Media

Press mentions

Don’t want the public to see your newsroom’s gossip? Don’t put it on Slack — Journalists should exercise more caution when it comes to digital tools like Slack, said Wolfgang Goerlich, director of cyber security strategy at CBI, a risk management firm that provides security solutions for companies. Goerlich’s advice for newsrooms is to select communication apps wisely, assume all exchanges are potentially public information and protect individual accounts of employees with good privacy and security measures. (January 2017)

Prevent ransomware threats to cloud apps with backup, security tools — Ransomware has blossomed to the point where it now represents about one-third of the incidents handled by Creative Breakthrough Inc. (CBI), a managed services provider focused on IT security and risk assessments, based in Detroit. “This is a reflection of the criminalization of hackers that we have seen over the past several years,” said J. Wolfgang Goerlich, director of security strategy at the company, adding that, just because your workloads are in the cloud, “doesn’t mean you are in the clear.” (November 2016)

Corp! Cyber Security: Build a Better Onion. — “When considering how much to spend on cyber security, there are different approaches. J. Wolfgang Goerlich, director of security strategy at CBI, suggests that a company budget 0.2 percent of its annual revenue on cyber security. In addition, he recommends one full-time cyber pro for every 1,000 employees.” (April 2016)

Drowning in a sea of cybersecurity tools — “There is too much for any one leader to take in; therefore, the first step is in focusing on key areas,” says J. Wolfgang Goerlich. Goerlich recommends networking with CISOs in other organizations to gain insight into the best security tools and industry-specific trends. “Building a strong peer network within the organizations gives visibility into the line-of-business technologies.” (November 2015)

SC Magazine: Appetites for more government actions — Yet another initiative, a NIST Cybersecurity Framework, was previously launched after President Obama’s 2013 executive order. “The functions of the framework include ‘Identify’ and ‘Detect,’ which will both be bolstered by better information sharing of threat indicators and criminal tactics proposed by this year’s executive order,” says Goerlich. (October 2015)

CSO: Developers find themselves in hackers’ crosshairs — Attackers have long targeted application vulnerabilities in order to breach systems and steal data, but recently they’ve been skipping a step and going directly after the tools developers use to actually build those applications. “From a development perspective, the best practices in continuous integration and deployment would have prevented the attack against Apple’s App Store,” says Goerlich. (September 2015)

BSides: Broadening the Horizons of Information Security — J Wolfgang Goerlich, strategist with CBI and an organizer of BSides Detroit, shares Irfahn’s thoughts on BSides’ learning potential: “The movement has become a staple of the security industry. It has made it easier than ever for the local communities to come together, share and commiserate, and learn what is working and what is coming next. BSides also provides a platform for new speakers and new content, filling a vital role in developing talent.” (August 2015)

Tokenization no POS panacea; retailers need balanced security strategy — Securing credit card information comes down to securing all points along the payment processing chain. “Though tokenization and EMV have a place, there is no silver bullet. Retailers must consider and assess the security along all points in their processing,” Goerlich said. (May 2015)

Is Starbucks Under Siege from Hackers? — “As retailers and emerging payment systems develop bank-like functionality (funds transfer, cards), they need to start thinking more like banks,” J Wolfgang Goerlich, cyber security strategist at CBI says. (May 2015)

ComputerWorld: Mobile payments: What will it take for beacons to take the next step? — Wolfgang Goerlich, a cybersecurity strategist at CBI, adds that there are essentially no ways to secure Bluetooth communications, which are essential for beacon interactions. “What is going to need to happen is that, instead of trying to secure Bluetooth per se, we’ll end up with better controls on the devices.” (May 2015)

Main Street: Has Your Phone Number Been Stolen? Another Apple Pay Fraud Hits the Nation — “Illegally porting telephone numbers has been around for some time. Criminals are reusing the old technique to subvert Apple Pay’s device authentication mechanism,” said J. Wolfgang Goerlich, cyber security strategist with IT risk management company CBI. (May 2015)

Beacon Payments: A Bright Idea with Dim (Near-Term) Chances — Beacons—those little Bluetooth mechanisms stores use to beam ads to shoppers’ phones—may someday play a critical role in payments. But the technology is still years away from being a practical alternative to cards and NFC-based mobile wallets. (May 2015)

The Hill: Tokenization: the answer to retail data breaches? — The Payment Card Industry Security Standards Council is urging the payment industry to adopt tokenization products. But security firm CBI found that 97 percent of records stolen in recent retail data breaches would still have been compromised in tokenized systems. (April 2015)

