Garth Whitacre

Senior Solution Architect, Security

Garth-Whitacre-SHIGarth Whitacre joined SHI in December 2013 as a Senior Security Architect in SHI’s Enterprise Solutions Group. His responsibilities include identifying customer security requirements, selecting vendor agnostic products, integrating controls, and planning and managing lifecycle support. He is a Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Assessing Wireless Networks, Check Point Certified Security Administrator (CCSA), Symantec Technical Specialist for Data Loss Prevention 11 and Network Access Control 11, an RSA Engineer for enVision and SecurID, and an RSA Archer Certified Administrator. He also holds a McAfee Accredited Channel Engineer (ACE) certification.

In his spare time, Garth enjoys cycling, historical war gaming, and wine collecting.

Email Garth at Garth_Whitacre@SHI.com with your security questions.

A quick guide to finding a cybersecurity framework

Health care has HIPAA. Credit card merchants have PCI. But if you’re not part of these compliance-heavy industries, how can you know your cybersecurity is up to scratch?

The answer is a cybersecurity framework–a set of practices, policies, and processes that holds your organization accountable for its defenses. Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are measurable, repeatable, and used across many organizations. (more…)

You may also be interested in:

Clearer vision: How to keep an eye on IT security After discussions with hundreds of IT and security professionals, one concern rises above the rest in the modern IT environment: visibility. How often...
Is your data safe with your employees? Maybe not. Though your company’s sensitive data is closely guarded, locked away behind firewalls and password-protected portals, there’s another threat that shou...
The biggest IT security threats and how to prevent them If the news is any indication, IT security (or the lack thereof) is a growing concern among companies of all sizes. In the wake of reports that Chines...

How a virtual CISO could strengthen your security

With the ever-increasing number of cyberattacks for both financial gains and political purposes, companies, government agencies, and other organizations are forced to deploy and maintain an expanding depth of security controls. This has led to a breadth of oftentimes independent point solutions that aren’t driven by policies and processes and aren’t created by an experienced information security professional.

Many organizations just aren’t large enough to employ a chief information security officer (CISO), and even the ones that can afford it struggle to find qualified candidates. As a result, security falls by the wayside, becomes secondary to other IT operational concerns, and is more reactive than proactive.

That’s why virtual CISOs are growing more popular. These on-demand experts step in to evaluate, maintain, or repair your security, on-site or remotely, working as a flexible addition to your current IT team and offering the security management you may not be able to find yourself.

But not all virtual CISOs are created equal. To help you navigate the different types and functions—and whether they’re right for you at all—we’ve put together some background to guide your search. (more…)

You may also be interested in:

Why it’s time to rethink what drives your IT security program In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to ...
Think hackers aren’t targeting your small business? Think again. The fallout from the massive data breach of controversial website Ashley Madison probably still hasn’t hit rock bottom. The names and email address...
Improving IT security: Why you need to consider Next-Generation Firewalls Firewalls can be the star performer in your inventory of security controls. A good firewall not only provides ways to manage user, application, and sy...

Penetration testing: Do you need it?

In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions.

The risks of malicious cyber attacks have become more costly and more real. But there are steps you can take to ensure your network, devices, and data are as secure as possible. One of the best ways is penetration testing, in which you simulate attacks to uncover not only the weak points in your security, but the potential damage hackers could inflict through those vulnerabilities.

Some industries require penetration tests as part of compliance; others do them voluntarily. In either case, there are guidelines such as readiness, type, and value that need to be considered before moving forward. (more…)

You may also be interested in:

Is it a patch, or just another problem for your network? When is a patch not a patch? When it becomes another exploit on your network. We sometimes lose sight of these obvious points when talking about pa...
The biggest IT security threats and how to prevent them If the news is any indication, IT security (or the lack thereof) is a growing concern among companies of all sizes. In the wake of reports that Chines...
The SHI Summit: Cut the complexity out of mobile, security, and data center solutions Why do we call it an IT ecosystem? Because everything is interconnected, and one weakness causes ripples up and down your IT environment. Nothing t...

