Enterprise-Caliber Cybersecurity Leadership, Scaled for Your Practice.
Virtual CISO services, security monitoring, penetration testing, and compliance programs — delivered by a former global agency CIO to healthcare, tax, financial services, nonprofit, and small-business clients with up to approximately 100 endpoints.
Most Small Firms Cannot Afford a Chief Information Security Officer. We Believe They Shouldn’t Have To Go Without One.
Every regulated practice — every dentist, psychologist, and chiropractor bound by HIPAA; every tax preparer bound by the FTC Safeguards Rule and IRS Publication 4557; every independent financial advisor bound by SEC Regulation S-P or the NAIC Insurance Data Security Model Law — carries the same legal obligation as a hospital system or a Wall Street bank: to protect client data with a documented, defensible, continuously maintained security program.
What small practices typically lack is not the obligation. It is the executive leadership to build the program, the operational discipline to run it, and the regulatory fluency to prove it when asked.
The Garlick Group closes that gap. Our principal, Andrew M. Garlick, served as Chief Information Officer of Young & Rubicam and as the senior IT executive responsible for cybersecurity, compliance, and infrastructure across all North American operating companies of WPP — the global marketing services enterprise. The same discipline that protects a multinational can protect a six-person dental practice, a solo tax firm, or a mid-sized nonprofit, provided it is properly scaled, correctly priced, and actually delivered. That is what we do.
Four Practice Areas. One Accountable Principal.
Every engagement is scoped, executed, and signed by Andrew Garlick.
Virtual Chief Information Security Officer (vCISO) engagements, cybersecurity risk audits, and regulatory compliance programs.
Structured, adversarial testing of your infrastructure and applications — delivered in-house, not resold.
Continuous monitoring, patching, and endpoint hygiene for practices operating up to approximately 100 endpoints.
HIPAA, FTC Safeguards Rule, SEC Reg S-P, NAIC Model Law, and NYDFS 23 NYCRR Part 500.
Who We Serve
The same discipline that protects a multinational can protect a six-person dental practice — provided it is properly scaled, correctly priced, and actually delivered.
Start with a Conversation.
Every engagement begins with a complimentary consultation. We will discuss your practice, your regulatory environment, your current security posture, and whether The Garlick Group is the right partner for your situation. If we are not, we will say so.