CSO: Tokenization would not have helped in the majority of retail breaches over the past two years — Only 41 percent of breaches involved attacks on databases or servers, where tokenization would have protected it. “This exactly the type of trend that we often see when a control begins to be widely deployed,” said Goerlich. “The attackers will shift their focus away from we strengthened the system, to the point where it is weakest.” (April 2015)

The Futility of the Strong Password Solution — After experiencing a data breach, most companies take a number of measures to strengthen security, including advising users to change their passwords and to make them strong. (March 2015)

Data Security Experts Reveal the Biggest Mistakes Companies Make with Data & Information Security — “Neglecting data governance. Many companies lack the processes, policies, and standards for protecting data throughout its lifecycle.” (February 2015)

The 8 Most Desired Skills in 2015 — As information security executive J. Wolfgang Goerlich recently said: “The ability to effectively communicate never goes out of style. Soft skills make or break your IT career.” (October 2014)

GRRCon Blends Mix Of IT Professionals, Hackers At Cyber Security Conference — Todd Bursch and J Wolfgang Goerlich shared methods that can be followed to help provide guidance for incident response and protection. Proper security models and methodologies are great ways to stay educated and defend against the security threats of our time. (October 2014)

How to Transition From Information Technology to Cyber Security — “As simple as it sounds, getting security experience within IT itself is often overlooked. The Exchange administrator can gain security skills around email. The Cisco engineer can gain specific skills in network security.” (September 2014)

Windows XP’s Demise Shows That Microsoft Handles End of Support Better than Apple — Wolfgang Goerlich, vice president of Consulting Services for VioPoint, says that Microsoft handles end of support completely different than Apple, as the fruity-named company chose to stop providing updates for OS X Snow Leopard without providing advanced notice to its users. (April 2014)

Windows XPs Penalties for Success — “Windows XP was the first enterprise ready OS from Microsoft, and it hit at a time when most software was on the desktop. The desktop fleet aged at the same time enterprises shifted from desktop software back to server-side software. The success in these services extended the life of Windows XP. The cloud’s success meant under-investing in the desktop fleet, thereby extending Windows XP’s lifespan.” (April 2014)

Anatomy of an IT Security Career — Veteran IT security specialist, J. Wolfgang Goerlich, gives advice on breaking into the information security field, in demand skills, emerging industry trends and more. (March 2014)

Moar Security War Games (PDF) — The team of ethical hackers is called MiSec, short for Michigan Security, and were testing their metal against 173 teams spread across the planet. The team captain, Wolfgang Goerlich, asked if I would join the MiSec team to deploy a Barracuda Web Application Firewall (WAF) and Barracuda NG Firewall in front of a highly vulnerable Linux server. (December 2013)

VioPoint doubles space and adds jobs in Auburn Hills (PDF) — “We have the right people and the right services and we’re going at the market at the right time,” says Wolfgang Goerlich, vice president of consulting at VioPoint. (December 2013)

Expert Advice on Why You Should Work in Information Security — “Information security is new unexplored territory … and this creates exciting and challenging work,” says J. Wolfgang Goerlich, vice president of consulting at VioPoint. (November 2013)

GRRCon Delivered By Bringing Security People Together (PDF) — J. Wolfgang Goerlich from VioPoint presented on “Beautiful models” which discussed the changing trends in threat modeling, a critical component to a security strategy. Goerlich believes that “defense in depth is dead because you can’t defend properly unless you think like an attacker.” (September 2013)

Detroit- Based Technology Guru Blends Education & Experience To Succeed (PDF) — J Wolfgang Goerlich is the vice president of consulting services for VioPoint, a Michigan-based information security firm. He actively mentors younger people in the community through internships, open- source software projects and community events. (August 2013)

VioPoint Appoints J. Wolfgang Goerlich as Vice President of Consulting Services (PDF) — Goerlich, known for his outstanding leadership in the technology and information security community, is the co-founder of OWASP Detroit and an organizer of the annual BSides Detroit conference. Goerlich is joining VioPoint with a background in systems engineering, software development, and information security. (August 2013)

10 IT Leaders To Follow On Twitter. Wolfgang shares a unique mixture of insights, tech articles, and local happenings in the Michigan tech scene. He has a wry sense of humor and an ear towards dialog, intertwining humorous anecdotes alongside his hard-edge technical posts. (July 2013)

InfoSec’s Rising Stars and Hidden Gems: The Defenders. Goerlich is described as a superb leader who mixes his deep interest and knowledge of technology and security with his management experience and business understanding, as evidenced by his 2012 InfoWorld Technology Leadership and his 2008 IDG Best Practices in Infrastructure Management awards. Goerlich is also a well known podcaster, avid Twitterer, and a co-organizer for events like the BSidesDetroit. (July 2013)

