About Jim Nitterauer
I’ve spent more than three decades making organizations harder to hack and easier to trust.
My path into cybersecurity is unconventional — I started with a microscope, not a keyboard. My background in biology and microbiology taught me to think in systems, understand how threats evolve, and recognize that the most dangerous vulnerabilities are often the ones hiding in plain sight. Those instincts translate surprisingly well to information security.
I started building one of the first web hosting companies in the Southeast and developing dynamic database driven web sites. I’ve deployed and managed services in data centers around the world and managed everything from routers and switches to load balancers and servers. I was one of the first to adopt virtualization when VMware got its start.
Today I work at the executive level as a CISO, strategist, and advisor. I’ve built security programs from the ground up, led organizations through complex compliance initiatives — SOC 2, ISO 27001, PCI DSS, HIPAA, NIST — and served in senior leadership roles at companies including Zix|AppRiver and Graylog. I’ve also founded two technology companies, which means I understand what it feels like to sit on the other side of the table when a CISO walks in to talk about risk.
I hold the CISSP and CISM certifications, but what I’m most proud of isn’t a credential — it’s building security cultures that actually stick. Security programs that don’t get in the way of the business. Teams that understand why they do what they do, not just what the policy says.
I speak. A lot.
Places like DEF CON, RSA, BSides Las Vegas, CircleCityCon, Blue Team Con, Hacker Halted, HouSecCon, CypherCon, NolaCon, BSides Charm, and ITEN WIred. More than twenty conferences and counting. I’m a staff member at BSides Las Vegas and serve on the ITEN WIRED Planning Committee. My talks are practical by design — I’m not interested in theoretical frameworks that look great on slides and fall apart in the real world. I want audiences to walk away with something they can actually use on Monday morning.
My writing has appeared in CPO Magazine, Infosecurity Magazine, and Security Magazine.
You can view all my talks, publications, trainings and media appearances.
What I believe:
Security is a business problem first. Technology is just how we solve it. The best security leaders speak the language of the boardroom and the SOC — and know when to use which one.
When I’m not in security mode, I’m probably playing guitar, tinkering with tube amplifiers, traveling somewhere interesting, or enjoying a drink I’ve earned.
I’m currently looking for my next executive challenge. If you’re building something that needs a security leader who’s been in the trenches and in the boardroom — let’s talk.