Don’t lose sensitive data to phishing attacks. Here’s how to educate your employees.

cyber criminalWhat’s the most dangerous security threat? The one your users fall for.

Many of these threats rely on our psychology to trick us into handing over access to valuable and sensitive information. Put another way, criminals use our willingness to help, submission to authority, or ignorance against us. (more…)

You may also be interested in:

How to prepare for the end of Windows XP Organizations will face a predictable IT operations and security challenge this year when Microsoft ceases support for Windows XP. Effective April 8, ...
5 components of a strong defense in depth IT environment If you knew your network had been breached, what would you do differently? If the answer is anything short of re-examining your entire arsenal of defe...
How a virtual CISO could strengthen your security With the ever-increasing number of cyberattacks for both financial gains and political purposes, companies, government agencies, and other organizatio...

Ransomware 101: What it is and how to protect yourself

Ransomware
Ransomware was once a blip on the cyber security radar, but times have changed: Ransomware attacks grew nearly 500 percent, to 3.8 million attacks, from 2014 to 2015.

Ransomware has been headline news ever since hospitals became big targets. One survey found that only 18 percent of hospitals haven’t been hit with ransomware attacks. But health care isn’t alone: Police departments, schools, and churches are all seeing ransomware attacks grow in frequency. Still, some organizations fail to protect themselves or are simply unaware of the threat ransomware poses. (more…)

You may also be interested in:

6 tech trends that took over in 2016 Technology continues to become more and more integrated into our everyday lives—it’s hard to find a company that doesn’t use software to help run thei...
Is your phone safe from mobile malware? A decade ago, Windows machines were perceived as the target of all malware. Today, malware is a threat to all platforms. Rather than one popular opera...
Is it a patch, or just another problem for your network? When is a patch not a patch? When it becomes another exploit on your network. We sometimes lose sight of these obvious points when talking about pa...

3 vulnerability and assessment tools that will strengthen your IT ecosystem

snapshot-syndromeDig up your high school yearbook photo and you’re likely in for a laugh — the clothes, the hair styles, the glasses are distant memories for most of us. That snapshot of 18-year-old you is unlikely to be confused with who you are today.

And yet when it comes to IT, many organizations often find themselves the victim of a kind of snapshot syndrome, the common misconception that our environments exist in the state in which they were last measured or assessed. In reality, most infrastructure, policies, and processes are in a continually dynamic state, and just like current you compared to your high school yearbook photo, only a few undergo limited changes. (more…)

You may also be interested in:

The 3-step approach to improving IT security Every year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on runnin...
Penetration testing: Do you need it? In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions. The risks of malicious ...
3 steps to secure your network for the Internet of Things The number of devices that rely on network connectivity to do their jobs is skyrocketing -- mobile-connected devices will outnumber people in the worl...

Clearer vision: How to keep an eye on IT security

IT securityAfter discussions with hundreds of IT and security professionals, one concern rises above the rest in the modern IT environment: visibility. How often have you heard or read the phrase “I don’t know what I don’t know?”

Even after years of deploying perimeter controls and endpoint protection, IT is still challenged with identifying and responding to unknown infrastructure threats in a timely manner. This can be attributed to a variety of issues, including changing threats, limited resources, and improperly deployed or configured security controls.

Having identified these challenges as top of mind for IT, how can organizations possibly start to regain security vision? Fear not: Every organization can take steps to repair its vision and gain insight into security and operational events. These steps can be as simple as updating supervisory controls and as complex as deploying next-generation firewalls (NGFWs).

As you look to fortify your IT security, consider these three critical steps: (more…)

You may also be interested in:

Why you don’t have to choose between productivity and security with DLP You sit down, ready to save a file to a USB drive so you can finish up a project over the weekend. You’ve experienced the dreaded security lock that p...
Is your health care organization prepared for a cyber attack? Ransomware and cybercrime hacking have been two of the most common IT security threats in 2016, but many health care organizations aren’t ready to pla...
Is your data safe with your employees? Maybe not. Though your company’s sensitive data is closely guarded, locked away behind firewalls and password-protected portals, there’s another threat that shou...

