Ostrich Cyber-Risk Welcomes Risk Management Expert Jack Whitsitt as Director of Risk Quantification
Former InfoSec Risk Quantification Program Architect at Freddie Mac Brings Risk Management Expertise to Lead Ostrich Cyber-Risk's Professional Services Division.
Ostrich Cyber-Risk™, the unified cyber risk management company, today announced that Jack Whitsitt has joined the Executive Leadership Team as Director of Risk Quantification. Whitsitt joins Ostrich Cyber-Risk most recently from Freddie Mac, with prior positions held at Bank of America and the Department of Homeland Security (DHS).
Whitsitt is a leader in the Cyber Risk Quantification (CRQ) community with more than two decades of Information Security specific experience. He spent the past six years advancing the state of the art by expanding and refining existing CRQ, including FAIR™, into targeted best practices. In his role as Director of Risk Quantification, Whitsitt will help inform product direction and will lead the new Ostrich Cyber-Risk Professional Services division tasked with getting customers off the ground with risk quantification while avoiding or mitigating common pitfalls.
“I am thrilled to have Jack Whitsitt join our team at Ostrich Cyber-Risk as Director of Risk Quantification,” said Yiannis Vassiliades, Chief Product Officer. “Whitsitt’s deep expertise as an innovator and practitioner in information security risk quantification will be applied to lead our new Professional Services division, enabling customers to get better outcomes by implementing best practices to define and scope cyber risk scenarios.”
Informed by a background that has ranged from working with the bits and bytes of security to assisting with national and international multi-stakeholder coordination, Whitsitt 's 20 years of experience converges the disciplines of technical information security, decision science, and program building into a focused way of looking at risk measurement. His tested history of applying this converged knowledge has helped organizations–large and small, public and private–break down difficult risk-related questions into solvable problems. This assistance has been used to untangle seemingly intractable individual decisions as well as to architect standing risk quantification programs.
Jack Whitsitt, Director of Risk Quantification
“After many years of providing CRQ support to individual organizations and working through advocacy and educational groups such as the FAIR™ Institute and the Society of Information Risk Analysis (SIRA) in Board and Advisory capacities, I’m excited to be able to stand on the shoulders of the community at such a dynamic organization and make my own contributions to expanding the technological options available to decision-makers,” said Jack Whitsitt. “In particular, I’m excited to help teams, through a combination of technology and facilitation, apply subjective context (such as NIST CSF) more effectively to CRQ and to further connect the dots between classic GRC and ‘risk measurement’.”
To learn more about the Birdseye™ cyber risk management SaaS solution, visit our Product Section.