Look for any podcast host, guest or anyone
Showing episodes and shows of

Greg Schaffer

Shows

The Virtual CISO MomentThe Virtual CISO MomentS7E33 - A Conversation with James PhanIn this episode, Greg Schaffer interviews James Pham, CEO and co-founder of Opsin, who shares his unique journey from chemistry medalist in high school to tech entrepreneur. James discusses how his academic and professional path took him from studying in Korea and working in Singapore to pursuing his entrepreneurial dream in the U.S., eventually earning a spot at MIT where he taught machine learning. He later joined Abnormal Security in the Bay Area, gaining insight into enterprise security challenges. This experience inspired him to co-found Opsin, a company focused on helping organizations manage and govern generative AI usage...2025-06-2432 minThe Virtual CISO MomentThe Virtual CISO MomentS7E32 - A Conversation with Mick GraysonIn this episode of Security Conversations from The Virtual CISO Moment, Greg Schaffer sits down with Mick Grayson, a seasoned cybersecurity professional with a wealth of experience in both the public and private sectors. Together, they explore the evolving challenges of managing risk in an increasingly complex threat landscape, the importance of mentorship in cybersecurity leadership, and how small and midsized organizations can build practical, resilient security programs. With thoughtful insights and real-world anecdotes, Mick offers valuable perspective for security leaders at every level.2025-06-1911 minKeyboard SamuraiKeyboard SamuraiGreg Schaffer - So you want to be an InfoSec ConsultantThinking of breaking into InfoSec consulting? Greg Schaffer spills decades of wisdom—what to do, what not to do, and why most fail before they start. Whether you're dreaming of becoming a vCISO or just want to avoid rookie mistakes, this episode is packed with gritty truths, business smarts, and a few laughs to keep it real.Find Greg: LinkedIn: https://www.linkedin.com/in/gregoryschaffer/YT: https://www.youtube.com/ ⁨@vciso⁩  Spotify: https://open.spotify.com/show/3A9PI9NlmBbSKAhHGivspV?si=2f2ddd1fba4746162025-05-0926 minThe CyBUr Guy PodcastThe CyBUr Guy PodcastThe CyBUr Guy Podcast S3E20: Greg Schaffer of vCISO ServicesIn this episode, I talk to Greg Schaffer of vCISO services from the 2023 National Cyber Summit.  Many thanks to Greg for his patience in waiting for me to put this podcast together. Give a listen, tell a friend. Thoughts/Comments/Suggestions are welcome at darren@thecyburguy.com or at linkedin.com/in/darrenmott. 2023-12-2322 minThe Virtual CISO MomentThe Virtual CISO MomentThrowback Thursday - A Conversation with Greg van der GaastFrom March 29, 2023 - Greg van der Gaast is an international speaker on Why Security Fails, IT Quality, Leadership, and Strategy. He also is a former hacker, FBI & DoD operative, author, advisor, CISO, and people and culture enthusiast. Listen to hear his fascinating story and what is a major threat for SMB information security that most don't consider. He can be reached at https://gregvandergaast.com/. 2023-10-1228 minThe Virtual CISO MomentThe Virtual CISO MomentInfosec Wrap Up - July 21, 2023On today's episode: Kevin Mitnick: https://www.msn.com/en-us/news/us/pioneering-hacker-kevin-mitnick-fbi-wanted-felon-turned-security-guru-dead-at-59/ar-AA1e8kyP Mallox ransomware: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html DDoS new methods: https://arstechnica.com/security/2023/07/attackers-find-new-ways-to-deliver-ddoses-with-alarming-sophistication/ Island browser on AWS Marketplace: https://www.helpnetsecurity.com/2023/07/20/island-enterprise-browser-aws-marketplace/ Poll: https://www.linkedin.com/feed/update/urn:li:ugcPost:7087465445724692480/ Europe IoT regulations: https://cy.bugprove.com/s/an-overview-of-iot-regulations-checklist-for-uk-psti-eu-red-and-cra-9756 Zyxel flaw: https://www.infosecurity-magazine.com/news/zyxel-flaw-exploited-ddos-botnets/ Previous video episodes of The Virtual CISO Moment podcast: https://youtube.com/vciso ...2023-07-2115 minThe Virtual CISO MomentThe Virtual CISO MomentThrowback Thursday - A Conversation with Greg FlattGreg Flatt is the founder of Flatt Earth Networking, Inc. Since 1996, Flat Earth Networking, Inc. has provided mid- to large-sized businesses an authoritative approach to network security that includes superior enterprise products and effective problem-solving. Greg discusses his path beginning and growing Flat Earth Networking, Inc. over the past 26 years. From December 13, 2022.2023-06-0121 minMindset Growth, Rayz Rantz, Breaking BarriersMindset Growth, Rayz Rantz, Breaking BarriersGreg Hayne of Hayne Coaching GroupIn this episode of Mindset Growth, Gary Bontrager interviews Greg Hayne, the founder and president of Hayne Coaching Group, a company that helps roofing contractors grow their businesses and improve their lives. Greg shares his journey from working in the construction industry to becoming a roof consultant and then a coach. He also reveals his insights on personal growth, journaling, goal setting, work culture, leadership, and finding meaning and purpose in work. Listen to this episode to learn how to overcome fixed mindsets, expand your vision, and respond to the divinity inside you. Chapters: 0:00 - Introduction 2:45 - Growing