The 3-step approach to improving IT security

IT securityEvery year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on running at peak operational efficiency. There might not be anything noticeably wrong to necessitate one of these checkups, but that’s not really the point. The purpose is to take a proactive approach to system maintenance in order to catch any coughs or hiccups that might later call for an expensive fix.

SHI recommends a similar preventative approach to IT security. Organizations need to regularly assess their security programs to pinpoint small issues that could later turn into devastating security leaks. They can do this internally or hire a professional security services team.

To help our customers confirm that they deployed their security controls properly and identify any security gaps that might exist, SHI developed the Security Posture Review (SPR). The SPR is an assessment designed to evaluate various technical and operational security controls within an organization’s IT environment, which will help maximize security spend.

Our SPR consists of three phases: (more…)

You may also be interested in:

What today’s IT security looks like in 3 charts The 21st edition of Symantec’s Internet Security Threat Report (ISTR) was released in April, detailing emerging trends such as the increase in malware...
Why it’s time to rethink what drives your IT security program In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to ...
The SHI Summit: Cut the complexity out of mobile, security, and data center solutions Why do we call it an IT ecosystem? Because everything is interconnected, and one weakness causes ripples up and down your IT environment. Nothing t...

Improving IT security: Why you need to consider Next-Generation Firewalls

IT-firewall

Firewalls can be the star performer in your inventory of security controls. A good firewall not only provides ways to manage user, application, and system behavior, but it also offers multiple avenues for controlling network traffic and can help companies cut back on vendor sprawl.

Yet in order to achieve optimal functionality, organizations must say goodbye to the firewalls of yesterday and welcome the new wave of Next-Generation Firewalls (NGFWs). As Gartner put it, “The firewall market has evolved from simple stateful firewalls to NGFWs, incorporating full stack inspection to support intrusion prevention, application-level inspection, and granular policy control.”

Traditional stateful firewalls are just not as effective as they were in the past due to the increase in intelligent adversaries seeking financial gain over defacement, their lack of specificity for network traffic types, and their inability to control traffic based on other factors, such as geographical region, application, or identity.

NGFWs offer several compelling functional advantages over stateful firewalls that can help organizations overcome these challenges. (more…)

You may also be interested in:

The 3-step approach to improving IT security Every year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on runnin...
Why you don’t have to choose between productivity and security with DLP You sit down, ready to save a file to a USB drive so you can finish up a project over the weekend. You’ve experienced the dreaded security lock that p...
Assessing security: How one health care provider stepped up its security outlook When the federal government offers incentives to support a change, many organizations sprint to meet the benchmarks that trigger the payoffs. That was...

3 steps to secure your network for the Internet of Things

everything connectedThe number of devices that rely on network connectivity to do their jobs is skyrocketing — mobile-connected devices will outnumber people in the world by the end of the year, according to Cisco. All those smartphones and tablets are improving productivity and access to data, but they can also become security risks that open your network to attacks. The vulnerability of network connections has always been a problem, but the more devices are linked, the more risks you’ll have to manage, and the more stringent your security will have to be.

No potential threat is greater than the Internet of Things (IoT). As the IoT takes hold in organizations, it will exponentially multiply the number of devices on your network, connecting everything from thermostats and HVAC systems to vehicles and manufacturing equipment. Experts expect 26 billion connected units by 2020.

Every organization is facing the inevitability of the IoT and must take a stand against future security risks now. Here are three things you should do to take control of your connectivity and head off any risks as we brace for an explosion of devices as part of the IoT. (more…)

You may also be interested in:

This is why every organization needs adaptive and autonomous security More than 300 new security threats are detected every minute. Ransomware and malware are growing at double-digit rates, and mobile malware grew 72 per...
Penetration testing: Do you need it? In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions. The risks of malicious ...
Think hackers aren’t targeting your small business? Think again. The fallout from the massive data breach of controversial website Ashley Madison probably still hasn’t hit rock bottom. The names and email address...