In this episode of The Virtual CISO Moment, Greg Schaffer welcomes back cybersecurity expert and best-selling author Peter H. Gregory — who’s written over 50 books and helped shape many of today’s top security and certification programs.

They dive deep into:

💡 AI Governance — how to use AI safely, ethically, and legally (and why “shadow AI” may be your biggest unseen risk)

📚 Publishing Your Technical Book — Peter’s step-by-step insights from idea to printed page

⚙️ Data Governance & Privacy — why strong data management is essential before implementing AI

Peter also shares details on his upcoming AI Governance Professional (AIGP) study guide and offers timeless advice for aspiring cybersecurity authors.

🎧 Tune in for expert perspectives, practical insights, and a few laughs along the way.

#Cybersecurity #AIGovernance #vCISO #DataPrivacy #InfoSec #PeterHGregory #GregSchaffer #VirtualCISOMoment

Patrick Rost, owner and advisor at InfoSecurity Blueprint, joins Greg Schaffer to discuss his journey from a technology enthusiast to an information security entrepreneur. Patrick shares insights on helping small and midsized businesses take their first steps toward better security—emphasizing that information security is about managing business risk, not just technology.

He explains his “wash one dish” approach to simplifying security, why “InfoSecurity” matters more than “Cybersecurity,” and how fractional advisory services can empower organizations without overwhelming them.

The discussion also explores AI governance for small businesses, risk-based thinking, and how to make security engaging—even fun—for executives.

Walter Haydock, founder of StackAware, joins Greg Schaffer to discuss how AI-powered companies can manage cybersecurity, privacy, and compliance risks using the ISO 42001 AI governance framework.

Learn why AI literacy matters, what organizations can learn from Amazon’s AI missteps, and how to make smarter risk decisions in the age of generative AI.

Recently The Virtual CISO Moment podcast host Greg Schaffer was asked to participate in a question and answer session with students at Minnesota State University who are using his book Information Security for Small and Midsized Businesses as part of their studies. In this special and extended episode, a recoding of that conversation, they talk about concerns of small and midsized businesses and the outlook for the information security and cybersecurity fields.

In this inspiring and deeply personal episode of The Virtual CISO Moment, Greg Schaffer sits down with cybersecurity professional Andrew Staton to discuss his journey from high school CyberPatriot competitions in Huntsville to federal cybersecurity consulting.

Topics Covered:

How local cyber education programs launched Andrew’s career

The evolving landscape of CMMC and compliance misconceptions

Why data scoping is key for affordable federal compliance

The importance of mental health in cybersecurity

Andrew’s personal transformation and rediscovering purpose

Faith, community, and building a healthy cybersecurity lifestyle

Andrew’s story is one of grit, growth, and grace—a must-listen for cyber pros, students, and leaders alike.

In this episode of The Virtual CISO Moment, Greg Schaffer welcomes Brad Mathis, Senior Information Security Consultant at Keller Schroeder, for a wide-ranging discussion that spans four decades in technology and cybersecurity.

From his early days repairing computers and catching his first virus, to leading security teams and serving as a virtual CISO, Brad shares a wealth of real-world experience and insights.

Key highlights include:

• Lessons from building networks in the pre-Windows 95 era

• The importance of risk ownership, even with a vCISO

• What makes a good (and bad) security culture

• How to decompress in a high-stress industry

• The role of mentorship and knowledge transfer in long-term success

Whether you're new to the field or a seasoned security leader, this episode offers perspective, wisdom, and practical takeaways.

In this episode, Greg Schaffer welcomes Christopher Carter, Chairman and CEO of Approyo, for a dynamic conversation about SAP, cybersecurity, and leadership. Chris shares his journey from early days at Coca-Cola to building a successful SAP consulting business, discusses key risks in SAP environments, and explores how AI is shaping threat detection. From monitoring legacy systems to helping clients bounce back from breaches, Chris brings both technical insight and human perspective—plus a little inspiration from Rocky Balboa. A must-listen for anyone navigating enterprise tech, mid-market security, or leadership in the digital age.

On this episode of The Virtual CISO Moment, Wesley Widner shares his inspiring journey from law enforcement to cybersecurity, emphasizing the power of networking, authenticity, and a lifelong learning mindset.

Wes founded White Hat Wes Cybersecurity to help others break into the field by providing a free platform for sharing blogs, projects, and cyber resources—fostering community and mentorship.

He highlights the importance of empathy during incidents, honest communication, and servant leadership as keys to success in InfoSec. Faith and family keep him grounded as he balances career growth and entrepreneurship.

In this episode of *The Virtual CISO Moment*, Greg **Schaffer** sits down with Michael Scheidell, CISO of Security Privateers and Managing Director of Team One Support. Michael shares his unconventional path from robotics to cybersecurity, lessons learned from building companies, and why real-world experience matters more than certifications. He also opens up about stress, service, and his passion for helping veterans transition into IT. A conversation that blends technology, business, and humanity—don’t miss it.

In this episode of The Virtual CISO Moment, Dylan Owen shares his journey from webmaster in the 1990s to leading cybersecurity teams at Raytheon and serving as CISO at Nightwing. He reflects on the challenges of transitioning into executive leadership, the realities of the vCISO role, and how SMBs can best approach detection and response. Dylan also offers insights on making security frictionless, plus how he manages stress with fitness and his love for soccer.