up...2023-05-151h 00The Virtual CISO MomentThe Virtual CISO MomentS5E17 - A Conversation with Greg van der GaastFor our special last Wednesday of the month episode for March, Greg van der Gaast joins us. Greg is an international speaker on Why Security Fails, IT Quality, Leadership, and Strategy. He also is a former hacker, FBI & DoD operative, author, advisor, CISO, and people and culture enthusiast. Listen to hear his fascinating story and what is a major threat for SMB information security that most don't consider. He can be reached at https://gregvandergaast.com/.2023-03-2928 minYour Digital Marketing Coach with Neal SchafferYour Digital Marketing Coach with Neal SchafferHuman x A.I. : Unleashing the Power of A.I. in Marketing [Greg Starling Interview]Following up on my report from the Generative AI conference, today's guest has transformed a social media dashboard into becoming an AI ghostwriter for digital and social media marketing.Meet Greg Starling, Head of the Innovation Labs at Tailwind, who is helping to create a new generative AI product there.- Using AI to brainstorm ideas- Using AI to streamline marketing processes- When & how to partner with AI for maximum effectivenessTake a deep dive into A.I. and how you can better leverage it for your business.2023-03-0250 minThe CTO Show with Mehmet GonulluThe CTO Show with Mehmet Gonullu#31 A fireside chat with Greg Schaffer from vCISO servicesIn today's episode, I am interviewing Greg Schaffer from vCISO services. Greg started his cybersecurity journey in 1989, and he offers his services to different customers across multiple verticals. Here are the main topics we discussed in this episode: - How to explain CyberSecurity to non-technical people in the C-Suite - What CISOs should be focusing on and what mindsets should they have - Cybersecurity and IT Ops relation - Advice to SMEs - Justifying the cyber bill - AI and CyberSecurity - Advice for people interested in entering the cybersecurity industry  How to connect with Greg? Podcast: h...2023-02-1127 minBusiness and Entrepreneurship with KAJBusiness and Entrepreneurship with KAJInformation Security for Small & Midsized Businesses with Greg SchafferIn this video, we discuss information security for small and midsized businesses with Greg Schaffer, an information security expert, entrepreneur, podcaster, and author. Greg is the founding principal of vCISO Services, LLC, a consulting firm that provides small and midsized businesses with strategic information security expertise.  With over three decades of experience, Greg is a highly experienced information security executive, specializing in information security program and project management, risk assessment and mitigation, vendor risk management, policy and standards creation and implementation, and disaster recovery and business continuity. Watch here: https://youtu.be/vHyQyfRa4So Listen on top podcast platforms here: h...2023-01-2639 minThe KAJ Masterclass LIVEThe KAJ Masterclass LIVEInformation Security for Small & Midsized Businesses with Greg SchafferIn this video, we discuss information security for small and midsized businesses with Greg Schaffer, an information security expert, entrepreneur, podcaster, and author. Greg is the founding principal of vCISO Services, LLC, a consulting firm that provides small and midsized businesses with strategic information security expertise.  With over three decades of experience, Greg is a highly experienced information security executive, specializing in information security program and project management, risk assessment and mitigation, vendor risk management, policy and standards creation and implementation, and disaster recovery and business continuity. Watch here: https://youtu.be/vHyQyfRa4So 2023-01-2639 minThe Virtual CISO MomentThe Virtual CISO MomentInfosec Wrap Up - January 13, 2023US air grounding due to one engineer's error, vuln in chromium browsers, Citrix vuln, Tech Republic bundle offer, 10 penetration testing decision factors, and why soft skills are necessary in infosec. https://www.dailymail.co.uk/news/article-11628753/FAA-flight-grounding-debacle-stranded-tens-thousands-hours-caused-engineer.html https://thehackernews.com/2023/01/experts-detail-chromium-browser.html https://www.csoonline.com/article/3685414/royal-ransomware-group-actively-exploiting-citrix-vulnerability.html#tk.rss_all https://www.techrepublic.com/article/explore-information-security-huge-course-bundle/ https://christianespinosa.com/blog/top-10-penetration-testing-decision-factors/ https://technative.io/why-soft-skills-are-key-to-filling-the-digital-talent-gap/ If you're interested in filling the gap for Tuesday's episode please send me an email at greg@gregschaffer.info.2023-01-1318 minThe Virtual CISO MomentThe Virtual CISO MomentInfosec Wrap Up - January 6, 2023Flipper phish, Slack breach, LastPass last trust, Twitter account info for free, Iran DDoS attack, data privacy trends, and a question of whether or not to use a VPN firewall (feedback encouraged, email greg@gregschaffer.info). https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/ https://cybernews.com/security/slack-admits-security-breach/ https://www.pcmag.com/opinions/lastpass-is-losing-our-trust https://www.forbes.com/sites/petersuciu/2023/01/04/data-from-200-million-twitter-users-offered-for-free-on-hacker-forum/ https://www.jpost.com/middle-east/iran-news/article-726852 https://www.law360.com/articles/1559756/5-data-privacy-law-trends-that-will-continue-into-2023 2023-01-0621 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E62 - A Conversation with Greg FlattGreg Flatt is the founder of Flatt Earth Networking, Inc. Since 1996, Flat Earth Networking, Inc. has provided mid- to large-sized businesses an authoritative approach to network security that includes superior enterprise products and effective problem-solving. Greg discusses his path beginning and growing Flat Earth Networking, Inc. over the past 26 years.2022-12-1321 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E42 - The Secret to Success in Cybersecurity (2022 Middle Tennessee Cyber Conference)Recorded at the Middle Tennessee Cyber Conference September 13, 2022 - host Greg Schaffer walks through his 33 year career in information technology and security, providing lessons learned and what he has determined is, for him, the secret for success in cyber security. We had technical issues with the primary video and audio recording so this recording is not quite up to our standards, but we still felt it was relevant to share.2022-09-2150 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E35 - Briefing for Small BusinessesIn this presentation from 2014, Greg discusses SMB information security concerns with a group of small business owners in Tennessee. Most is relevant still today (though Greg notes he'd reevaluate his antivirus recommendations). Most of the video is dark (lights turned down to view slide deck off-screen).2022-08-1749 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E31 - Optimizing Your vCISOIn this special Wednesday episode, from the CU Intersect Conference in Houston Texas July 19, 2022, vCISO Services, LLC Principal Greg Schaffer discusses how credit unions and other small and midsized businesses can optimize their vCISO to maximize their information security posture.2022-07-2727 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, June 6, 2022Unpacking the Verizon Data Breach Investigations Report, a new "Man on the Side" attack (and what is that?),  this week's resource highlight - InfoSecSherpa, and "paying your dues". https://securityboulevard.com/2022/06/verizon-dbir-2022-whats-worth-acting-on/ https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html https://en.wikipedia.org/wiki/Man-on-the-side_attack https://infosecsherpa.medium.com/ 2022-06-0613 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, June 3, 2022Confluence zero day, Microsoft zero day exploitation example, Ransomware roundup, and my reaction to a LinkedIn post about virtual CISO services that went semi-viral for the wrong reasons. We need to do better in the virtual CISO space. https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ https://techcrunch.com/2022/06/01/china-backed-hackers-are-exploiting-unpatched-microsoft-zero-day/ https://www.csoonline.com/article/3662038/ransomware-roundup-system-locking-malware-dominates-headlines.html 2022-06-0317 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E22 - A Conversation with Rob BlackRob Black, Founder and CEO of Fractional CISO (https://fractionalciso.com) talks about providing fractional/virtual CISO services to midsized SaaS technical organizations as well as other businesses, his story of starting Fractional CISO, and how he sees the SMB threat environment.2022-05-3125 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, May 30, 2022Microsoft Zero Day, CISA adds 75 vulns to critical list, and cybersecurity as Corporate Social Responsibility. Today we honor all who gave their life for freedom. https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html https://www.forbes.com/sites/daveywinder/2022/05/26/us-cybersecurity-agency-strongly-urges-you-patch-these-75-actively-exploited-flaws/?sh=7c03a1b26381 https://venturebeat.com/2022/05/26/cybersecurity-is-a-corporate-social-responsibility-especially-in-times-of-war/ 2022-05-3008 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment (Trailer)2022-05-2800 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, May 27, 2022Verizon DBIR, 10 exploited access points, email is still a problem (surprise), four tips for entry-level cyber analysts, and ransomware with a twist. Be kind to each other. Please. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf https://www.securitymagazine.com/articles/97676-cisa-outlines-10-initial-access-points-exploited-by-hackers https://www.scmagazine.com/analysis/email-security/employees-email-still-drives-most-of-the-data-loss-at-organizations https://www.redglobal.com/news-blog/cybersecurity-jobs-4-tips-every-budding-cybersecurity-analyst-should-know https://www.tripwire.com/state-of-security/security-data-protection/ransomware-demands-acts-of-kindness-to-get-your-files-back/ 2022-05-2712 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E21 - A Conversation with Kyle CravensKyle Cravens, Founder/Managing Principal of the staffing and recruiting firm Key Resource Group, LLC (https://www.krgnow.com/), joins us to discuss the IT and Information Security recruiting environment including tips on how a candidate can improve their chances of landing the position; how COVID and remote work has