About The Garlick Group

Enterprise-caliber security leadership, scaled and priced for small regulated practices.

In 2011, Andrew founded The Garlick Group with a specific premise — the same security and compliance discipline that protects a multinational can protect a six-person dental practice, a sole-practitioner tax firm, or a mid-sized nonprofit, provided it is properly scaled, correctly priced, and delivered by someone who has actually done it at scale before. Fifteen years later, that premise is the practice.

Professional Credentials

  • M.B.A., University of Detroit
  • M.A., Wayne State University
  • B.A., Sacred Heart Seminary
  • Project Management Professional (PMP)
  • Human Resources Information Professional (HRIP)
  • Cyber Insurance & Risk Readiness (training completed)
  • Graduate Certificate in Fundraising
  • Graduate-level instructor in Nonprofit Accounting

Executive Career

  • Senior Vice President, Business Systems
    WPP Group USA • 2002–2011
  • Senior Vice President & Chief Information Officer
    Young & Rubicam, Inc. • 1993–2002
  • Senior Vice President & Director, IT, North America
    Young & Rubicam, Detroit
  • Senior Vice President & Director, System Integration
    Lintas: Campbell-Ewald, Warren, MI
  • Treasurer
    University of Detroit

Why This Background Matters for Your Practice

There are two dominant kinds of cybersecurity provider serving small firms today: certified analysts who have read the frameworks, and managed service providers who have added “compliance” to their menu. Both can be useful. Neither is a substitute for executive-level security leadership.

Coordinating Sarbanes-Oxley Section 404 compliance across a multinational’s operating companies is the same discipline as building a HIPAA Security Rule program for a dental practice — only the scale differs. Briefing a board on enterprise risk is the same discipline as briefing a managing partner on the implications of the FTC Safeguards Rule. Negotiating with global enterprise vendors is the same discipline as evaluating a $200/month security tool for a small nonprofit.

The judgment that purchases is what The Garlick Group brings to every engagement: knowing what to build, what to buy, what to defer, and — most importantly for a small practice — what to ignore.

Personal Note

The Garlick Group operates from Trent Woods, North Carolina, and serves clients throughout the United States. We are a single-principal practice by design: every engagement is scoped, executed, and signed by Andrew Garlick.