In the Season 8 premiere of The Virtual CISO Moment, host Greg Schaffer sits down with Corey LeBleu, Founder and CEO of Relix Security, to explore how offensive security and penetration testing are evolving in a world shaped by cloud platforms, AI, and “vibe coding.”
With more than two decades of hands-on experience in application and network penetration testing—including leadership roles at Verizon and boutique consultancies—Corey shares a practitioner’s view of what high-value penetration testing really looks like, and why too many organizations still confuse checkbox scans with meaningful security assurance.
The conversation covers:
How penetration testing has changed—and hasn’t—in the age of AI
The risks introduced by low-code/no-code platforms and AI-generated workflows
Why misconfigured tools and automated scans can create a false sense of security
What CISOs and vCISOs should demand from penetration test reports to drive real business value
The difference between vulnerability scanning, penetration testing, and “continuous testing” hype
Emerging AI-specific attack vectors, including prompt injection and model abuse
Common client misconceptions about penetration testing and testing frequency
Translating technical findings into business risk executives can act on
Managing stress in offensive security and cybersecurity leadership roles
Whether you’re advising clients as a vCISO, running a security program, or evaluating penetration testing vendors, this episode offers grounded guidance on separating signal from noise—and ensuring offensive security investments actually improve risk posture.
In this special episode of The Virtual CISO Moment, Greg Schaffer shares five cybersecurity predictions for 2026 grounded in real-world patterns — not hype. From the tightening of SOC 2 audits and the rise of “vibe coding” risks, to a coming shakeout in the vCISO market, influencer-driven security shaming, and the growing dangers of contractor misclassification, this episode explores the second-order consequences many organizations are already overlooking.
If you’re a business leader, CISO, or vCISO, this episode will challenge assumptions and help you see where governance failures quietly become security failures.
In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Logan Edmonds, Chief AI Officer at ScaleSight and founder of TTS Cyber, for a lively and insightful discussion on the intersection of AI, cybersecurity, and small to mid-sized business operations. Logan shares his unique journey from studying theology to becoming an AI-driven cybersecurity leader, highlighting how early IT experiences shaped his pragmatic approach to solving business problems.
Greg and Logan dive deep into how SMBs misunderstand both security and AI, including the dangers of chasing trends, the misconception that compliance equals security, and why AI can’t magically fix broken business processes. Logan emphasizes a business-first mindset: start with understanding operations, outcomes, and risks—not with the technology.
The conversation also covers:
Why focusing on operational efficiency is the real driver behind meaningful AI adoption
How to talk about risk without falling into fear, uncertainty, and doubt
The importance of trust and partnership in security consulting
Realistic AI use cases, guardrails, hallucination risks, and the myth of effortless automation
Balancing stress in cybersecurity through healthy personal hobbies
Logan’s forward-looking plans in CMMC, AI strategy, and helping organizations scale responsibly
Engaging, humorous, and packed with practical insight, this episode is a must-listen for leaders navigating AI adoption, cybersecurity maturity, or the unique challenges of SMB environments.
In this episode, host Greg Schaffer interviews Thomas Sweet, an award-winning CIO/CTO and 2023 Tech Titan Emerging CTO, who shares his unconventional journey from civil engineering to enterprise IT and cybersecurity leadership. Tom reflects on his early days at NEC, Microsoft, GM Financial, and more, offering key lessons learned while leading global teams and driving digital transformation.
The conversation covers:
🔹 How Tom transitioned from civil engineering into IT
🔹 The problem-solving mindset engineering instilled in him
🔹 His approach to building strong, low-attrition teams through genuine leadership
🔹 Why AI is already reshaping IT—and why resisting it may hinder career growth
🔹 How he uses AI to accelerate secure coding, automation, and testing
🔹 The emerging landscape of AI-specific attacks
🔹 The importance of decompression and how Tom balances life outside technology
A thoughtful, engaging look at technology leadership, organizational culture, and the rapidly changing role of AI in the enterprise.
