Exploring Practical Security, GRC, and Risk Leadership

Practical observations and personal perspectives on building security and governance programs that actually work in the real world.

About This Project

After years of working in security leadership roles — building governance, risk, and compliance programs — I continue to explore how companies of all sizes can approach security in ways that balance both technical rigor and business realities.

This site serves as a personal space where I share some of my thinking, experiences, and frameworks that I’ve found useful.

Topics I Often Explore

Security Program Development
Vendor Risk Management
Incident Response Planning
Secure Software Development
Risk Metrics & Board Reporting
GRC & Compliance Frameworks
- SOC 2, ISO 27001, HIPAA, GDPR, and others

My Approach

Security isn’t about adding endless controls — it’s about making smart, risk-aligned decisions that fit your business model.

I focus on:

Pragmatic advice informed by real-world experience
Balancing security needs with operational impact
Building sustainable, adaptable security programs
Avoiding unnecessary complexity and “security theater”

Contact

I’m always open to connect with others thinking about these topics.

📧 jeff@wh.itesi.de

Word Is Losing. Not to Another Word Processor.

Microsoft Word isn't being replaced by a better WYSIWYG editor. It's being replaced by a two-layer model: markdown as the content layer, AI as the presentation layer.

Ten Predictions for Where Security and GRC Are Headed

A forward-looking snapshot of the shifts shaping security, engineering, and GRC over the next few years.

View All Posts →

Whiteside Advisory
Exploring Security, GRC, Risk Management & Leadership

Perspectives on building practical, real-world security programs.