Areas Of Expertise
With over 33 years of experience in information technology and security, Greg Schaffer is a seasoned information security executive proficient in information security program and project management, information security risk assessment and mitigation, vendor risk management, policy and standards creation and implementation, and disaster recovery and business continuity.
He is the founding principal of vCISO Services, LLC, an information security consulting firm providing small and midsized businesses with strategic information security expertise and has provided virtual CISO services for many small and midsized businesses in a variety of industries.
Previous full-time CISO-level experience includes serving as the VP Information Security for FirstBank, the Chief Information Security Officer for the Metropolitan Government of Nashville and Davidson County, and the AVP Network and IT Security at Middle Tennessee State University.
Greg is active in the security, technology, and risk management communities. He hosts The Virtual CISO Moment podcast, weekly discussions with information security professionals with varied backgrounds and stories, and is the author of the book Information Security for Small and Midsized Businesses.
He currently serves on the Middle Tennessee State University Information Systems and Analytics advisory board. Previous security and risk management community leadership roles include board of directors for the Nashville Technology Council Veterans Peer Group as a veteran advisor (USAF, Operation Desert Storm), FS-ISAC Community Council inaugural co-chair, Middle Tennessee ISSA chapter board member, Middle Tennessee Risk Management Association board member, and chair of the Tennessee CISO Roundtable.
He holds a Master’s degree in Information Systems Project Management from Middle Tennessee State University, a Bachelor’s degree in Mechanical Engineering from the University at Buffalo, maintains a current CISSP certification, is a CMMC Registered Practitioner, and is Open FAIR certified.
NIST 800-171 Incident Response Plan & Reporting Requirements
7 Proven Security Incident Response Steps For Any Breach
Security Incident Response Lifecycle Explained
11 Free & Open Source Cybersecurity Tools For Small Business
How To Create An Incident Response Plan For Small Business
What Is Incident Response? (The Definitive Guide For 2024)
How Does Ransomware Spread? (5 Common Methods In 2024)
How To Detect, Mitigate, & Prevent Insider Threats
Why Continuous Security Monitoring Is A Requirement In 2024
From PurpleSec's Video Library
Explore Our Security Solutions
Ready To Get Secure?
Reach Your Security Goals With Affordable Solutions Built For Small Business