changed the environment, and how his faith guides his journey.2022-05-2423 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, May 23, 2022Conti disbands, DOJ directs good-faith security research should not be charged, governments consider ransomware self-insuring, and just say no to saying no in information security. https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/ https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act https://www.govtech.com/computing/facing-cyber-insurance-woes-local-governments-find-other-options https://www.helpnetsecurity.com/2022/05/17/security-department-refuses-request/ 2022-05-2312 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, May 20, 2022Remote work, IT and infosec staff stress and ransomware - a canary in the coal mine? https://www.helpnetsecurity.com/2022/05/17/state-of-security/ https://www.helpnetsecurity.com/2022/05/18/it-help-desk-stress/ https://www.techtarget.com/searchsecurity/news/252518151/Iranian-APT-Cobalt-Illusion-launching-ransomware-attacks https://thehackernews.com/2022/05/russian-conti-ransomware-gang-threatens.html https://finance.yahoo.com/news/cybersecurity-research-76-organizations-admit-161500884.html https://www.csoonline.com/article/3660636/cisos-worried-about-material-attacks-boardroom-backing.html https://www.prnewswire.com/news-releases/nacd-responds-to-sec-rule-proposal-on-public-company-cybersecurity-risk-management-strategy-governance-and-incident-disclosure-301546494.html 2022-05-2010 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E20 - A Conversation with Clark CummingsClark Cummings joins us to discuss enterprise risk management, how to recognize "risk collisions", and provide practical risk management advice for small and midsized businesses.2022-05-1726 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, May 16, 2022What is the secret to security (or any business) success? Listen to find out.2022-05-1608 minThe Virtual CISO MomentThe Virtual CISO MomentAbout the Virtual CISO Moment PodcastThe Virtual CISO Moment aims to inform and entertain. We hope you will join us! All episodes drop at 8:00 AM Central (US). Monday - The VCM Quick Strike (audio only) Tuesday - The Virtual CISO Moment Conversations (audio and video) Friday - The Virtual CISO Moment Wrap Up 2022-05-1302 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, May 13, 2022Many topics, including Lincoln College, CISA and MSPs, SEC and Board of Directors, and Pegasus. https://www.engadget.com/lincoln-college-ransomware-attack-shut-down-covid-19-164917483.html https://www.cisa.gov/uscert/ncas/current-activity/2022/05/11/cisa-joins-partners-release-advisory-protecting-msps-and-their https://media-exp1.licdn.com/dms/document/C561FAQE9H1UdCeHoyg/feedshare-document-pdf-analyzed/0/1652377478990?e=1653523200&v=beta&t=h52Z9d1TKwui7If9gNJTf03j1YQUPLzIwQRyxAABFEQ https://www.weforum.org/agenda/2022/03/cybersecurity-rules-prepare/ https://www.nytimes.com/2022/05/12/us/politics/fbi-pegasus-spyware-israel.html 2022-05-1318 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E19 - A Conversation with Mike RastigueMike Rastigue with Crum & Forster joins us to discuss cyber insurance and one way that his organization is helping SMBs to be both better prepared to meet cyber insurance underwriting requirements and increase their security posture.2022-05-1020 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, May 9, 2022Last week I came across two instances on LinkedIn of apparent predatory practices in the information security field - one related to regulatory compliance, another for a consultant certification. We have to do better as an industry.2022-05-0911 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, May 6, 2022Conti continues, ransomware payouts, supply chain breach in higher ed, and NIST 800-161r1 release. https://www.providencejournal.com/story/news/politics/2022/05/04/malware-used-ripta-hack-identified-conti-strain-russian-cybercriminals/9635388002/ https://cybernews.com/security/russian-passport-details-exposed-by-database-leak/ https://thejournal.com/articles/2022/05/05/565-schools-over-1m-students-impacted-by-illuminate-data-breach-2nd-colorado-district-affected.aspx https://www.helpnetsecurity.com/2022/05/06/cybersecurity-supply-chain-risk/ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf 2022-05-0612 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E18 - A Conversation with Frank PlattFrank Platt of Infosec Alliance LLC (https://www.infosecalliance.com/) joins us to discuss many infosec topics, including risk management, and CMMC...and BBQ!2022-05-0325 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, May 2, 2022A business continuity exercise to continue operations after a nuclear attack? Maybe not as crazy a scenario to plan for as we might have thought. Today's Quick Strike touches on that, including an interesting option for a data center that could possibly survive such an attack. It's not what you think... https://www.amazon.com/Nuclear-War-Survival-Skills-Instructions/dp/1634502973/ https://www.amazon.com/Information-Security-Small-Midsized-Businesses/dp/1733066845/ https://www.linkedin.com/posts/todd-byars-9b669a6_solaronemonolith-toddwbyars-computerdudes-activity-6926164507580919808-EEKp/ 2022-05-0209 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, April 