Profile
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Expertise
- Zero Trust
- Identity & Access Management
- Multi-factor Authentication
- Single Sign On
- Privileged Access Management
Qualifications
Achievements & Contributions
- InfoWorld Leadership for DevOps and Cloud
- IDG Best Practices in Infrastructure Management
- Microsoft Most Valuable Professional (MVP) for Enterprise Security
- Contributed to NIST standards for digital identity (SP 800-63) and zero trust (SP 800-207)
- Former organizer of annual BSides and Converge conferences in Detroit
Certifications & Credentials
- CISSP - (ISC)2
- Certified Information Systems Auditor (CISA) - ISACA
Upcoming Events
View More
November 04 2025
2025 Q4 Symposium: Security Architect Symposium: What a Strategic Security Architecture Program Looks Like and How to Get There
Security architecture teams often face burnout from juggling too much engineering work or being pulled into non-architectural tasks. Misalignment with enterprise architects and challenges in demonstrating value to the organization further compound the problem. During this highly interactive event, IANS Faculty Wolfgang Goerlich will share his experience and expertise and facilitate peer-to-peer discussions that provide you actionable insights to elevate your architecture program to improve maturity, demonstrate value, and drive high-quality results
November 05 2025
2025 Q4 Symposium: Securing NHIs: Service Accounts, RPA and Agentic AI Considerations
Most organizations now grapple with explosive growth in privileged non-human identities (NHIs)—from OS-scoped service accounts and SaaS tokens to RPA bots and agentic AI. Recent incidents show attackers bypassing humans entirely by abusing OAuth and app-to-app integrations to siphon data and cloud keys, underscoring how NHI compromise fuels supply-chain style breaches. This session reframes NHI security around practical lifecycle management and hard-won field lessons. We’ll cut through hype on AI agents to the real work: securing emerging protocols like MCP, tightening SaaS-to-SaaS grants, and balancing priorities between the emerging and legacy pain that still drives risk. Attendees leave with actionable architectures, governance patterns and controls that reduce NHI blast radius in imperfect, real-world conditions.