In this episode of The Virtual CISO Moment, Greg Schaffer talks with Keith Walker, System Administrator at Nephrology Associates of Northern Illinois and Indiana (NANI), about his unique path into IT, sparked by inheriting his late stepfather’s tech gear. Keith shares how building a home lab, securing a static IP, and hands-on tinkering shaped his career, and discusses the challenges of balancing operational efficiency with security in a healthcare environment. They explore the critical role of soft skills in IT, adapting to constant changes in Microsoft technologies, and preparing for AI-powered tools while meeting HIPAA and other compliance requirements. Keith also reflects on developing patience with end users, the importance of staying hands-on in tech leadership, and how he decompresses through family time and motorcycle rides.

In this episode of *The Virtual CISO Moment*, Greg Schaffer sits down with Samuel Hill, Senior Director of Product Marketing at Mind, to explore how authentic, empathy-driven marketing can cut through cybersecurity’s buzzwords and truly connect with practitioners. Hill shares his journey from the ER to the startup world, the power of storytelling in building trust, and why the industry is shifting from compliance checkboxes to real security programs. They also discuss Mind’s unified approach to protecting sensitive data at rest and in motion, plus how to manage stress and stay grounded in a high-pressure field.

In this episode, Greg talks with Jason Jauch, founder of C^2, about the challenges and rewards of delivering cybersecurity to healthcare practices. Jason shares his journey from hands-on IT to virtual CISO, why compliance doesn’t equal security, and how his one-stop-shop model helps clients manage risk without the noise. They also discuss upcoming HIPAA changes, niche security gaps in ophthalmology, and how Jason stays grounded through CrossFit.

Greg Schaffer sits down with Harris Schwartz, Founder of vSecurity Advisor and seasoned cybersecurity executive. With over 30 years in the field, Harris shares his journey from the dawn of the public internet to advising organizations on building risk-based, business-aligned security programs. Tune in for insights on leadership, mentorship, and creating a resilient cybersecurity culture.

Greg Schaffer welcomes Butch Rutt, Campus Security Supervisor at Littleton Public Schools, for a powerful conversation on leadership, service, and school safety. Drawing from his background in the U.S. Army and over two decades in law enforcement, Butch shares how his experiences inform a people-first approach to security. From crisis response to building trust with students and staff, this episode highlights the balance between vigilance and compassion in protecting our schools.

Nick Eicken is the founder of CyberAuthority and a seasoned Virtual Chief Information Security Officer (vCISO) with deep roots in both military and civilian cybersecurity leadership. A U.S. Army veteran who built top-secret communication networks as a signal officer, Nick transitioned to the private sector where he’s guided organizations across nonprofit, manufacturing, government, and consulting spaces. His firm, CyberAuthority, focuses on helping small and midsized businesses build defensible, scalable security programs through ethical, vendor-neutral vCISO services.

In this episode, Nick shares his journey from military service to launching his own cybersecurity practice. He and Greg Schaffer explore the value of standardizing the vCISO model, building trust with clients by understanding their business "why," and how to make cybersecurity frameworks like the NIST CSF approachable for SMBs. Nick also discusses the critical distinction between internal CISOs and third-party vCISOs, the importance of ethical independence from MSPs, and the need for transparency. The conversation wraps with insights on stress management, homebrewing, family life in Northern California, and upcoming CyberAuthority initiatives—including cybersecurity offerings for retirees entering one of the most vulnerable phases of their digital lives.

From the Middle Tennessee ISACA Conference, Cool Springs, Tennessee, March 2025.

Stacy Mill is a seasoned cybersecurity and IT executive with a track record of leading complex technology initiatives in both the public and private sectors. She has served as CTO for the State of Kansas, VP of IT and CISO at Nashville Electric Service, and global CISO at major enterprises like Spirit AeroSystems and Yum Brands. Stacy is also an active board member and thought leader in the utility and cybersecurity communities.

In this discussion, she discusses the evolving landscape of cybersecurity, emphasizing the importance of leadership, communication, and mentorship in navigating complex risk environments. Stacy also offers insights into building resilient teams, working effectively with boards, and fostering diversity in tech leadership. Her story underscores the value of adaptability, continuous learning, and advocating for others in the cybersecurity field.

In this episode, Greg Schaffer interviews James Pham, CEO and co-founder of Opsin, who shares his unique journey from chemistry medalist in high school to tech entrepreneur. James discusses how his academic and professional path took him from studying in Korea and working in Singapore to pursuing his entrepreneurial dream in the U.S., eventually earning a spot at MIT where he taught machine learning. He later joined Abnormal Security in the Bay Area, gaining insight into enterprise security challenges. This experience inspired him to co-found Opsin, a company focused on helping organizations manage and govern generative AI usage securely. James emphasizes the risks of shadow AI and the need for guardrails in enterprise environments, particularly as large language models become increasingly integrated into workflows.

Referenced post: https://www.linkedin.com/posts/jamesopsin_steps-to-address-oversharing-activity-7319344015231856640-gmX9/

In this episode of Security Conversations from The Virtual CISO Moment, Greg Schaffer sits down with Mick Grayson, a seasoned cybersecurity professional with a wealth of experience in both the public and private sectors. Together, they explore the evolving challenges of managing risk in an increasingly complex threat landscape, the importance of mentorship in cybersecurity leadership, and how small and midsized organizations can build practical, resilient security programs. With thoughtful insights and real-world anecdotes, Mick offers valuable perspective for security leaders at every level.

In this episode of Security Conversations from The Virtual CISO Moment, we’re joined by Wil Ku, a seasoned cybersecurity leader with deep expertise in risk management, security strategy, and governance. With a background that spans both public and private sectors—including leadership roles at top consulting firms and critical infrastructure organizations—Wil shares insights on building resilient security programs, aligning cybersecurity with business objectives, and navigating the evolving regulatory landscape. Tune in for a practical, forward-looking conversation that highlights the importance of adaptability, leadership, and strategic thinking in today’s threat environment.