29, 2022Advice and resources for those looking for a cybersecurity entry level position, updates on vulns/exploits. https://www.wgu.edu/blog/guide-entry-level-cyber-security-jobs2102.html https://blogs.cisco.com/security/the-more-you-know-job-searching-interviewing https://www.linkedin.com/company/breaking-into-cybersecurity/ https://www.darkreading.com/vulnerabilities-threats/cisa-log4shell-most-exploited-vulnerability-2021 https://www.bleepingcomputer.com/news/security/okta-lapsus-breach-lasted-only-25-minutes-hit-2-customers/amp/ https://www.ic3.gov/Media/News/2022/220420.pdf https://store.isaca.org/s/community-event?id=a334w000004TXbEAAW#/Overview 2022-04-2915 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E17 - Saying Goodbye to the First OfficeAll small businesses have their own genesis story. vCISO Services began as many do; an idea in a home office, then a migration to an outside work environment, and then further growth. Recognizing, honoring, remembering, and respecting roots is a critical component of the success of a business. Note - Because this was an on-site video and was not recorded in the studio; the video and audio quality is a bit less.2022-04-2613 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, April 25, 2022CISA tools, improving communications, and scholarship recipient. https://www.cisa.gov/free-cybersecurity-services-and-tools2022-04-2506 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, April 22, 2022Conti, BlackCat/ALPHV, DDoSecrets. https://ddosecrets.substack.com/ https://www.csoonline.com/article/3657875/ransomware-plagues-finance-sector-as-cyberattacks-get-more-complex.html https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/ https://www.cisa.gov/uscert/ncas/alerts/aa21-265a https://www.cyber.nj.gov/alerts-advisories/blackcatalphv-ransomware-indicators-of-compromise 2022-04-2212 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E16 - A Conversation with Don BahamDon Baham is very active in both the local and on-line information security communities, as well as having extensive experience helping SMBs with information security needs. He joins us to discuss challenges and opportunities including observations on the cyber security supply chain issue and possible ways to address.2022-04-1921 minThe Virtual CISO MomentThe Virtual CISO MomentVCM Quick Strike for Monday, April 18, 2022Virtual CISO resources: https://www.linkedin.com/groups/12095465/ https://www.vcisonews.com/ https://vciso.network/2022-04-1801 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, April 15, 2022Discussed in this week's wrap up: https://www.techrepublic.com/article/supply-chain-cyberattacks-jumped-51-in-2021/ https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/ https://healthitsecurity.com/news/cisa-issues-guidance-on-cybersecurity-information-sharing https://www.nationalcybersummit.com/ https://secondchancebook.org2022-04-1512 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E15 - A Conversation with Chris BedelChris Bedel, President and CEO of Bedel Security (bedelsecurity.com) talks about how the virtual CISO fits in to, compliments, and enhances financial institutions' information security program and posture. He also touches on history and future of the virtual CISO. If you're a virtual CISO for financial institutions or are interested in how a virtual CISO benefits financial institutions, this is a must-see episode packed with useful information!2022-04-1220 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment Wrap Up for Friday, April 8, 2022Discussed in this week's wrap up: https://www.techrepublic.com/article/credit-agency-warns-weak-cybersecurity-defenses-could-hurt-a-companys-credit-rating-even-before-an-attack/ https://www.techrepublic.com/article/fbi-investing-millions-in-software-to-monitor-social-media-platforms/ https://techcrunch.com/2022/02/07/irs-facial-recognition-id-me/ Ad link: https://www.amazon.com/Information-Security-Small-Midsized-Businesses/dp/1733066845/ Finally, a correction: The Tennessee Bankers Association Strategic Technology, Risk, and Security Conference https://tnbankers.org/event/strategic-technology-risk-security-conference/ is April 27th, not April 28th as noted in the episode.2022-04-0810 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E14 - A Conversation with Bob QuandtBob Quandt, owner of Bullseye Compliance (https://bullseyecompliance.com) joins VCM for a conversation that ranges from issues and trends in SMB security, entrepreneurship and making a difference, fitness and stress management, application of military experience to infosec, and more!2022-04-0519 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E13 - A Conversation with Chuck SiriosEmail remains the most common vector for criminals to exploit. Chuck Sirois discusses how PhishFacts (https://phishfacts.com) can help SMBs identify misconfigured email configurations that criminals may leverage.2022-03-2923 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E12 - The CISSP and the Virtual CISOThe Certified Information Systems Security Professional, or CISSP, is considered by some to be the pinnacle of information security professional certifications, on par with the CPA. But why is that, and what differentiates it from other certifications? And why is