for your employees
Mar 13, 2020
DoD adds critical verification component to defense contractor cybersecurity requirements
Feb 07, 2020
How cybercriminals are targeting construction companies — and how to prevent it
Dec 11, 2019
5 cybersecurity due diligence best practices
Sep 30, 2019
Iranian cyberattacks and BlueKeep: What you need to know
Jul 16, 2019
Blogs
Healthcare is cybercriminals’ most targeted sector — here’s what you can do
Nov 13, 2020
Iranian cyberattacks and BlueKeep: What financial institutions need to know
Jul 31, 2019
BlueKeep and Iranian cyberattacks: What manufacturers need to know
Jul 23, 2019
Webinars
Diving into CMMC requirements — including recent updates
Nov 18, 2020
Managing cyber risk: Protecting yourself beyond HIPAA
Nov 17, 2020
Asset management webinar: OCIE risk alert updates
Sep 30, 2020
What you need to know to comply with DoD cybersecurity certification requirements
Mar 11, 2020
Cloud Security and Data Privacy for Tech Companies
Oct 22, 2019