The Virtual CISO Moment

Greg Schaffer
  • 4.9 (7)
  • TECHNOLOGY
  • UPDATED WEEKLY

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk management services. Visit https://vcisoservices.com to learn more. A Second Chance Publishing, LLC podcast.

  1. 5D AGO

    S8E6 - Passing Audits Isn’t Security with Mariia Erokhina

    What does real security maturity actually look like—beyond checklists and audits? In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Mariia Erokhina, a global security leader who challenges the industry’s obsession with controls and compliance theater. Mariia shares why security must be embedded into business operations, how executives misunderstand risk ownership, and what aspiring CISOs must learn to operate at the strategic level. If you’ve ever questioned whether “audit-ready” really means “secure,” this conversation is for you.

    33 min

  2. FEB 3

    S8E5 - Order to Chaos: Cyber Risk and AI Governance with Scott Foote

    In this episode of The Virtual CISO Moment, Greg Schaffer talks with cybersecurity veteran Scott Foote about what hasn’t changed in cyber risk over the last 35 years—and why AI is amplifying those same mistakes at unprecedented speed. They discuss shadow AI, insecure defaults, “vibe coding,” privacy risks, and the growing need for practical AI governance. Drawing on decades of experience across industry and government, Scott shares why fundamentals still matter, how organizations can bring order to AI chaos, and what leaders need to understand before adopting AI at scale. A thoughtful, wide-ranging episode for CISOs, vCISOs, board advisors, and executives trying to understand where cyber risk ends and AI governance begins—and why fundamentals still matter more than ever.

    33 min

  3. JAN 27

    S8E4 - Offensive Security in the Age of AI with Mike Gropp

    In this episode of The Virtual CISO Moment, Greg sits down with Mike Gropp to explore an unconventional journey into cybersecurity—from entrepreneurship and living in China to offensive security and red teaming. The conversation dives deep into the real-world risks of “vibe coding,” AI-driven development, and why security can’t be an afterthought for business builders. Mike also shares hard-earned lessons on communication, risk ownership, and staying grounded in a high-stress industry—plus how endurance running keeps him sharp both mentally and professionally.

    36 min

  4. JAN 20

    S8E3 - Cyber Risk, Business Reality, and Leadership with Tatiana Argueta

    How do you explain security risk to executives who don’t speak “security”? What really changes when you move between regulated industries like healthcare and energy? And why are communication skills just as critical as technical ones in cybersecurity? In this episode, Greg Schaffer speaks with Tatiana Argueta, Senior Security Engineer, about: *Operating security programs in regulated environments *Translating cyber risk into business impact *Why understanding your business is a core security skill *How Toastmasters helped shape her security leadership style *Emerging risks: AI, geopolitics, and misinformation This is a practical, grounded conversation for CISOs, vCISOs, and security practitioners navigating real-world risk. #Cybersecurity #InformationSecurity #CISO #vCISO #RiskManagement #SecurityLeadership #GRC

    32 min

  5. JAN 13

    S8E2 - When Ransomware Gets Real: Zach Lewis on Surviving a LockBit Attack

    What happens when a routine IT problem turns into a full-blown ransomware crisis? In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Zach Lewis, CIO, CISO, and author of Locked Up, to explore the reality of leading through a LockBit ransomware attack—without the benefit of hindsight. Zach takes listeners inside the moment things went sideways: the rapid shift from disaster recovery to incident response, the pressure of board-level questions with incomplete information, and the difficult calls around communication, transparency, and timing. He shares what plans actually helped, what broke down under stress, and the lessons that only emerge when theory collides with a real adversary. The conversation also explores why higher education is such a demanding environment for security leaders, how pragmatic controls beat “perfect” security in a crisis, and why storytelling—not frameworks alone—is essential for executive buy-in. Zach closes by reflecting on resilience, balance, and why stepping away from the keyboard is critical to surviving a long career in cybersecurity. A candid, experience-driven episode for CISOs, vCISOs, and security leaders who want to know what ransomware response really looks like when it’s no longer hypothetical.