it important for virtual CISOs to have and maintain this certification?2022-03-2214 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E11 - A Conversation with Ed CarrollEd Carroll joins us to discuss many of the initiatives he's involved with, including Edison Marks to apply AI to help SMBs (https://edisonmarks.com/), the Carolina Cyber Center to help with information security in North Carolina and beyond (https://carolinacybercenter.com/), and an update on the RETR3AT cyber security conference at beautiful Montreat College (https://www.montreat.edu/about/events/retr3at/).2022-03-1518 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E10 - Sad Reaction to Recent Infosec AdviceWhile watching a report on the news this morning about items to consider to counter possible Russian cyber attacks related to the Ukraine-Russia crisis, I felt sadness. The reason may surprise you, or not. Find out why on today's special midweek installment of The Virtual CISO Moment.2022-03-0907 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E9 - Discussion with Craig Sandman of Symbol SecurityCraig Sandman of Symbol Security (https://symbolsecurity.com/) and vCISONews (https://www.vcisonews.com/) joins us to discuss the importance of effective security awareness training for SMBs and the virtual CISO role.2022-03-0825 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E8 - CISO David BakerChief Information Security Officer David Baker gives insight into the challenges of an SMB CISO.  Guest opinions are their own and not the views of their employer.2022-03-0120 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E7 - Don't Ignore the NewsThreat awareness sources are many. One that is often overlooked is the news. Hear why being plugged into current events in real time is important. (And Greg says "yes I know the difference between emulate and emanate").2022-02-2110 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E6 - Don't Spin Your WheelsInformation security is difficult without a plan. Don't spin your wheels. Find a framework, find a coach, and find success.2022-02-1611 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E5 - Business Continuity Table Top Exercises ContinuedWe delve in a bit deeper into business continuity exercise types - which is right for your business? We also have a special invitation.2022-02-0813 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E4 - The Effect of Culture on Information SecurityThe security posture of a company is rooted in the company's culture - its approach and attention to information security across all levels of the organization.2022-02-0214 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E3 - The vCISO and 3LoDMorning thoughts on how the virtual CISO fits in an organization, using the Three Lines of Defense (3LoD) model to illustrate.2022-01-2807 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E2 - Business Continuity Table Top ExercisesBusiness Continuity Table Top Exercises (or BCP TTX, since it's easier to type) are important for identifying gaps in business continuity, disaster recovery, and incident response programs. Don't ignore this essential exercise, and don't treat it as just an information technology exercise.2022-01-2817 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E1 - Information About the Virtual CISO FieldThe virtual CISO is not a new discipline, but it is evolving. Like other security specialties, there are different approaches and skills offered. This is the first of several upcoming discussions on the virtual CISO space.  greg.schaffer@vcisoservices.com2022-01-2812 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S4E0 - TrailerAfter a hiatus, The Virtual CISO Moment returns with useful information from security experts who understand small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just a few minutes every Tuesday discussing SMB information security risk issues.2022-01-2701 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E7 - MetricsMetrics - security leaders talk about them often. But what is the one critical question they, and you, should ask about information security metrics?2020-08-2008 minBears, Birds, and BrewsBears, Birds, and Brews'Brews Brothers' creator Greg SchafferOn this week's episode, we spoke with Greg Schaffer, who is the creator of the hilarious Netflix show "Brews Brothers." Our conversation covers the making of the show, behind-the-scenes stories and info, and industry insight that Greg has gained from working on other shows such as "The League" on FX. We also talk about his Michigan Wolverines, Dallas Cowboys, and Cleveland Indians, plus how and why he's forgiven LeBron James for leaving the Cavaliers the first time.2020-08-1459 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E6 - Social DistancingThe episode compares COVID-19 and information security risks...through a Chihuahua.2020-07-1306 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E5 - COVID-19 Fear and Small Business ScamsMany small business owners are frightened now, unsure of how their business will survive. Many in the United States have applied for the PPP. But the combination of economic calamity, fear of infection, stress from lives upended , all create an environment for criminals to exploit. It's okay to be afraid, but don't let it