The path toward Chief Technology Officer and even Chief Security Officer involves many twists and turns for those selected. As we see below, Christopher Gerg’s path also fits this winding route that leads some individuals to pursue one or more of the most important roles within a healthcare technology company. We’re honored that Chris has chosen Datica and wanted to share a small peek into his vast and interesting background.
Before becoming specialized in information security, Chris Gerg’s career follows this path: Technical Support, System Administrator, Network Engineer. Then, for three and a half years, he spends his time with a penetration testing team. While there, he learns how to both discover and exploit customer systems, networks, and data stores. For some who find breaking in and discovering the vulnerabilities within a companies’ digital walls, the challenge is exhilarating. But for Chris, this work provides only frustration as he starts seeing how many environments are left unsecured and exploitable.
In an effort to help, he begins learning how to protect networks and detect signs of attempted attack. As an attacker himself, Chris holds great insight into how it works: he goes on to learn how to lock down systems and reduce the “attack surface” of a system and network.
Over the years as a network security architect, manager, assessor, compliance expert in PCI-DSS, and eventually CISO, Chris says some foundational elements of information security became apparent — “a real, implemented plan (even if lean) is always better than relying upon some document that remains always under development.”
After spending seven years directing corporate information security at Trustwave, a company that provides threat, vulnerability and compliance management services and technologies for more than three million business customers in 96 countries, Chris sidesteps into the field of healthcare technology. As Chief Security Officer and VP of Infrastructure and Engineering for HealthGrades, Chris sees first-hand the rocky path toward digital health success when companies are placed under such heavy regulatory obligations.
Meeting these obligations is difficult and expensive for most organizations or becomes an exercise in tackling only the highest risk issues.”
In today’s press release, you can learn more about Chris’ background and his views on how companies can address the foundational elements first in the effort to secure their networks.
Road Begins and Leads Back to Wisconsin
With parents born and raised in Beaver Dam, Wisconsin, it’s not surprising that Chris would eventually find his way back to the badger state, even though he was born in Omaha, Nebraska (Offutt AFB). His dad, a 20-year Air Force veteran, took on several tours of Vietnam, with work in a missile silo, the backseat of RF-4 phantoms doing tactical reconnaissance, and working with spy planes (primarily the U-2/TR-1 and SR 71), and satellites doing photo processing for strategic reconnaissance. Due to his father’s military career, Chris attended seven different schools all over the world. “I could have ended up a wallflower (shy and reserved) or a smart ass,” says Chris, “guess which path I took?”
By middle school, the Gergs settled back in Sun Prairie, Wisc. when his father retired from military service. Chris eventually chose the University of Wisconsin-Whitewater for his college education for which he paid himself. During the break between the start of his last semester of college, Microsoft hired him for technical support during the launch of Windows 95, which wound up being the start of his career. Fortunately for Datica, Chris chose Wisconsin as his base of operations through most of his career. “Wisconsin feels uncrowded, educated, and civilized, but one can still get out in nature,” says Chris, who spends most of his free time hiking, backpacking and honing up on his nature photography skills.
From Authorship to Alpacas
During his career low point as a penetration tester, he grew concerned about the endgame. Fortunately for Chris, someone he admired gave him some good advice: Make a one year, three year, and five-year plan — not too detailed, because you might miss something. So Chris made his plan, which included two goals, 1) be published in a trade journal/magazine within six months, and 2) write a book/technical manual within five years. Using a visualization method for those goals, six months later Chris had been published in two journals and had signed a contract with O’Reilly and Associates to write, “Managing Security with Snort & IDS Tools: Intrusion Detection with Open Source Tools.”
You need only look to Chris’ book biography to understand his wicked sense of humor. According to the bio, it says that he spends his free time raising rugged mountain alpacas in the windswept peaks of south-central Wisconsin. Full disclosure: Not only are there no wind-swept peaks in south-central Wisconsin, but Chris has never owned an alpaca. At the prodding of friends, who swore no one ever reads an author’s bio, he decided to write something off the wall to see who indeed does read an author’s bio.
Throughout his career, Chris’ main goal has been to do interesting things and work with people he likes and respects. His consulting work took him from place to place, helping organizations get ready for compliance obligations, mature existing information security, risk management, compliance, privacy, and/or internal audit practices (or help build one from scratch.) He says, however, I missed being part of a team and developing a feeling of ‘ownership’ for the work product of that team. Datica provides an opportunity for a kid who took the vacuum cleaner apart at age 8 to see how it worked and a chance to be part of building something cool.”
Chris chose Datica due to its interesting alignment with his career background in compliance, information security, cloud infrastructure for healthcare and “foundational” best practices in IT.
Building security in from the start instead of ‘bolting it on later’ is a recurring theme for me and Datica,” Chris says. “Building a platform that does all those foundational things that are not a core competency for the customer is a huge deal.”