Jim Nitterauer
Making organizations harder to hack and easier to trust for over three decades.
CISO, strategist, and speaker. I bridge the gap between the boardroom and the SOC — because security is a business problem first, and technology is just how we solve it.
Executive Leadership
CISO, strategist, and board-level advisor. Built security programs from the ground up, led SOC 2, ISO 27001, PCI DSS, HIPAA, and NIST compliance initiatives, and served in senior leadership roles including Zix|AppRiver and Graylog.
About MeSpeaking & Training
20+ conferences and counting — DEF CON, RSA, BSides Las Vegas, and more. My talks are practical by design. I want audiences to walk away with something they can actually use on Monday morning.
SpeakingThought Leadership
Published in CPO Magazine, Infosecurity Magazine, and Security Magazine. Writing on cybersecurity, compliance, AI, and the real decisions security leaders face every day.
Read WritingRecent Writing
Your SOC 2 Report Might Be a Lie - The Delve Scandal and What It Means for Impacted Customers
A Y Combinator compliance startup called Delve just got caught selling essentially the same SOC 2 report to 494 companies. Not similar, but almost identical. Same paragraphs. Same grammatical errors. Different logos. And the kicker: the reports said every single one of those companies had zero security incidents. All 259 of them. Every observation period. Statistically impossible and apparently nobody noticed, or nobody cared.
Axios npm Supply Chain Attack
On March 31, 2026, attackers hijacked the npm account of **jasonsaayman**, the primary maintainer of the Axios JavaScript HTTP client library. Using stolen credentials, they published two malicious versions (**1.14.1** and **0.30.4**) containing a hidden dependency that silently installed a cross-platform Remote Access Trojan (RAT) on developer machines and CI/CD systems. The attack was live for approximately three hours before npm removed the packages.
Why Your Corporate Emails Are Getting Blocked — And Who's Really to Blame (It's Not The Recipient)
Legitimate corporate emails from well-known companies are getting blocked by Spamhaus ZEN. The culprit in most cases? Google. Here's what's happening, why it's getting worse, and what your organization should do about it.
Don't Make Your Email Filter Your First Line of Defense – Why organizations keep getting phished when the fix is in the DNS
Having worked in email filtering for more than 15 years, I know that proper DNS configuration can dramatically reduce your phishing exposure. Yet most organizations still rely almost entirely on their email filter.
20+ Conferences.
One Goal.
Practical security insights you can actually implement. I don't do theoretical frameworks that look great on slides and fall apart in the real world.
View Speaking HistoryReady to build something secure?
If you're building something that needs a security leader who's been in the trenches and in the boardroom — let's talk.