The Virtual CISO Moment

Greg Schaffer
  • 4.9 (7)
  • TECHNOLOGY
  • UPDATED WEEKLY

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk management services. Visit https://vcisoservices.com to learn more. A Second Chance Publishing, LLC podcast.

  1. 6D AGO

    S8E7: Governing the AI Explosion with Dr. Natalia Semenova

    In this episode of The Virtual CISO Moment, Greg Schaffer sits down with cybersecurity architect Dr. Natalia Semenova for a deep dive into the evolving world of AI risk and security architecture With a Ph.D. in applied mathematics and experience spanning Google, Microsoft, Mercedes-Benz, and Deloitte, Natalia shares how her mathematical mindset shapes her approach to threat modeling, agentic AI, and governance frameworks. The conversation explores: Why AI threat modeling is fundamentally about subjects and objectsWhat ISO 42001 gets right about AI governanceHow AI risk differs from traditional IT riskWhy smaller businesses shouldn’t ignore AI governanceThe real role (and limits) of the virtual CISOWhether generative AI is eliminating security jobs—or creating new onesNatalia also offers a powerful perspective on auditing: if you’re being audited, you should understand the auditor’s playbook. If you’re navigating AI adoption, compliance, or evolving your vCISO practice, this episode delivers practical insights grounded in global experience.

    31 min

  2. FEB 10

    S8E6 - Passing Audits Isn’t Security with Mariia Erokhina

    What does real security maturity actually look like—beyond checklists and audits? In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Mariia Erokhina, a global security leader who challenges the industry’s obsession with controls and compliance theater. Mariia shares why security must be embedded into business operations, how executives misunderstand risk ownership, and what aspiring CISOs must learn to operate at the strategic level. If you’ve ever questioned whether “audit-ready” really means “secure,” this conversation is for you.

    33 min

  3. FEB 3

    S8E5 - Order to Chaos: Cyber Risk and AI Governance with Scott Foote

    In this episode of The Virtual CISO Moment, Greg Schaffer talks with cybersecurity veteran Scott Foote about what hasn’t changed in cyber risk over the last 35 years—and why AI is amplifying those same mistakes at unprecedented speed. They discuss shadow AI, insecure defaults, “vibe coding,” privacy risks, and the growing need for practical AI governance. Drawing on decades of experience across industry and government, Scott shares why fundamentals still matter, how organizations can bring order to AI chaos, and what leaders need to understand before adopting AI at scale. A thoughtful, wide-ranging episode for CISOs, vCISOs, board advisors, and executives trying to understand where cyber risk ends and AI governance begins—and why fundamentals still matter more than ever.

    33 min

  4. JAN 27

    S8E4 - Offensive Security in the Age of AI with Mike Gropp

    In this episode of The Virtual CISO Moment, Greg sits down with Mike Gropp to explore an unconventional journey into cybersecurity—from entrepreneurship and living in China to offensive security and red teaming. The conversation dives deep into the real-world risks of “vibe coding,” AI-driven development, and why security can’t be an afterthought for business builders. Mike also shares hard-earned lessons on communication, risk ownership, and staying grounded in a high-stress industry—plus how endurance running keeps him sharp both mentally and professionally.

    36 min

  5. JAN 20

    S8E3 - Cyber Risk, Business Reality, and Leadership with Tatiana Argueta

    How do you explain security risk to executives who don’t speak “security”? What really changes when you move between regulated industries like healthcare and energy? And why are communication skills just as critical as technical ones in cybersecurity? In this episode, Greg Schaffer speaks with Tatiana Argueta, Senior Security Engineer, about: *Operating security programs in regulated environments *Translating cyber risk into business impact *Why understanding your business is a core security skill *How Toastmasters helped shape her security leadership style *Emerging risks: AI, geopolitics, and misinformation This is a practical, grounded conversation for CISOs, vCISOs, and security practitioners navigating real-world risk. #Cybersecurity #InformationSecurity #CISO #vCISO #RiskManagement #SecurityLeadership #GRC

    32 min

  6. JAN 13

    S8E2 - When Ransomware Gets Real: Zach Lewis on Surviving a LockBit Attack

    What happens when a routine IT problem turns into a full-blown ransomware crisis? In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Zach Lewis, CIO, CISO, and author of Locked Up, to explore the reality of leading through a LockBit ransomware attack—without the benefit of hindsight. Zach takes listeners inside the moment things went sideways: the rapid shift from disaster recovery to incident response, the pressure of board-level questions with incomplete information, and the difficult calls around communication, transparency, and timing. He shares what plans actually helped, what broke down under stress, and the lessons that only emerge when theory collides with a real adversary. The conversation also explores why higher education is such a demanding environment for security leaders, how pragmatic controls beat “perfect” security in a crisis, and why storytelling—not frameworks alone—is essential for executive buy-in. Zach closes by reflecting on resilience, balance, and why stepping away from the keyboard is critical to surviving a long career in cybersecurity. A candid, experience-driven episode for CISOs, vCISOs, and security leaders who want to know what ransomware response really looks like when it’s no longer hypothetical.

    31 min

  7. JAN 6

    S8E1 - Offensive Security in the Age of AI with Corey LeBleu

    In the Season 8 premiere of The Virtual CISO Moment, host Greg Schaffer sits down with Corey LeBleu, Founder and CEO of Relix Security, to explore how offensive security and penetration testing are evolving in a world shaped by cloud platforms, AI, and “vibe coding.” With more than two decades of hands-on experience in application and network penetration testing—including leadership roles at Verizon and boutique consultancies—Corey shares a practitioner’s view of what high-value penetration testing really looks like, and why too many organizations still confuse checkbox scans with meaningful security assurance. The conversation covers: How penetration testing has changed—and hasn’t—in the age of AI The risks introduced by low-code/no-code platforms and AI-generated workflows Why misconfigured tools and automated scans can create a false sense of security What CISOs and vCISOs should demand from penetration test reports to drive real business value The difference between vulnerability scanning, penetration testing, and “continuous testing” hype Emerging AI-specific attack vectors, including prompt injection and model abuse Common client misconceptions about penetration testing and testing frequency Translating technical findings into business risk executives can act on Managing stress in offensive security and cybersecurity leadership roles Whether you’re advising clients as a vCISO, running a security program, or evaluating penetration testing vendors, this episode offers grounded guidance on separating signal from noise—and ensuring offensive security investments actually improve risk posture.

    29 min

  8. 12/16/2025

    S7E55 - Five Security Trends That Will Force Hard Conversations in 2026

    In this special episode of The Virtual CISO Moment, Greg Schaffer shares five cybersecurity predictions for 2026 grounded in real-world patterns — not hype. From the tightening of SOC 2 audits and the rise of “vibe coding” risks, to a coming shakeout in the vCISO market, influencer-driven security shaming, and the growing dangers of contractor misclassification, this episode explores the second-order consequences many organizations are already overlooking. If you’re a business leader, CISO, or vCISO, this episode will challenge assumptions and help you see where governance failures quietly become security failures.

    33 min
See All (513)

Trailers

Ratings & Reviews

4.9
out of 5
7 Ratings

About

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk management services. Visit https://vcisoservices.com to learn more. A Second Chance Publishing, LLC podcast.

Information

  • Creator
    Greg Schaffer
  • Years Active
    2022 - 2026
  • Episodes
    513
  • Rating
    Clean
  • Copyright
    © Greg Schaffer
  • Show Website
    The Virtual CISO Moment

You Might Also Like