The Virtual CISO Moment

For our milestone 200th conversation, Caleb Mattingly joins us. He is the founder of Secure Cloud Innovations. He is a a cybersecurity professional with a passion for solving complex challenges and building innovative solutions that empower organizations to stay secure in an ever-evolving digital landscape. With a deep understanding of security frameworks, risk management, and cloud environments, he specializes in creating strategies that are both scalable and sustainable.

From the ISACA Middle Tennessee conference March 2025.

Darin McCloy is the VP Security and Compliance, CISO at PolicyCo. He is also the Cyber Security, Compliance, and Risk Adviser at Clarity Cyber Assurance, providing Cyber Security and Compliance consultation for clients in a wide range of industry verticals. He helps businesses and government administrators identify, prioritize, and manage information security risk through short term engagements or by integrating with the existing leadership team as a Virtual Chief Information Security Officer.

Josh Graves is the Director of Business Development at Foojee. Foojee creates solutions for their clients that improve productivity, combining passion for Apple products with love of training others in order to improve businesses using Macs, iPhones, and iPads. Join our discussion as we discuss the security of Apple products and whether I should choose a Mac as my next business computer-I am seriously considering such!

From the ISACA Middle Tennessee conference March 2025.

Will Klotz is a Senior Information Security Consultant at GuidePoint Security. As a CISSP-certified professional with an MBA and a proud veteran of the U.S. Army Signal Corps, he brings a unique blend of technical expertise, military discipline, and business leadership to the Governance, Risk, and Compliance (GRC) space. His career spans building and leading robust risk management programs, developing policies and standards, and driving innovation in cybersecurity practices.

Jim Bradfield is the CEO/Director at NAS Wireless. He is an experienced, innovative, visionary, professional CEO; leader, handler, cleaner, and mentor, with a demonstrated history of successfully completing high profile, complex, mission critical and stealth projects in the information technology and services industry. He has an MBA from the University of Phoenix and AT&T Computer Science courses at MIT, is a lifetime member of AFCEA (Armed Forces Communications and Electronics Association), and member of ASIS International (American Society for Industrial Security).

The views and opinions of the speaker do not represent the views and opinions of the FDIC.

From ISACA Middle Tennessee Conference March 2025.

Linda Finck was hired by the FDIC in December 1989 and currently serves as a Senior IT Examiner in the FDIC Dallas Region. She has:

- 30+ years experience in the financial services industry (working for a national bank and FDIC)

- 20+ years performing IT examinations of community financial institutions and regional data centers

- 20+ years serving as field office, regional office, and Washington office instructor/presenter for examiners, community groups, and financial institution directors, senior management, and IT personnel

- 5+ years serving as Examiner-in-Charge of a Significant Service Provider

She also was a contributing author of the March 2008 FFIEC Business Continuity Planning IT Examination Handbook.

David Kim (DK) is a trusted advisor as an AI, GRC, cybersecurity, and PCI DSS consultant and currently sits on Technical Advisory Boards, Governance Boards. He has centered his entire career around IT topics such as telecommunications, data networking, VoIP, unified communications, network management, information systems security, regulatory compliance, privacy, and auditing IT infrastructures for compliance. Learn how and why we met 24 years ago and thoughts around privacy and risk in the SMB space.

As featured in Top Cyber News Magazine's 2022 40 Under 40, Thomas Marr is an experienced information security professional with a lengthy history of supporting organizations ranging from tech startups to Fortune 500 companies to the United States Department of Defense (DoD). Thomas is also a proud veteran of the United States Army where he served on active duty as a Military Intelligence Analyst, specializing in signals intelligence (SIGINT) and open source intelligence (OSINT).
Thomas actively provides technical expertise to information security community projects as a Subject Matter Expert (SME) who evaluates industry-respected credentials on CompTIA's Certification Advisory Committee for Cybersecurity, as a technical reviewer for global technology book publisher Packt, and as a mentor to junior information security professionals in his free time.

From the Middle Tennessee ISACA Conference March 19, 2025.

Adam Malone is a Leadership Consultant at The Tenacious Operator, a Leadership Consultancy with a focus on developing teams, not solely individuals. He works with Professional Services firms like Accountants, Engineers & Lawyers, Regional Banks, other small to medium businesses.

In addition to Leadership Consulting he helps his partner with firms, associations & trade groups to deliver engaging keynotes & workshops to build high performing teams.