This Thanksgiving-week episode welcomes back Chuck Anderson, IT consultant at Reliant Managed Services, for a deep dive into some of the biggest shifts in cybersecurity and technology over the past year and a half. Chuck and Greg explore the rapid rise of AI (good and bad), the looming disruption of quantum computing—especially its impact on encryption and certificates—and the operational realities organizations face as they prepare for a post-quantum world.
They also dig into change management, why empathy matters more than ever in cybersecurity, and how tech pros can better communicate and lead through major transformation. A forward-looking, practical, and enjoyable conversation for anyone navigating today’s evolving cyber landscape.
In this episode of The Virtual CISO Moment, host Greg Schaffer speaks with Dave McKenzie, co-founder and director of Damn Good Security and a seasoned cybersecurity leader based in Scotland.
Dave shares his fascinating journey from aspiring pilot to IT support technician, to leading security operations for major organizations, and ultimately launching his own company. His path, driven by curiosity, adaptability, and a dislike of handwriting, reveals how technical expertise and communication skills blend to form a truly effective security professional.
This wide-ranging conversation is packed with humor, practical insights, and wisdom for anyone in the cybersecurity field.
In this episode of The Virtual CISO Moment, Greg Schaffer welcomes back cybersecurity expert and best-selling author Peter H. Gregory — who’s written over 50 books and helped shape many of today’s top security and certification programs.
They dive deep into:
💡 AI Governance — how to use AI safely, ethically, and legally (and why “shadow AI” may be your biggest unseen risk)
📚 Publishing Your Technical Book — Peter’s step-by-step insights from idea to printed page
⚙️ Data Governance & Privacy — why strong data management is essential before implementing AI
Peter also shares details on his upcoming AI Governance Professional (AIGP) study guide and offers timeless advice for aspiring cybersecurity authors.
🎧 Tune in for expert perspectives, practical insights, and a few laughs along the way.
#Cybersecurity #AIGovernance #vCISO #DataPrivacy #InfoSec #PeterHGregory #GregSchaffer #VirtualCISOMoment
Patrick Rost, owner and advisor at InfoSecurity Blueprint, joins Greg Schaffer to discuss his journey from a technology enthusiast to an information security entrepreneur. Patrick shares insights on helping small and midsized businesses take their first steps toward better security—emphasizing that information security is about managing business risk, not just technology.
He explains his “wash one dish” approach to simplifying security, why “InfoSecurity” matters more than “Cybersecurity,” and how fractional advisory services can empower organizations without overwhelming them.
The discussion also explores AI governance for small businesses, risk-based thinking, and how to make security engaging—even fun—for executives.
Walter Haydock, founder of StackAware, joins Greg Schaffer to discuss how AI-powered companies can manage cybersecurity, privacy, and compliance risks using the ISO 42001 AI governance framework.
Learn why AI literacy matters, what organizations can learn from Amazon’s AI missteps, and how to make smarter risk decisions in the age of generative AI.
Recently The Virtual CISO Moment podcast host Greg Schaffer was asked to participate in a question and answer session with students at Minnesota State University who are using his book Information Security for Small and Midsized Businesses as part of their studies. In this special and extended episode, a recoding of that conversation, they talk about concerns of small and midsized businesses and the outlook for the information security and cybersecurity fields.
In this inspiring and deeply personal episode of The Virtual CISO Moment, Greg Schaffer sits down with cybersecurity professional Andrew Staton to discuss his journey from high school CyberPatriot competitions in Huntsville to federal cybersecurity consulting.
Topics Covered:
How local cyber education programs launched Andrew’s career
The evolving landscape of CMMC and compliance misconceptions
Why data scoping is key for affordable federal compliance
The importance of mental health in cybersecurity
Andrew’s personal transformation and rediscovering purpose
Faith, community, and building a healthy cybersecurity lifestyle
Andrew’s story is one of grit, growth, and grace—a must-listen for cyber pros, students, and leaders alike.
In this episode of The Virtual CISO Moment, Greg Schaffer welcomes Brad Mathis, Senior Information Security Consultant at Keller Schroeder, for a wide-ranging discussion that spans four decades in technology and cybersecurity.
From his early days repairing computers and catching his first virus, to leading security teams and serving as a virtual CISO, Brad shares a wealth of real-world experience and insights.
