Profile
George is currently chief security officer at Bedrock Security, an organization specializing in AI-driven data protection. Before that, he was head of trust and interim CISO at MongoDB and Sumo Logic's chief security officer & SVP of IT. George possesses more than 20 years of leadership experience in the domains of cybersecurity, compliance and cloud operations. He has actively participated at the forefront of secure architecture, privacy and DevSecOps since co-founding the VMware Center for Policy & Compliance.
A recognized authority in the industry, George is a frequent keynote speaker at significant security forums, including RSA, Black Hat and TEDx. He actively provides advisory services to various cybersecurity startups and enterprise technology companies, assisting in the development of product and go-to-market strategies. Additionally, George serves on several advisory boards and is a co-founder of XFoundation, a nonprofit organization dedicated to raising awareness about fentanyl poisoning.
Expertise
- Cloud Security
- DevSecOps
- Compliance & Governance (PCI, HIPAA, ISO 27001, CSA Star, SOC 2 Type 2, FedRamp)
- Management (Building teams, automation, auditing)
- Privacy
Qualifications
Achievements & Contributions
- Co-Founder of VMware Center for Policy and Compliance
- Co-Author of Center for Internet Security QuickStart Cloud Infrastructure Benchmark v1.0.0
- Author of the MIS|TI Fundamentals in Cloud Security course
- Speaker at information security conferences such as RSA, AWS reInvent, Cloud Expo Silicon Valley, SANS Institute Cloud Security Summit
- Former Global Director of Security Evangelism and Product Strategy and Director of VMware Policy and Compliance at VMware
- Former Cloud Business Director at EMC
Upcoming Events
View More
October 23 2025
2025 October Webinar: Rethinking Cybersecurity Training in the Age of AI
Research highlighted in The Wall Street Journal last month showed employees fell victim to phishing at similar rates, regardless of training. Meanwhile, AI is accelerating both the volume and sophistication of phishing attempts and deepfakes. While leaders assess their Cybersecurity Awareness Month initiatives, this session will challenge your thinking around the use of traditional simulations and explore more impactful strategies. IANS Faculty and practicing CISOs Wolfgang Goerlich and George Gerchow will cut through the noise, debating what works, what doesn’t, and how to build more effective security awareness programs.
October 30 2025
2025 Q4 Symposium: Beyond the Questionnaire: Modernizing TPRM with AI, Automation and Real-Time Insights
Traditional approaches to TPRM are falling short, with most organizations still heavily relying on vendor questionnaires. However, vendors are more dynamic than a static assessment allows, making the current approach more of a check-the-box exercise for teams than an actionable roadmap for threat mitigation. To effectively manage third-party risk on a larger scale, it's important to adopt a layered approach that thoughtfully integrates automation and AI while relying on tangible evidence. In this symposium, IANS Faculty George Gerchow provides strategies to help move away from point-in-time, one-size-fits-all assessments to a place where risk is continuously visible, measurable and actionable.