Dark Reading: Hacker Conferences Come To Bloom In Chicago (PDF) — This year’s speaker line up included many well-known names in the local Midwestern security community, such as, Wolfgang Goerlich, Raphael Mudge, Chris Payne, Kyle Maxwell, and first-time speaker Eve Adams, to name a few. (April 2013)

CSO: Privilege management could cut breaches — if it were used (PDF) — The concept has been around for decades. J. Wolfgang Goerlich, information systems and information security manager for a Michigan-based financial services firm, said it was, “first explicitly called out as a design goal in the Multics operating system, in a paper by Jerome Saltzer in 1974.” But, it appears that so far, it has still not gone mainstream. (January 2013)

IT Security: When Protection Becomes Prohibitive — Goerlich believes the number-one thing that IT teams can do to address how security prevents productivity is correct their attitude towards the employees, recognize employee value, and foster good relationships: “We are not here to prevent some virus from being on some PC. We are here to ensure that the company can utilize the technology that we’re delivering to drive business value. And whenever those two objectives are in conflict, immediately we have to go towards driving business value.” (January 2013)

Cloud computing gains steam, but questions remain (PDF) — J. Wolfgang Goerlich, who handles cyber security for a Michigan-based financial services company, said the attacks by the bad guys wanting to get into servers is the same whether the servers are in a company’s on-premises data center or one hosted by an outside provider. But the difference is when your data is stored in the cloud, it’s like your data is stored on a shared server. (November 2012)

CSO: Web still king, but email stages scam comeback — “Organizations need to utilize and update spam filters to reduce the likelihood of scam emails getting to the end user,” J. Wolfgang Goerlich said. But he said given that signature controls always lag behind the scammers, “people become the last line of defense. It is important for an organization help its employees develop the equivalent of email street smarts.” (October 2012)

Dark Reading: 4 Reasons Why IT Security Needs Risk Management (PDF) — “Traditional IT security has what I think of as a Sisyphus complex,” says J. Wolfgang Goerlich, information systems and security manager for a Midwest financial services firm. “Every day, we roll the boulders up hill. We leave with as many systems, or boulders, secure as possible at the top of the hill. Overnight, new attacks are formed and new vulnerabilities are released. The next morning, some systems are insecure again, and we start again rolling boulders back up hill.” (July 2012)

The InfoWorld 2012 Technology Leadership Awards (PDF) — J. Wolfgang Goerlich, information systems and security manager, faced a problem in executing that business strategy: The existing systems — the applications, servers, storage, network, and the data center itself — were unable to scale to the new demands. Goerlich responded with two initiatives. (June 2012)

Detr oit Hackers Fly Under Radar (PDF) — The notion of a hackers conference probably calls to mind some motley rabble of quasianarchists tethered to laptops, but Wolf Goerlich, BSides spokesman and one of the conference’s four organizers, says computer hacking has grown up. When we talk about hackers here, we are talking about a subset of IT professionals thatfocus on network and system security. (June 2012)

7 Lessons Learned in the DevOps Trenches (PDF) — J. Wolfgang Goerlich, information systems and security manager at a midwestern financial services firm, explains how he turned his company into a DevOps shop and answered questions from the community about what DevOps is and how to implement it. (March 2012)

Dark Reading: Passphrases A Viable Alternative To Passwords? (PDF) — “One reason (organizations don’t use passphrases) is the number of software applications that do not support long or complex passphrases,” says J. Wolfgang Goerlich, Network Operations and Security Manager for a midwest financial services firm. “Length and special characters seem to be a challenge for some vendors. Sometimes referred to as technological debt, many IT departments must maintain a suite of apps that have not been updated with modern security recommendations.” (January 2012)

Remediating IT vulnerabilities: Quick hits for risk prioritization (PDF) — Use multiple information sources. As J. Wolfgang Goerlich, network operations and security manager for a mid-sized money management firm told me, he looks for reports that provide “solid information regarding what the threats are and at what frequency they’re occurring.” (September 2011)

10 Gigabit Ethernet technology: a viable option for SMBs? (PDF) — For J. Wolfgang Goerlich, an IT professional at a 200-employee financial services company, making the switch to 10 Gigabit Ethernet (10 GbE) was a straightforward process. “Like many firms, we have a three-year technology refresh cycle. And last year, with a big push for private cloud, we looked at many things and decided 10 GbE would be an important enabler for those increased bandwidth needs.” (September 2011)

