The Virtual CISO Moment

Hosted by Greg Schaffer

TechnologyInterviews guests

Website RSS feed

Episodes

527

Latest episode

Jun 2026

Language

About the show

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk management services. Visit https://vcisoservices.com to learn more. A Second Chance Publishing, LLC podcast.

Listen to episodes

60 recent

June 9, 202639 min

S8E22- Alan Clinard Discusses Building Security Programs That Actually Work

In S8E22, Greg Schaffer sits down with Alan Clinard, founder of Athena vCISO Services, to explore what it really means to be a trusted security advisor. Drawing from a career that spans the U.S. Army, operational risk consulting, banking, critical infrastructure, and virtual CISO services, Alan shares how understanding the business—not just the technology—is the key to effective cybersecurity leadership. The conversation dives into translating cyber risk into business language, the challenges of moving from technical expert to consultant, and why humility and relationship-building are often more important than technical knowledge when influencing organizations. Alan also discusses entrepreneurship, mentoring the next generation of security leaders, and helping clients become self-sufficient rather than dependent on outside advisors. Whether you're a security practitioner aspiring to leadership, a current vCISO, or a business executive trying to bridge the gap between security and business objectives, this episode offers practical insights on governance, risk management, consulting, and building security programs that truly support organizational success.

June 2, 202636 min

S8E21 – Cy Sturdivant on Community Banking, Risk, and Cyber Leadership

Cy Sturdivant returns to the Virtual CISO Moment to share lessons from more than two decades in cybersecurity, financial services, and consulting. The conversation explores the importance of professional relationships, security program maturity, AI adoption in banking, and why organizations that focus solely on compliance often struggle to improve their overall security posture. Cy also discusses the concept of TEA—Time, Energy, and Attention—and why protecting these limited resources is critical for long-term success in both cybersecurity and life. Along the way, he offers practical advice for professionals looking to grow their careers, adapt to constant change, and maintain balance in a demanding industry. If you're a cybersecurity leader, aspiring consultant, community banking professional, or simply looking for practical advice on balancing career success with personal fulfillment, this episode offers actionable insights, thoughtful perspective, and plenty of wisdom from someone who has spent decades helping organizations navigate risk and change.

May 28, 202633 min

S8E20 – Becky MacDonald on Building Security Beyond Compliance

In this episode of The Virtual CISO Moment, Greg Schaffer sits down with cybersecurity leader and Cyber Risk Navigator founder Becky MacDonald to discuss the evolution of cybersecurity leadership, the realities of virtual CISO work, and why effective security programs must be built around risk—not just compliance checklists. Drawing from decades of experience across healthcare, higher education, and nonprofit organizations, Becky shares practical insights into building mature cybersecurity programs with limited budgets, communicating risk to leadership, and avoiding common traps like tool sprawl and “checkbox security.” Greg and Becky also explore the growing virtual CISO space, including what separates strong vCISO leadership from superficial security consulting. The conversation covers the importance of business communication skills, balancing technical and strategic perspectives, and the challenges organizations face when trying to operationalize security in real-world environments. Becky also offers candid perspectives on entrepreneurship, cybersecurity burnout, and the realities of building a boutique advisory practice. Whether you are an aspiring vCISO, a cybersecurity practitioner, or a business leader trying to better understand risk and resilience, this episode delivers practical insights grounded in real-world experience.

May 19, 202635 min

S8E19 - Cybersecurity, Community, and Leadership with Jonathan Weaver

In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Jonathan Weaver to discuss the evolving role of governance, risk, and compliance in today’s cybersecurity landscape. Jonathan shares his journey from the University of Tennessee into cybersecurity consulting, the lessons he learned building ProInsight, and why trust and relationships are often the most valuable assets in security consulting. The conversation also explores practical risk management, the challenges organizations face in understanding cybersecurity beyond compliance checklists, and the importance of breaking down silos between business and security teams. Beyond cybersecurity, Jonathan opens up about his nonprofit initiative, Reindeer for Hope, which provides gifts and support to underprivileged children and families across Middle Tennessee. Listeners should tune in for an insightful mix of cybersecurity leadership, entrepreneurship, community impact, and personal perspective from someone who is passionate about helping both organizations and people become more resilient.