Key highlights include:
Lessons from building networks in the pre-Windows 95 era
The importance of risk ownership, even with a vCISO
What makes a good (and bad) security culture
How to decompress in a high-stress industry
The role of mentorship and knowledge transfer in long-term success
Whether you're new to the field or a seasoned security leader, this episode offers perspective, wisdom, and practical takeaways.
In this episode, Greg Schaffer welcomes Christopher Carter, Chairman and CEO of Approyo, for a dynamic conversation about SAP, cybersecurity, and leadership. Chris shares his journey from early days at Coca-Cola to building a successful SAP consulting business, discusses key risks in SAP environments, and explores how AI is shaping threat detection. From monitoring legacy systems to helping clients bounce back from breaches, Chris brings both technical insight and human perspective—plus a little inspiration from Rocky Balboa. A must-listen for anyone navigating enterprise tech, mid-market security, or leadership in the digital age.
On this episode of The Virtual CISO Moment, Wesley Widner shares his inspiring journey from law enforcement to cybersecurity, emphasizing the power of networking, authenticity, and a lifelong learning mindset.
Wes founded White Hat Wes Cybersecurity to help others break into the field by providing a free platform for sharing blogs, projects, and cyber resources—fostering community and mentorship.
He highlights the importance of empathy during incidents, honest communication, and servant leadership as keys to success in InfoSec. Faith and family keep him grounded as he balances career growth and entrepreneurship.
In this episode of *The Virtual CISO Moment*, Greg **Schaffer** sits down with Michael Scheidell, CISO of Security Privateers and Managing Director of Team One Support. Michael shares his unconventional path from robotics to cybersecurity, lessons learned from building companies, and why real-world experience matters more than certifications. He also opens up about stress, service, and his passion for helping veterans transition into IT. A conversation that blends technology, business, and humanity—don’t miss it.
In this episode of The Virtual CISO Moment, Dylan Owen shares his journey from webmaster in the 1990s to leading cybersecurity teams at Raytheon and serving as CISO at Nightwing. He reflects on the challenges of transitioning into executive leadership, the realities of the vCISO role, and how SMBs can best approach detection and response. Dylan also offers insights on making security frictionless, plus how he manages stress with fitness and his love for soccer.
In this episode of The Virtual CISO Moment, Greg Schaffer talks with Keith Walker, System Administrator at Nephrology Associates of Northern Illinois and Indiana (NANI), about his unique path into IT, sparked by inheriting his late stepfather’s tech gear. Keith shares how building a home lab, securing a static IP, and hands-on tinkering shaped his career, and discusses the challenges of balancing operational efficiency with security in a healthcare environment. They explore the critical role of soft skills in IT, adapting to constant changes in Microsoft technologies, and preparing for AI-powered tools while meeting HIPAA and other compliance requirements. Keith also reflects on developing patience with end users, the importance of staying hands-on in tech leadership, and how he decompresses through family time and motorcycle rides.
In this episode of *The Virtual CISO Moment*, Greg Schaffer sits down with Samuel Hill, Senior Director of Product Marketing at Mind, to explore how authentic, empathy-driven marketing can cut through cybersecurity’s buzzwords and truly connect with practitioners. Hill shares his journey from the ER to the startup world, the power of storytelling in building trust, and why the industry is shifting from compliance checkboxes to real security programs. They also discuss Mind’s unified approach to protecting sensitive data at rest and in motion, plus how to manage stress and stay grounded in a high-pressure field.
In this episode, Greg talks with Jason Jauch, founder of C^2, about the challenges and rewards of delivering cybersecurity to healthcare practices. Jason shares his journey from hands-on IT to virtual CISO, why compliance doesn’t equal security, and how his one-stop-shop model helps clients manage risk without the noise. They also discuss upcoming HIPAA changes, niche security gaps in ophthalmology, and how Jason stays grounded through CrossFit.
Greg Schaffer sits down with Harris Schwartz, Founder of vSecurity Advisor and seasoned cybersecurity executive. With over 30 years in the field, Harris shares his journey from the dawn of the public internet to advising organizations on building risk-based, business-aligned security programs. Tune in for insights on leadership, mentorship, and creating a resilient cybersecurity culture.