lead you to becoming a victim.2020-04-2106 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E4 - COVID-19 Business Continuity LessonsThe COVID-19 pandemic has disrupted business operations on an unprecedented scale. It also presents an opportunity to learn and grow business operations. This will end, and the time to prepare for the "new normal" is now.2020-04-1409 minGreg Jameson – Greg JamesonGreg Jameson – Greg JamesonNeal Schaffer – The Age of Influence  Neal Schaffer is a leading authority on helping businesses through their digital transformation of sales and marketing through consulting, training, and helping companies develop and execute on social media marketing strategy, influencer marketing, and social selling initiatives. President of the social media agency PDCA Social, Neal also teaches digital media to executives at Rutgers […]2020-03-3138 minGreg JamesonGreg JamesonNeal Schaffer – The Age of Influence  Neal Schaffer is a leading authority on helping businesses through their digital transformation of sales and marketing through consulting, training, and helping companies develop and execute on social media marketing strategy, influencer marketing, and social selling initiatives. President of the social media agency PDCA Social, Neal also teaches digital media to executives at Rutgers […]2020-03-3138 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E3 - HoodieThe "hacker in a hoodie" image has been used for years by the media to call attention to articles about cyber security incidents. It's time that graphic is retired. Here's why.2020-01-1906 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E2 - FUD and StatisticsFUD - Fear, Uncertainty, and Doubt - is sometimes used to sell products or services. One popular FUD element is statistics, whether spinning valid numbers or making them up. Regardless of the type of FUD, bowing to the instinctual urges to respond can obfuscate genuine information security risks.2020-01-1307 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S3E1 - Information Security TheaterInformation security theater, improvements that look and sound good but make no real impact to overall security stance of an organization, can do more harm than good. Are you understanding the information security risks of your organization before designing and implementing controls?2020-01-0107 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E12 - Information Security and Information Technology SecurityInformation Security and Information Technology Security are not the same. If your program is focused on Information Technology Security only, you've got gaps.2019-12-1305 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E11 - Information Security FitnessIn order to stay healthy, we need to exercise regularly. To maintain our information security program's fitness, we need to exercise it as well.2019-11-2403 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E10 - Information Security PoliciesInformation security policies direct the governance of the information security program. What are elements of effective policies, and what mistakes do SMBs often make with their information security policy program?2019-11-1308 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E9 - Quantitative Information Security Risk Assessments - PresentationLearn how quantitative information security risk assessments can help community institutions (and all small and midsized businesses). A presentation to the Bankers' Bank of the West Information Security for Community Institutions conference October 25, 2019.2019-10-2550 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E8 - GRCGovernance, Risk, and Compliance - how it can benefit information security for businesses of all sizes.2019-10-2104 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E7 - What is a Virtual CISO? InfoSec Nashville 2019In this extended episode, vCISO Services principal Greg Schaffer speaks at InfoSec Nashville 2019 about what a virtual CISO is and how they help small and midsized businesses.2019-09-2722 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E6 - Conversation at the National Cyber Summit 2019vCISO Services principal Greg Schaffer discusses the virtual CISO role in a short interview at the National Cyber Summit.2019-09-2104 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E5 - OpenFAIRGreg discusses the announcement of vCISO Services, LLC's licensed quantitative information risk assessment offering based on The Open Group Open FAIR™ Body of Knowledge. https://www.prnewswire.com/news-releases/an-answer-for-cybersecurity-cost-exposure-300911336.html2019-09-0504 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E4 - ISO 27001 Part 3Greg concludes a three-part series breaking down ISO 27001 and ISO 27002, international standards for information security. Part three dives into the second half of the ISO 27002 control requirements.2019-08-2907 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E3 - ISO 27001 Part 2Greg continues a three-part series breaking down ISO 27001 and ISO 27002, international standards for information security. Part two dives into the first half of the ISO 27002 control requirements.2019-08-1906 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E2 - ISO 27001 Part 1Greg begins a three-part series