Joshua Crumbaugh joins us for a special Thursday edition of The Virtual CISO Moment. With over 20 years of experience in cybersecurity, he is the CEO of PhishFirewall, a company that helps organizations solve their phishing problem. He has a credential in Offensive Security and has published a book on cybersecurity education and awareness. Join us as we discuss the human factor in securing information. Also, if you're in the Huntsville Alabama area, catch his keynote at BSides Huntsville THIS SATURDAY (April 12, 2025), where he will discuss the launch of an exciting new product. Here's a hint from a recent post of his: "Ready to STOP phishing COLD? 'Emotional Intelligence EQ' is the new superpower in combatting social engineering attacks."

As a Principal in the DenSecure team at Wolf & Company, P.C., Sean Goodwin leads and executes cybersecurity projects for clients across various industries, including healthcare, financial services, and retail. He has over a decade of experience in cybersecurity and information security and holds several credentials, such as GSE #271, CISSP, CISA, GIACx13, QSA, and PCIP. His mission is to help organizations improve their security posture and resilience against cyber threats. We touch on many topics including the need to properly understand PCI DSS CDE scope, compliance versus security, and how trust may be the most important element when effecting positive changes in the information security program.

Chris Camacho is the Co-Founder and COO of Abstract Security. Abstract Security collects and routes data from cloud sources (such as AWS CloudTrail, Azure Activity Logs and GCP Audit Logs), removes unwanted noise, performs optimization, threat enrichment and normalizes data to OCSF schema in real-time before routing it to any SIEM or data lake of your choice.

Join us as we discuss his path in information security, pivoting from an executive security career for global financial originations to startups, all as part of a passion for helping to make the world more secure. And check out Abstract Security's new book, Applied Security Data Strategy, with sections written by leaders in the information security field. Download it for free at https://www.abstract.security/applied-security-data-strategy-ebook.

John Masserini is the founder and managing partner of SentiCon Security, the voice behind the award-winning blog Chronicles of a CISO, and a founding member of BSides South Florida. He also is the creator of the popular and very useful NIST Cyber Security Framework Maturity Toolkit, available on GitHub. He brings his years of experience as a CISO and as executive coach, Virtual CISO, independent consultant, and proprietor of SentiCon Security to the conversation, where we explore the necessity of trust in the security provider relationship, giving back, adjusting to life after years as a CISO, and other great stuff!

Tyler Bartley is a Cybersecurity Engineer at Critical Start. Join us as we discuss the benefits of taking a break to rediscover your passion, the risk o SMBs of unqualified personnel, and how music can help bring stress down.

Dylan Evans is the Workstream Owner at Simple Salt. They stop internet crime and demystify security for businesses with a lot to lose by explaining exactly how internet crime practically threatens business health and goals, and the easiest and most effective things you can do about it. Join us for a fascinating discussion as we dive into how we as an industry are failing SMB security and how we can approach trying to find solutions.

With over 23 years of experience in the IT industry, Ryan Burch is a seasoned and versatile leader with a proven track record of planning, executing, and delivering complex and innovative IT solutions that align with organizational goals. He is passionate about empowering teams, streamlining operations, and ensuring high standards of quality, security, and performance in all aspects of IT service delivery. He is also the author of The History of Online Scans and How to Avoid them. Check it out at https://www.amazon.com/History-Online-Scams-Avoid-Them/dp/B0DXKHYZ84

Bob Davis joins us on a special episode to celebrate three years and 184 conversations on The Virtual CISO Moment. Bob is the Partner / Chief Information Security Officer of Franklin CISO Partners, LLC. Franklin CISO Partners provides virtual, fractional, and interim Chief Information Security Officer services to small and medium-sized clients in healthcare and financial services. Join us as we dive into information security issues healthcare and financial services and how a fractional CISO can help.

In the first installment of the SMB SME Series, phishing awareness training SME Cary Johnson discusses the need for third-party audits of security awareness programs. As he noted in a recent LinkedIn post https://www.linkedin.com/posts/activity-7293297179073392644-dJ6P/

"Cybersecurity awareness programs will never truly be effective if we continue to let vendors measure the performance of their own products. A common industry complaint is that many vendor tools and programs prioritize compliance but don't drive real behavioral change. Why? Because we’re allowing these vendors to control the narrative by providing the performance metrics for their own product."

Join us as we unpack this important issue. You may never look at phishing programs the same.

Mr. Michael Zambotti is a cybersecurity educator and consultant with extensive experience in the finance and legal industries. Michael teaches courses on governance, risk and compliance (GRC), cybercrime, and foundational cybersecurity classes at Saint Francis University. His practical experience and academic background uniquely position him to provide valuable insights to organizations to provide strategic consulting and align cybersecurity with business goals. Michael holds a degree in finance from Penn State University and a master’s degree in cybersecurity and intelligence from Utica University.