Framework for building a vulnerability management lifecycle program (PDF) — We will present a framework for building a vulnerability management lifecycle. Using examples from practitioners, you will get a from–the-trenches view of what works and what doesn’t when trying to win the ongoing vulnerability management war. (August 2011)

I Like My IT Budget Tight and My Developers Stupid (PDF) — Goerlich picked up responsibility for managing the IT staff three years ago and management of the development staff about a year back. He has a background in consulting, where he learned the importance of training, so one of the first things he did was implement a quarterly training goal. (May 2011)

Dark Reading: Backup files put database information at risk (PDF) — Cord Blood Registry breach a cautionary tale in the need for encryption, key management, and secure physical transport of database back-up media . (March, 2011)

Easing Email Management (PDF) — Email management remains a complex undertaking for IT managers, with spam and email security among the biggest problems, according to Mimecast’s recent Microsoft Exchange 2010 Infrastructure Survey. (February, 2011)

Evaluating Data Center Colocation Providers (PDF) — At the Midwest-based financial company where J. Wolfgang Goerlich works, the corporate-owned data center was aging and needed repairs and upgrades. The company was also due for its three-year hardware cycle. (December, 2010)

Financial services firm turning to a private cloud (PDF) — Michigan firm decides that public cloud-based systems aren’t enterprise-ready. (October, 2010)

Smart blogging can boost your career (PDF) — If you’re looking to land a job out of college, enhance your career or find a new one, maybe you’re thinking about jumping on the blogging bandwagon. But do you really need blogger on your resume? (January, 2010)

IT World: Mentoring in open source communities (PDF) — A sponsor provides high- level guidance, an advisor does the day-to-day mentoring, and then there’s the intern or mentee. “Our pilot has my firm being the sponsor, J. Wolfgang Goerlich (a local seasoned security expert) mentoring, and a college student from Detroit interning.” (September, 2009)

Security pros want strong policy for virtualization (PDF) — Security consultants believe that the ongoing economic malaise is prompting many businesses to rush skunkworks server virtualization projects into production without thoroughly considering how these deployments might affect their overall security posture. (June, 2009)

Desktop Virtualization and the Rise of Netbooks (PDF) — It’s a question the many in the tech industry are aksing: Will Desktop Virtualization and the Rise of Netbooks Kill the PC? (May, 2009)

Munder Capital selects Modulo to automate its risk management processes (PDF) — Leading investment firm announces gains in productivity by deploying Modulo´s IT Governance, Risk and Compliance software. Effective risk management and control imply the development and maintenance of a process that enables the identification, analysis, evaluation and treatment of risks that may impact an organization. “The only time you know a system is secured is when you check. Modulo Risk Manager automates auditing, which enables us to check more systems more regularly. The software’s risk console also gives us a score and reporting mechanism. These reports focus our efforts and prioritize our remediation,” said Goerlich. (February 2009)

Double-Take Software Expands Infrastructure Software Solutions with Network Boot Technology and Software-Based iSCSI SAN (PDF) — New Offerings Allow for Faster Server and Desktop Deployment, Easier Movement and Management of Workloads and Reduced Power and Cooling Consumption. (October, 2008)

Best Practices in DR, BCP (PDF) — IT manager: Hurricane, tropical storm, and natural disaster season is here. Learn how to have a disaster recovery plan for business continuity with the appropriate storage and backup strategies. Disaster recovery should be looked at not just in terms of business continuity and applications availability, but also for compliance reasons. (September, 2008)

Financial Firm Shrinks Data Center (PDF) — The combination of server virtualization and holistic management tools from Microsoft and advanced storage virtualization technologies from Compellent has enabled Munder Capital Management, a financial investment company with $28.5 billion in managed assets, to create a highly efficient, flexible and easy-to-manage data center. The money management firm now has an IT infrastructure that can quickly adapt to changing business conditions. (September, 2008)

CIO: How Microsoft Hyper-V Helped My IT Shop Revamp Disaster Recovery (PDF) — Munder Capital Management used Microsoft Hyper-V virtualization technology and Compellent SANs to revamp its disaster recovery strategy, eliminate 42 servers and slash cooling costs. Here’s a look inside their plans and decisions. (August, 2008)

Best Practices in Infrastructure Award (PDF) Compellent customer, Munder Capital Management, receives Computerworld “Best Practices in Infrastructure Management” award. (June, 2008)

My Headshot (2015)

I want Wolf to speak at my event

I want to hire Wolf

I want to interview Wolf