2020 National Cyber Summit

Summit Speaker Greg Schaffer

Session Information

Rise of the Virtual CISO
Wednesday, June 5, 2019 1:15 p.m. - 2:00 p.m.
There is a growing rift between the information security “haves” and “have nots,” and the threat actors know that as well. Cyber criminals increasingly target small and midsized businesses (SMBs) because they know SMBs likely do not have information security programs as robust as those large organizations have in place. Nor do they have experienced information security leadership, as the average annual cost of nearly $260,000 for a full-time CISO is out of the reach of most SMB budgets.

The Virtual CISO, or vCISO, has emerged to fill this need. While most SMBs cannot afford a full-time CISO, most also do not need one, just access to CISO expertise. Often as little as ten hours per month of a virtual CISO can bolster an SMB's information security program and posture to nearly the same level as if they had a full-time CISO on staff.

This presentation will discuss why the virtual CISO has become a viable option for businesses, what to look for in a virtual CISO, and what a virtual CISO can and cannot do for your small or midsized business.

Von Braun Center - North Hall Salon 2
Greg Schaffer photo
Greg Schaffer
Principal
vCISO Services, LLC
With over 29 years of experience, Greg is a seasoned information security executive proficient in information security program and project management, information security risk assessment and mitigation, vendor risk management, policy and standards creation and implementation, and disaster recovery and business continuity. He is the Founding Principal of vCISO Services, LLC, an information security consulting firm providing small and midsized businesses with strategic information security expertise. Greg's previous full-time CISO-level experience includes serving as the VP of Information Security for FirstBank, the Chief Information Security Officer for the Metropolitan Government of Nashville and Davidson County, and the AVP Network and IT Security at Middle Tennessee State University.

Greg is active in the security, technology, and risk management communities and currently serves on the board of directors of the Nashville Technology Council Veterans Peer Group. Previous security community leadership roles include Middle Tennessee Risk Management Association board member, FS-ISAC Community Council co-chair, Middle Tennessee ISSA chapter board member, and chair of the Tennessee CISO Roundtable. He holds a master's degree in Information Systems Project Management from Middle Tennessee State University and a bachelor's degree in Mechanical Engineering from the University at Buffalo and is a current CISSP.