Dan Burgoon is the Founder and On-Demand CISO at k2 Cybersecurity Advisory, an agency that helps organizations transform cybersecurity, risk, and compliance from liability to market differentiator. They provide executive-level security leadership, helping companies protect data, ensure compliance, and mitigate risks—without the cost of a full-time CISO. He is an entrepreneurial security and technology risk leader with over 23 years leading high-performing global teams as large as 40, and budgets up to 15M, to measurable business outcomes.

Alex Bates is the Director of Information Security at Sinch. He is a business-minded and strategic information security leader with 13+ years of experience in technology and cybersecurity, including 10+ years leading global teams of up to 30 professionals. He is known for bringing teams and ideas together to achieve strong results in high-pressure environments through collaboration, trust, and transparency and holds the Certified Information Security Manager (CISM) | Certified Information Systems Auditor (CISA) certifications.

Adam Evans is the AVP Information Security Officer for Generations Bank. He is a dedicated technologist with a passion for information security and 15+ years experience. He discusses AI, cybersecurity, IT infrastructure management or any related topics, and welcomes collaboration and networking opportunities with fellow professionals who share a passion for security and technology. In today's episode, we dive into the insider threat issue for small and midsized businesses.

With over a decade of experience in the technology field, Jake McCoy, Founder of Hire A Geek Online, is passionate about learning and applying new software and hardware solutions to meet the needs of his clients. He has successfully completed multiple projects for small and medium businesses, as well as individual customers, delivering high-quality results and customer satisfaction. Join us as we discuss SMB security and technology challenges.

Josh Bruyning is the Executive Producer and Co-Founder at Bruyning Media, where creative storytelling transforms technical jargon into engaging podcasts that resonate with audiences. His educational foundation in English and Information Security Systems from the University of Minnesota and Metro State University, respectively, underpins my approach to content that secures client messages in the marketplace. He is also the host of the Cybernomics! podcast, (https://open.spotify.com/show/5fk6LxczA7RZXE5eKBhsH6) where he talks to today’s most inspiring founders and entrepreneurs about today’s business problems and tech. If you're in infosec or any aspect of technology and are thinking of creating a podcast or are just curious about some of what goes in to producing a successful podcast, this episode will not disappoint!

Courtney Hans is the VP of Services for Amtrust Cyber. However, she wasn't always in cybersecurity. As an adventure travel guide, she traveled the world delivering bespoke, life-changing experiences. The flexibility, curiosity, and relentless customer-focus required have shaped my professional choices and achievements ever since.

Join us as we discuss that investigative mindset and how those that have it stand out and are primed for success in the information security world.

We kick off season seven with an engaging conversation with Angelo Rysbrack, founder of Pronidus. Pronidus' mission is to serve as the indispensable bridge between IT professionals and auditors or consultants, fostering a culture of shared knowledge, robust security and continuous improvement. Pronidus translate complex security challenges into actionable strategies, ensuring that IT infrastructures are not only technically sound but also compliant with necessary regulations and prepared for rigorous audits. Join us as we discuss SMB security challenges!

Pete Strouse, CEO and Founder of InfoSec Connect, joins us for our last conversation of 2024. He has 10 years of experience recruiting in the cybersecurity industry, from technical engineering and architecture positions, to offensive security, DFIR, and security compliance. Join us as we dive into the cyber talent market challenges and opportunities! And be sure to check out his podcast Talent Gap Fireside Chat for more cyber job market discussions https://youtube.com/@TalentGapFiresideChat

Aaron M. Bostick is a seasoned CISSP-certified professional with 16+ years of expertise in IT Operations and Information Security Program Management. He excels in the implementation of ISO-27001, SOC-2, PCI, NIST 800-171, and CMMC security frameworks. During his tenure in leadership positions, including Deputy CISO at ThriveDX (formerly HackerU) and Manager of Information Security at K2 Software, Aaron has successfully implemented security policies, risk assessments, and compliance with various industry standards.

Join us as we dive into many infosec topics including an in-depth discussion on the responsibility matrix, a necessary tool when working with service providers to ensure your and your client's or employer's information is kept secure, regardless of where it resides.

Brian Montgomery is a hands-on technical expert and Army leader with 6+ years of penetration testing, telecommunication and network security, as well as intrusion detection experience. He is a team player with excellent communication skills, superior quality of work, and character. Today's episode includes military experience that helped him in his civilian career, the benefits of having the time and resources to do internal pen testing right.

