Ostrich Cyber-Risk Improves Cyber Risk Quantification (CRQ) Offerings, Adds CRQ Professional Services
New Hire, Risk Quantification Expert Jack Whitsitt, to Lead and Scale CRQ Professional Services and Advise on Product Usability, Functionality and Implementation
Ostrich Cyber-Risk™ is excited to announce the hire of risk quantification expert Jack Whitsitt, appointed Director of Risk Quantification, to elevate and expand the CRQ offerings of Ostrich Cyber-Risk and its new Professional Services division.
Whitsitt joins Ostrich Cyber-Risk most recently from Freddie Mac, where he served as the Information Security Risk Quantification Program Architect, with prior positions held at Bank of America and the Department of Homeland Security (DHS).
Whitsitt is a leader in the CRQ community with more than two decades of information security specific experience and has spent the past six years advancing the state of the art by expanding and refining existing CRQ, including Open FAIR™, into targeted best practices.
In his role as Director of Risk Quantification, Whitsitt will help inform product direction and lead the new Professional Services division tasked with getting customers off the ground with risk quantification while avoiding or mitigating common pitfalls. Whether a customer is just starting out in risk quantification, or they are a seasoned expert, Whitsitt’s expertise as an innovator and practitioner in information security risk quantification will enable the customer to easily get started in the Ostrich Cyber-Risk CRQ program and to gain better outcomes by implementing the best practices to define and scope cyber risk scenarios.
"Having Jack at the helm with his deep expertise as an innovator and practitioner in information security risk quantification will provide the necessary guidance to ensure optimal product usability and lead our Professional Services division, enabling customers to get better outcomes by implementing CRQ best practices,” said Bret Laughlin, CEO and Co-founder at Ostrich Cyber Risk. “Furthermore, his expertise unifies our CRQ program, bringing together the application, the usability and the professional services making it more practical whether you are just starting to build out your CRQ program, or have advanced methodologies to further refine risk quantification.”
Informed by a background that has ranged from working with the bits and bytes of security to assisting with national and international multi-stakeholder coordination, Whitsitt 's 20 years of experience converges the disciplines of technical information security, decision science, and program building into a focused way of looking at risk measurement. His tested history of applying this converged knowledge has helped organizations–large and small, public, and private–break down difficult risk-related questions into solvable problems. This assistance has been used to untangle seemingly intractable individual decisions as well as to architect standing risk quantification programs.
“After many years of providing CRQ support to individual organizations and working through advocacy and educational groups such as the FAIR™ Institute and the Society of Information Risk Analysis (SIRA) in Board and Advisory capacities, I’m excited to be able to stand on the shoulders of the community at such a dynamic organization and make my own contributions to expanding the technological options available to decisionmakers,” said Whitsitt. “I love the fact that Ostrich Cyber-Risk has developed a methodology for anyone, even a novice user, to start and succeed in its risk quantification program. I will help customers through a combination of technology and facilitation to apply subjective context, such as NIST CSF, more effectively to CRQ and to further connect the dots between classic GRC and risk measurement.”
To learn more about Ostrich Cyber-Risk cyber risk management solutions, visit our Product Section.