J Wolfgang Goerlich's thoughts on Information Security

Press mentions

Passphrases A Viable Alternative To Passwords? (PDF) -- "One reason (organizations don't use passphrases) is the number of software applications that do not support long or complex passphrases," says J. Wolfgang Goerlich, Network Operations and Security Manager for a midwest financial services firm. "Length and special characters seem to be a challenge for some vendors. Sometimes referred to as technological debt, many IT departments must maintain a suite of apps that have not been updated with modern security recommendations." (January 2012)

Remediating IT vulnerabilities: Quick hits for risk prioritization (PDF) -- Use multiple information sources. As J. Wolfgang Goerlich, network operations and security manager for a mid-sized money management firm told me, he looks for reports that provide "solid information regarding what the threats are and at what frequency they’re occurring." (September 2011)

10 Gigabit Ethernet technology: a viable option for SMBs? (PDF) -- For J. Wolfgang Goerlich, an IT professional at a 200-employee financial services company, making the switch to 10 Gigabit Ethernet (10 GbE) was a straightforward process. “Like many firms, we have a three-year technology refresh cycle. And last year, with a big push for private cloud, we looked at many things and decided 10 GbE would be an important enabler for those increased bandwidth needs." (September 2011)

Framework for building a vulnerability management lifecycle program (PDF) -- We will present a framework for building a vulnerability management lifecycle. Using examples from practitioners, you will get a from–the-trenches view of what works and what doesn’t when trying to win the ongoing vulnerability management war. (August 2011)

I Like My IT Budget Tight and My Developers Stupid (PDF) -- Goerlich picked up responsibility for managing the IT staff three years ago and management of the development staff about a year back. He has a background in consulting, where he learned the importance of training, so one of the first things he did was implement a quarterly training goal. (May 2011)

Backup files put database information at risk (PDF) -- Cord Blood Registry breach a cautionary tale in the need for encryption, key management, and secure physical transport of database back-up media . (March, 2011)

Easing Email Management (PDF) -- Email management remains a complex undertaking for IT managers, with spam and email security among the biggest problems, according to Mimecast’s recent Microsoft Exchange 2010 Infrastructure Survey. (February, 2011)

Evaluating Data Center Colocation Providers (PDF) -- At the Midwest-based financial company where J. Wolfgang Goerlich works, the corporate-owned data center was aging and needed repairs and upgrades. The company was also due for its three-year hardware cycle. (December, 2010)

Financial services firm turning to a private cloud (PDF) -- Michigan firm decides that public cloud-based systems aren't enterprise-ready. (October, 2010)

Smart blogging can boost your career (PDF) -- If you’re looking to land a job out of college, enhance your career or find a new one, maybe you’re thinking about jumping on the blogging bandwagon. But do you really need blogger on your resume? (January, 2010)

Mentoring in open source communities (PDF) -- A sponsor provides high-level guidance, an advisor does the day-to-day mentoring, and then there's the intern or mentee. "Our pilot has my firm being the sponsor, J. Wolfgang Goerlich (a local seasoned security expert) mentoring, and a college student from Detroit interning." (September, 2009)

Security pros want strong policy for virtualization (PDF) -- Security consultants believe that the ongoing economic malaise is prompting many businesses to rush skunkworks server virtualization projects into production without thoroughly considering how these deployments might affect their overall security posture. (June, 2009)

Desktop Virtualization and the Rise of Netbooks (PDF) -- It’s a question the many in the tech industry are aksing: Will Desktop Virtualization and the Rise of Netbooks Kill the PC? (May, 2009)

Munder Capital selects Modulo to automate its risk management processes (PDF) -- Leading investment firm announces gains in productivity by deploying Modulo´s IT Governance, Risk and Compliance software. Effective risk management and control imply the development and maintenance of a process that enables the identification, analysis, evaluation and treatment of risks that may impact an organization. "The only time you know a system is secured is when you check. Modulo Risk Manager automates auditing, which enables us to check more systems more regularly. The software's risk console also gives us a score and reporting mechanism. These reports focus our efforts and prioritize our remediation," said Goerlich. (February 2009)

Double-Take Software Expands Infrastructure Software Solutions with Network Boot Technology and Software-Based iSCSI SAN (PDF) -- New Offerings Allow for Faster Server and Desktop Deployment, Easier Movement and Management of Workloads and Reduced Power and Cooling Consumption. (October, 2008)

Best Practices in DR, BCP (PDF) -- IT manager: Hurricane, tropical storm, and natural disaster season is here. Learn how to have a disaster recovery plan for business continuity with the appropriate storage and backup strategies. Disaster recovery should be looked at not just in terms of business continuity and applications availability, but also for compliance reasons. (September, 2008)

Financial Firm Shrinks Data Center (PDF) -- The combination of server virtualization and holistic management tools from Microsoft and advanced storage virtualization technologies from Compellent has enabled Munder Capital Management, a financial investment company with $28.5 billion in managed assets, to create a highly efficient, flexible and easy-to-manage data center. The money management firm now has an IT infrastructure that can quickly adapt to changing business conditions. (September, 2008)

How Microsoft Hyper-V Helped My IT Shop Revamp Disaster Recovery (PDF) -- Munder Capital Management used Microsoft Hyper-V virtualization technology and Compellent SANs to revamp its disaster recovery strategy, eliminate 42 servers and slash cooling costs. Here's a look inside their plans and decisions. (August, 2008)

Best Practices in Infrastructure Award (PDF) Compellent customer, Munder Capital Management, receives Computerworld “Best Practices in Infrastructure Management” award. (June, 2008)

Out and About

I will be attending MiSec on January 12 in Royal Oak, MI. Drop me a line if you want to meet up.

Playing with

Cloud storage. I have a StorSimple appliance in-house. StorSimple combines the performance of SSD with the scalability of cloud storage. If there is something you are curious about, or would like testing, drop me an email.