Jim Nitterauer
I've spent more than three decades making organizations harder to hack and easier to trust.
My path into cybersecurity is unconventional — I started with a microscope & a petri dish, not a keyboard. My background in biology and microbiology taught me to think in systems, understand how threats evolve, and recognize that the most dangerous vulnerabilities are often the ones hiding in plain sight. Those instincts translate surprisingly well to information security.
I built one of the first web hosting companies in the Southeast and developed dynamic database-driven web sites. I've deployed and managed services in data centers around the world and managed everything from routers and switches to load balancers and servers. I was one of the first to adopt virtualization when VMware got its start.
I've deployed and secured SaaS services in global data centers at scale and managed large Microsoft Active Directory environments. I've managed BGP routing and ISP relationships across the globe. I've secured email and DNS services at scale. I've deployed IDS / IPS, firewalls, endpoint protection, and SIEMs. I've managed large EntraID / InTune deployments and developed custom security tools and scripts to automate everything from log analysis to incident response. I understand the technology because I've been in the trenches with it — and I understand the business because I've been in the boardroom talking about risk, strategy, and ROI.
I've modernized compliance programs by deploying GRC solutions and automating compliance workflows. I've led teams through multiple simultaneous compliance audits including SOC 2 Type II, ISO 27001, PCI-DSS and Sarbanes-Oxley. I have a firm grasp of the application development lifecyle, the security implications of each stage and have developed effective security practices for multiple development pipelines
Today I work at the executive level as a CISO, strategist, and advisor. I've built security programs from the ground up, led organizations through complex compliance initiatives, and served in senior leadership roles at companies including Zix|AppRiver and Graylog. I've also founded two technology companies, which means I understand what it feels like to sit on the other side of the table when a CISO walks in to talk about risk.
I hold the CISSP and CISM certifications, but what I'm most proud of isn't a credential — it's building security cultures that actually stick. Security programs that don't get in the way of the business. Teams that understand why they do what they do, not just what the policy says.
Compliance Experience
I speak. A lot.
Places like DEF CON, RSA, BSides Las Vegas, CircleCityCon, Blue Team Con, Hacker Halted, HouSecCon, CypherCon, NolaCon, BSides Charm, and ITEN Wired. More than twenty conferences and counting. I'm a staff member at BSides Las Vegas and serve on the ITEN Wired Planning Committee.
My talks are practical by design — I'm not interested in theoretical frameworks that look great on slides and fall apart in the real world. I want audiences to walk away with something they can actually use on Monday morning.
Looking for my next executive challenge
If you're building something that needs a security leader who's been in the trenches and in the boardroom — let's talk.
Get In Touch