    31 min

  6. JAN 6

    S8E1 - Offensive Security in the Age of AI with Corey LeBleu

    In the Season 8 premiere of The Virtual CISO Moment, host Greg Schaffer sits down with Corey LeBleu, Founder and CEO of Relix Security, to explore how offensive security and penetration testing are evolving in a world shaped by cloud platforms, AI, and “vibe coding.” With more than two decades of hands-on experience in application and network penetration testing—including leadership roles at Verizon and boutique consultancies—Corey shares a practitioner’s view of what high-value penetration testing really looks like, and why too many organizations still confuse checkbox scans with meaningful security assurance. The conversation covers: How penetration testing has changed—and hasn’t—in the age of AI The risks introduced by low-code/no-code platforms and AI-generated workflows Why misconfigured tools and automated scans can create a false sense of security What CISOs and vCISOs should demand from penetration test reports to drive real business value The difference between vulnerability scanning, penetration testing, and “continuous testing” hype Emerging AI-specific attack vectors, including prompt injection and model abuse Common client misconceptions about penetration testing and testing frequency Translating technical findings into business risk executives can act on Managing stress in offensive security and cybersecurity leadership roles Whether you’re advising clients as a vCISO, running a security program, or evaluating penetration testing vendors, this episode offers grounded guidance on separating signal from noise—and ensuring offensive security investments actually improve risk posture.

    29 min

  7. 12/16/2025

    S7E55 - Five Security Trends That Will Force Hard Conversations in 2026

    In this special episode of The Virtual CISO Moment, Greg Schaffer shares five cybersecurity predictions for 2026 grounded in real-world patterns — not hype. From the tightening of SOC 2 audits and the rise of “vibe coding” risks, to a coming shakeout in the vCISO market, influencer-driven security shaming, and the growing dangers of contractor misclassification, this episode explores the second-order consequences many organizations are already overlooking. If you’re a business leader, CISO, or vCISO, this episode will challenge assumptions and help you see where governance failures quietly become security failures.

    33 min

  8. 12/09/2025

    S7E54 - Cutting Through the AI Hype: Practical Security with Logan Edmonds

    In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Logan Edmonds, Chief AI Officer at ScaleSight and founder of TTS Cyber, for a lively and insightful discussion on the intersection of AI, cybersecurity, and small to mid-sized business operations. Logan shares his unique journey from studying theology to becoming an AI-driven cybersecurity leader, highlighting how early IT experiences shaped his pragmatic approach to solving business problems. Greg and Logan dive deep into how SMBs misunderstand both security and AI, including the dangers of chasing trends, the misconception that compliance equals security, and why AI can’t magically fix broken business processes. Logan emphasizes a business-first mindset: start with understanding operations, outcomes, and risks—not with the technology. The conversation also covers: Why focusing on operational efficiency is the real driver behind meaningful AI adoption How to talk about risk without falling into fear, uncertainty, and doubt The importance of trust and partnership in security consulting Realistic AI use cases, guardrails, hallucination risks, and the myth of effortless automation Balancing stress in cybersecurity through healthy personal hobbies Logan’s forward-looking plans in CMMC, AI strategy, and helping organizations scale responsibly Engaging, humorous, and packed with practical insight, this episode is a must-listen for leaders navigating AI adoption, cybersecurity maturity, or the unique challenges of SMB environments.

    35 min
See All (512)

Trailers

Ratings & Reviews

4.9
out of 5
7 Ratings

About

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk management services. Visit https://vcisoservices.com to learn more. A Second Chance Publishing, LLC podcast.

Information

  • Creator
    Greg Schaffer
  • Years Active
    2022 - 2026
  • Episodes
    512
  • Rating
    Clean
  • Copyright
    © Greg Schaffer
  • Show Website
    The Virtual CISO Moment