Serial entrepreneur and tech leader Troy Crabtree joins us for the 171th discussion on The Virtual CISO Moment. Currently the CTO for Parking Management Company, he has a long, distinguished, and continuing career in technology, which includes a stint working with me at Middle Tennessee State University roughly 25 years ago. Join us as we talk tech, including how security personnel from security analyst to CISO can improve their communication with the technology leaders and staff.

Jim Bradfield, CEO of NAS Wireless, recently joined me on Tech Talk on NowMedia. You can catch other discussions with him and other tech pros every Thursday at 4 PM Central. https://nowmedia.tv/

John Martin is an accomplished cybersecurity leader with over 30 years of experience driving strategic initiatives, optimizing IT operations, and mitigating risks for complex organizations across on-premise and cloud infrastructures. He has a proven track record in building high-performing teams, implementing robust security frameworks, and delivering innovative solutions. Skilled in navigating complex regulatory environments, such as HIPAA, GLBA, and NIST, he is able to seamlessly collaborate with C-suite executives, board members, and technical teams to achieve business objectives while maintaining a strong security posture.

Stephan Timler is an Inside Sales Rep - Strategic Accounts (Communications, Media, Technology and Manufacturing) for Splunk. As such, he is responsible for sourcing and advancing opportunities from strategic accounts using multi-channel prospecting, relationship building, analytical skills and discovery skills. We discussed the role and importance of sales in the information security ecosystem, a topic many security practitioners do not understand well.

Ryan Gallagher is Attorney at and Co-Owner of Ritter Gallagher. Ritter Gallagher advises organizations across virtually all industries on data privacy and cybersecurity compliance, planning and response, working closely with corporate in-house privacy professionals and information security teams to meet regulatory obligations and develop policies and procedures to mitigate the occurrence and impact of cybersecurity incidents. Check them out at rittergallagher.com.

In this episode, I introduce Tech Talk, a new show on NowMedia TV. Dr. Byron Reese, author of The Fourth Age: Smart Robots, Conscious Computers, and the Future of Humanity and Dr. Pamela Gay, Senior Scientist at Planetary Science Institute joined me on my first episode that aired in October. Get a taste for Tech Talk and catch full episodes very Thursday on NowMedia TV.

Lucas Gates is a Managing partner with Triton Infosec's Cyber Security Practice. In this role, he partners with clients to identify risks to modern-day threats through penetration testing, web application vulnerability testing, social engineering and network vulnerability assessments. He has vast experience in all types of technical security testing, application security, and application development and has won top prizes in a number of hacking competitions including Symantec’s Cyber Readiness Challenge and DerbyCon’s Capture the Flag.

Are you facing or have you dealt with discrimination or retribution in the workplace? Heather Wallander is the founder of JustiProof. JustiProof is more than just an application – it's a solution for anyone facing discrimination or retaliation, especially those who no idea where or how to fight back. Even if you have never been in a toxic work environment, it can happen to anyone. Learn how to address the negativity and don't try to manage through it in silence and stress, as I did.

Sheryl Benedict is a PCI DSS enthusiast and information security and compliance leader with over 25+ years of experience in providing various services for companies ranging from small private companies to Fortune 50 / 500 Global Organizations. She is also one of 24 globally renowned PCI SSC women in payments leaders in the payments industry. She was a PCI DSS speaker at the North America and Europe PCI SSC community meetings and a global PCI DSS speaker for Cyberwise conference in Turkey. Join us as we dig into PCI concerns for small and midsized businesses.

Cary Johnson has developed a fully managed phishing awareness and auditing program that provides true value to phishing simulations. Legacy phishing simulators lack a performance measurement framework that undeniably measures impact. His innovative performance measurement framework establishes true baselines and resets them monthly to provide objective incremental impact metrics - ultimately answering the question "Is our phishing training truly working?".

Links noted in podcast:

• Hacker Halted Conference - https://hackerhalted.com/ Use code HHTCVIP for free registration.
• CvCISO -https://learn.securitystudio.com/courses/cvciso-1-foundation-course-october-2024?ref=c133a1 New Cohort starts TODAY (October 8, 2024). Use code gregschafferdiscount to get $500 off

• Information Security for Small and Midsized Businesses - https://www.amazon.com/Information-Security-Small-Midsized-Businesses/dp/1733066861/

Kodjo Hogan is an experienced Information Security Professional boasting a wealth of Operational and Project Management experience. He has 10+ years of experience leading teams of 10+ staff members. He has been integral to award-winning projects with annual budgets ranging from $100K-$5.7M. He possesses a dynamic mix of experience offering a uniquely holistic perspective on Information Security, Traditional IT infrastructure, Cloud Infrastructure, Information Security Risk Management, and Project Management.