breaking down ISO 27001 and ISO 27002, international standards for information security. Part one lays out the history and a glimpse at the structure of ISO 27000 and why it's important for SMBs.2019-08-1404 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S2E1 - What's in a Name?Taken from a Facebook Live video July 26th (hence the lower video quality), Greg explains why the Virtual CISO Minute is now the Virtual CISO Moment,  talks about possible future use of the Facebook Live channel to help small and midsized businesses with information security topics, and invites current vCISOs or those interested in the space to join the Virtual CISO Exchange LinkedIn group at https://www.linkedin.com/groups/12095465/. Produced by vCISO Services, LLC. https://vcisoservices.com2019-08-0704 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E12 - The Rise of the Virtual CISOThere is a growing rift between the information security “haves” and “have nots,” and the threat actors know that as well. Cyber criminals increasingly target small and midsized businesses (SMBs) because they know SMBs likely do not have information security programs as robust as those large organizations have in place. Nor do they have experienced information security leadership, as the average annual cost of nearly $260,000 for a full-time CISO is out of the reach of most SMB budgets.  The Virtual CISO, or vCISO, has emerged to fill this need. While most SMBs cannot afford a full-time CISO, most also do not ne...2019-07-3143 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E11 - Career GenesisThirty-four years ago, I worked as a porter (janitor) at a hotel in New Jersey. I took a year off between high school and college to decide where I wanted to direct my life - and to earn money for college. I promised myself that one day, when I had become successful, I would stay in that hotel. Recently it happened. I realized I learned an early lesson applicable to information security then. Watch to find out what it was.2019-07-3103 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E10 - What is a Virtual CISO?You've heard the term, but what is a Virtual CISO, or vCISO? This week's Virtual CISO Minute explains2019-07-2501 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E9 - Compensating ControlsCompensating Controls: Is an audit exception regarding a failing primary control absolute? Maybe, maybe not. The risk may be mitigated by other methods - compensating controls.2019-07-1802 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E8 - Veterans and Information SecurityThe Nashville Technology Council's Veterans Peer Group helps veterans land civilian jobs and enhance their careers in IT and information security in the Nashville/Middle Tennessee region. SMBs should look to a veteran when trying to fill these positions.2019-07-1101 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E7 - Quantitative Risk Assessments and SMBsQuantitative risk assessments and how they can help your SMB's information security posture.2019-07-0102 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E6 - Qualitative Risk AssessmentsQualitative risk assessments - the ones that produce those "heat maps" with the red (high risk), yellow (medium risk) and green (low risk) are a standard method for communicating information security risk. But they have limitations.2019-06-2802 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E5 - The Importance of Information Security Risk AssessmentsInformation security risk assessments - why are they important?2019-06-2202 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E4 - SOC1, SOC2 Audit Reports ExplainedSOC1, SOC2, what do they mean for your small business?  Find out in this week's installment of The vCISO Minute.2019-06-0101 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E3 - The (Pragmatic) Need for Incident Response TestingA recent breach highlights the need for incident response testing, particularly about notification.2019-05-2401 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E2 - Outdated Operating SystemsMicrosoft released a patch for out-of-support operating systems this week, but that's usually not the case. If your business requires running old operating systems, usually due to legacy software or systems,  you need to reduce the risk running an outdated operating system brings by not relying on patches. Music by https://www.bensound.com/2019-05-1701 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S1E1 - The Verizon Data Breach Investigation ReportThe annual Verizon Data Breach Investigation Report will come out soon. What is it, and how does it benefit small and midsized businesses?2019-05-1001 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S0E4 - Infosec Nashville (VCM Pilot Episode)vCISO Services, LLC Principal Greg Schaffer discusses information security opportunities at the 2018 InfoSec Nashville conference. The Virtual CISO Moment (Minute) video series/podcast spun off from this discussion.2019-02-1915 minThe Virtual CISO MomentThe Virtual CISO MomentThe Virtual CISO Moment S0E3 - Information Security as Risk ManagementvCISO Services, LLC Founding Principal Greg Schaffer explains Information Security as Risk Management at the National Cybersecurity Summit, Huntsville, Alabama, June 20182019-02-1649 min