Greg Schaffer

Greg Schaffer is an information security advisor, author, and former practicing virtual CISO with more than 35 years of experience in information technology and security. He is the founder and president of vCISO Services, LLC, a veteran-owned consulting firm that has provided fractional CISO and information security risk management services to small and midsized organizations since 2017.

Greg has served as a CISO or vCISO across a wide range of industries including banking and financial services, healthcare, higher education, aviation, SaaS, and local government. His experience spans building and operating security programs aligned to frameworks such as NIST CSF, ISO 27001/2, FFIEC, PCI DSS, SOC 2, and CMMC.

In addition to consulting, Greg is the host and producer of The Virtual CISO Moment podcast and the author of Information Security for Small and Midsized Businesses. He is currently writing a new book, So You Want To Be An Information Security Consultant, which draws on real-world lessons learned building and operating an independent consulting practice.

Greg is passionate about practical security, professional ethics, mentorship, and helping practitioners make informed career decisions grounded in experience rather than hype.