Matthew Quammen's journey in cyber security dates to dial-up internet and AOL accounts. He has seen first hand the disastrous effects of Data Loss. His father was a blue-collar business owner who lost a significant portion of the value of his life's work due to a Data Loss Event. He is passionate about working with the right partners to help companies from falling victim to the same outcomes.

Since the very first days of the Internet, Warner Moore has been part of tech. His love for technology and for building things, for easily and effectively sharing information, and for communicating with people across the world are why he is dedicated to helping companies improve their tech. As the founder of Gamma Force, a large part of what he does is provide innovative strategies for augmenting tech and cybersecurity capabilities. Additionally, working with the tech community in Columbus, OH led him to create Tech Community Coalition (TCC), a non-profit organization whose mission is to enable the tech startup community through education and mentorship.

Mark Burnette is the Chief Growth officer for LBMC and the author of Risky Business: Cybersecurity Leadership the Right Way. Driving growth (increased revenue) has been an important part of his career. During his 30+ years in the professional world, he has helped start and build service lines for three major professional service firms, led a boutique consulting firm as President, and co-founded, built, and sold a software company, among other career experiences. W discuss lie after the CISO, how we all are sales persons in some way, his book, and much more. Viewers and listeners can obtain a free copy of his book by visiting https://www.lbmc.com/blog/risky-business-cybersecurity/

Shane Simmons is the Senior Director IT Security, Global Lending Services LLC. As a seasoned IT executive with over a decade of experience, he specializes in driving cybersecurity and information technology strategies that transform organizations. His expertise as both a Chief Information Officer (CIO) and Chief Information Security Officer (CISO) uniquely positions him to lead comprehensive digital transformation efforts while ensuring robust cybersecurity frameworks that protect critical assets and drive business outcomes.

Pius Emmanuel Papka is a Malware Engineer (Internship) with the Army War College, Abuja, Federal Capital Territory, Nigeria. We discuss his reasons for entering the cybersecurity field, serving his country, and his desired career growth path. He also provided some tips to me about Football (Soccer to Americans). Finally, he provides the answer to the question: if Americans receive scam emails from a Nigerian prince promising much money, do Nigerians receive the same from an American prince?

Matthew Harvey an information security professional with both deep and wide experience in the field of computers and networking. He has been in the computer business full-time since 1997, and has done a little bit of everything. He has expertise in everything from intrusion detection and malware analysis to Cisco LAN and WAN internetworking configuration, as well as database and web development, design, configuration, and troubleshooting.

Praj Prayag-Debis the founder of Cyberpink Advisors, offering information security consulting services to small and midsized businesses. She is an influential tech-savvy Cybersecurity and Technology risk executive and a strategic leader with a demonstrated track record of building successful Cybersecurity and Governance, Risk, and Compliance (GRC) programs from the ground up. She has 15+ years of experience in diverse and complex environments, including Big4, Top tier financial services (Bank of America, Morgan Stanley, Macquarie Bank) and Fortune 50 (Comcast).

With more than 25 years of IT and Security experience, it is safe to say that information security is Matthew Webster's passion. Whether it is giving presentations to various members of the IT and Security community, providing direction to various organizations, or formerly leading as a CISO, helping companies transform their practice one company at a time is what he loves doing. His extensive experience building an array of programs includes all the major disciplines of information security. This has helped him to build holistic programs and provide clients with a fast keen insights to help them facilitate their journey to better security programs.

Mike Burns is the Security Manager at Amberjack Global. He has been working within IT and security since the mid 90's. During his time he have been fortunate to work for both really niche small local firms no one will know, to working with the biggest names in Banking, Aero, Manufacturing and Defence, and managed operational security for one of UK HMG's largest outsourced services. Join us as we cover security from the perspectives of both sides of the pond!

Jeffrey Wheatman is SVP, Cyber Risk Strategist for Black Kite, an innovative company redefining third-party risk management around the globe. Previously, he was a Vice President in Gartner’s Cybersecurity and Risk Management Group, where he honed his understanding of cybersecurity through detailed research and analysis while building relationships with strategic business leaders in the field. He has also served as a DEF CON Speaker Goon for many years, beginning in 2007.