Practitioner. Executive. Speaker.
Jim Nitterauer is a strategic information security executive with over 30 years of experience building and leading enterprise security, IT, and compliance programs. He combines rare technical depth with executive-level communication — the same person who spoke at DEF CON main track is the one who reported quarterly to the board.
At Graylog, Jim delivered four consecutive SOC 2 Type II audits with zero exceptions, reduced corporate tooling spend by 30%, and built an AI security governance framework before regulators required one. He has managed simultaneous SOC 2, ISO 27001, PCI DSS, HIPAA, and SOX audit programs — not sequentially, but concurrently.
He founded and grew one of the first web hosting companies in the Southeast, which gives him a perspective on security from the business owner's side of the table that most security executives don't have.
30 years of building things that work.
- →Led 2025 SOC 2 Type II audit — zero findings
- →Built AI security governance framework for entire organization
- →Deployed Cloudflare Zero Trust + EntraID SSO globally
- →Sustained Microsoft Security Score above 98%
- →Reduced tooling expenditure 30% through vendor consolidation
- →Reported directly to Board of Directors on risk and compliance
- →Three consecutive SOC 2 Type II audits with zero exceptions
- →Reduced IT onboarding from hours to under 10 minutes via automation
- →Deployed CrowdStrike Falcon EDR + 24/7 SOC monitoring
- →Elevated to Acting CISO for 500+ employee organization during OpenText acquisition
- →Managed simultaneous PCI DSS, SOC 2, SOC 2+HITRUST, SOX, ISO 27001 audits
- →Led Enterprise Risk Management program formalization
- →Built Pandemic Preparedness program with board-level briefings
- →Managed SecureSurf DNS security platform across 7 global data centers
- →Spoke at DEF CON main track, BSides Las Vegas, DerbyCon, and 10+ conferences
- →Led GDPR compliance effort with 6-person team