May 12, 202637 min

S8E18 – Why Identity Is the Future of Cybersecurity with Jackie Shoback

In this episode, Jackie Shoback—Co-Founder of 1414 Ventures and seasoned C-suite leader—joins Greg to explore how cybersecurity has evolved from a back-office IT function into a core business strategy. Drawing on decades of experience across enterprise and financial services, Jackie breaks down why digital identity and trust are now at the center of modern security, and how organizations must rethink data as both an asset and a risk.The conversation dives into the growing importance of identity-driven security, the shortcomings of current privacy practices, and the role of boards and executives in building a true culture of security—not just checking compliance boxes. With insights on emerging threats, AI, and the future of digital trust, this episode offers a strategic lens for leaders navigating today’s rapidly evolving cyber landscape.

May 5, 202626 min

S8E17 - Mid TN ISACA Conference Chats

At the 2026 Middle Tennessee ISACA conference I had the chance to sit down for short chats with a few information security pros: India James, whospoke on the importance of security and digital trust at the conference; Ken Smith, Director of Sales Engineering Enterprise for the Great Lakes at Arctic Wolf; and Jonathan Weaver, Partner at ProNsight's Risk and Compliance Consulting Practice.

April 30, 202631 min

S8E16 - Real-World CMMC Insights with Rich Bates

Rich Bates shares a candid look at his 30+ year journey into cybersecurity, from early computing days to leading GRC programs and now building his own advisory practice focused on helping organizations tackle CMMC and compliance challenges. Along the way, he breaks down why these frameworks matter, the real risks businesses face if they ignore them, and how to approach security in a practical, business-focused way. Listeners will get valuable insights into navigating regulatory complexity, making smart risk decisions, and what it really takes to succeed as a cybersecurity leader or consultant. Whether you're a business owner facing CMMC requirements or a security professional looking to sharpen your approach, this episode offers real-world perspective without the fluff

April 23, 202636 min

S8E15 – The Modern vCISO Journey with Joseph Gunnells

What does it really take to evolve into a modern vCISO—and why does it matter more than ever? In this episode, Joseph Gunnells shares his journey from early technical roles to a strategic governance, risk, and compliance leader, revealing how real-world experience—not just certifications—shapes effective security leadership. He breaks down the biggest challenges organizations face when engaging a vCISO, why empathy and business alignment are critical, and how strong relationships can define both career success and cybersecurity outcomes.Whether you're an IT leader, aspiring vCISO, or business executive trying to make sense of security risk, this conversation offers practical insights you can immediately apply to better align security with business value—and avoid the common pitfalls many organizations still struggle with today.

April 16, 202637 min

S8E14 - The Reality of Starting a Cyber Business with Robert Duchesne

From firefighter aspirations to securing the defense industrial base—this episode of The Virtual CISO Moment dives into a career path that didn’t follow the plan… and turned out better because of it.Robert Duchesne shares how a pivot from the Air Force into cybersecurity led him to supporting national security missions, leading enterprise security operations, and ultimately launching RD3 Technologies. Along the way, he breaks down the realities of building a cybersecurity business, the difference between government and corporate risk mindsets, and why passion—not paychecks—has to be the driving force in this field.We also get into what it really takes to succeed in cybersecurity today: constant learning, understanding the business, and becoming a trusted advisor—not just a technical expert.If you’re navigating your own path in cybersecurity or thinking about starting something of your own, this is an episode you won’t want to miss.

April 14, 202632 min

S8E13 - Smarter Security, Fewer Tools with Jason Makevich

In this episode of The Virtual CISO Moment, Jason Makevich shares his journey from MSP roots to building Greenlight Cyber and PORT1, along with his mission to simplify cybersecurity for SMBs. He unpacks the problem of “duct tape on duct tape” security—where too many tools create complexity without real protection—and makes the case for a secure-by-design, zero trust approach. The conversation also covers how SMBs can shift from reactive to proactive security and why translating cyber risk into business terms is critical.Jason closes with his perspective on the evolving MSP landscape, warning against chasing trends like AI at the expense of foundational security, and emphasizing the importance of balance in a high-stress industry.