Datica Blog

Getting to Know Datica’s New Chief Technology and Security Officer — Christopher Gerg

Marcia Noyes
Marcia Noyes

Datica Alumni — Former Director of Communications

February 20, 2018   Company

The path toward Chief Technology Officer and even Chief Security Officer involves many twists and turns for those selected. As we see below, Christopher Gerg’s path also fits this winding route that leads some individuals to pursue one or more of the most important roles within a healthcare technology company. We’re honored that Chris has chosen Datica and wanted to share a small peek into his vast and interesting background.

Christopher Gerg
Chief Security Officer

Before becoming specialized in information security, Chris Gerg’s career follows this path: Technical Support, System Administrator, Network Engineer. Then, for three and a half years, he spends his time with a penetration testing team. While there, he learns how to both discover and exploit customer systems, networks, and data stores. For some who find breaking in and discovering the vulnerabilities within a companies’ digital walls, the challenge is exhilarating. But for Chris, this work provides only frustration as he starts seeing how many environments are left unsecured and exploitable.

In an effort to help, he begins learning how to protect networks and detect signs of attempted attack. As an attacker himself, Chris holds great insight into how it works: he goes on to learn how to lock down systems and reduce the “attack surface” of a system and network.

Over the years as a network security architect, manager, assessor, compliance expert in PCI-DSS, and eventually CISO, Chris says some foundational elements of information security became apparent — “a real, implemented plan (even if lean) is always better than relying upon some document that remains always under development.”

After spending seven years directing corporate information security at Trustwave, a company that provides threat, vulnerability and compliance management services and technologies for more than three million business customers in 96 countries, Chris sidesteps into the field of healthcare technology. As Chief Security Officer and VP of Infrastructure and Engineering for HealthGrades, Chris sees first-hand the rocky path toward digital health success when companies are placed under such heavy regulatory obligations.

Meeting these obligations is difficult and expensive for most organizations or becomes an exercise in tackling only the highest risk issues.”

In today’s press release, you can learn more about Chris’ background and his views on how companies can address the foundational elements first in the effort to secure their networks.

Road Begins and Leads Back to Wisconsin

With parents born and raised in Beaver Dam, Wisconsin, it’s not surprising that Chris would eventually find his way back to the badger state, even though he was born in Omaha, Nebraska (Offutt AFB). His dad, a 20-year Air Force veteran, took on several tours of Vietnam, with work in a missile silo, the backseat of RF-4 phantoms doing tactical reconnaissance, and working with spy planes (primarily the U-2/TR-1 and SR 71), and satellites doing photo processing for strategic reconnaissance. Due to his father’s military career, Chris attended seven different schools all over the world. “I could have ended up a wallflower (shy and reserved) or a smart ass,” says Chris, “guess which path I took?”

By middle school, the Gergs settled back in Sun Prairie, Wisc. when his father retired from military service. Chris eventually chose the University of Wisconsin-Whitewater for his college education for which he paid himself. During the break between the start of his last semester of college, Microsoft hired him for technical support during the launch of Windows 95, which wound up being the start of his career. Fortunately for Datica, Chris chose Wisconsin as his base of operations through most of his career. “Wisconsin feels uncrowded, educated, and civilized, but one can still get out in nature,” says Chris, who spends most of his free time hiking, backpacking and honing up on his nature photography skills.

From Authorship to Alpacas

During his career low point as a penetration tester, he grew concerned about the endgame. Fortunately for Chris, someone he admired gave him some good advice: Make a one year, three year, and five-year plan — not too detailed, because you might miss something. So Chris made his plan, which included two goals, 1) be published in a trade journal/magazine within six months, and 2) write a book/technical manual within five years. Using a visualization method for those goals, six months later Chris had been published in two journals and had signed a contract with O’Reilly and Associates to write, “Managing Security with Snort & IDS Tools: Intrusion Detection with Open Source Tools.”

You need only look to Chris’ book biography to understand his wicked sense of humor. According to the bio, it says that he spends his free time raising rugged mountain alpacas in the windswept peaks of south-central Wisconsin. Full disclosure: Not only are there no wind-swept peaks in south-central Wisconsin, but Chris has never owned an alpaca. At the prodding of friends, who swore no one ever reads an author’s bio, he decided to write something off the wall to see who indeed does read an author’s bio.

Why Datica?

Throughout his career, Chris’ main goal has been to do interesting things and work with people he likes and respects. His consulting work took him from place to place, helping organizations get ready for compliance obligations, mature existing information security, risk management, compliance, privacy, and/or internal audit practices (or help build one from scratch.) He says, however, I missed being part of a team and developing a feeling of ‘ownership’ for the work product of that team. Datica provides an opportunity for a kid who took the vacuum cleaner apart at age 8 to see how it worked and a chance to be part of building something cool.”

Chris chose Datica due to its interesting alignment with his career background in compliance, information security, cloud infrastructure for healthcare and “foundational” best practices in IT.

Building security in from the start instead of ‘bolting it on later’ is a recurring theme for me and Datica,” Chris says. “Building a platform that does all those foundational things that are not a core competency for the customer is a huge deal.”


HIPAA Enforcement in 2017: Key learnings from others’ mistakes

Laleh Hassibi

Vice President of Marketing

One thing is certain: healthcare still has a security problem. Out of 295 breaches reported so far for 2017, 132 are hacking/IT incident breaches.

event-note January 26, 2018

Q4 Industry Report: Shadow IT's positives and negatives within healthcare

Kris Gösser

Chief Marketing Officer

Datica's Winter 2017 quarterly industry report examines the paradox of shadow IT in healthcare. Is it a security threat or enabler for innovation?

event-note December 13, 2017

What makes HITRUST? Understanding the superset nature of HITRUST

Kris Gösser

Chief Marketing Officer

HITRUST is a superset security framework and understanding both the advantages and disadvantages of this will help you wield HITRUST successfully.

event-note November 15, 2017