John Shaffer is the CISO and Principal Consultant at VIRCONIX. Prior to this, he has been a transformational technology and security leader, innovator, and strategist. with over twenty-eight years of progressive experience as a CIO and CISO. Led technology and cybersecurity operations for a 1.2 billion, 17 location multi-national investment banking firm, with annual revenues of 300 million. Established the global security program for Greenhill, a publicly traded financial services firm, acquired by Mizuho Americas in January 2025.

• Established and maintained an enterprise information security program and strategy at Greenhill.

• Established a comprehensive enterprise information security and technology risk management program.

• Navigated the firm through multiple global regulatory and compliance requirements, including FINRA, SEC, SOX, FCA, GDPR, BaFin (DORA), MAS, HKMA, FSA, and ASIC.

• Implemented security framework,s including NIST CSF, ISO27001, SOC2, GDPR, DORA, and CIS 2.0.

• Managed a 21-million-dollar budget with 1.2 million dedicated to security. Maintained a technology and security budget consistently below 3% of annual revenues.

• Communicated cyber risk to the Board of Directors, utilizing a formal cybersecurity maturity assessment program that delivered the progress of the program quarterly. Provided key information on how the firm stacked up against current headline breaches. Provided risk metrics relative to other firms in the industry.

• Delivered to the Board and senior leadership a roadmap, meaningful metrics, and the vision and leadership to steer the company in the right direction.

• Successfully achieved cost reductions, process improvements, risk mitigations, and cost savings by spearheading the implementation of numerous security platforms.

• Reduced risk by over 80% based on statistics from comparable financial services firms.

• Achieved zero significant security events in the entirety of the program at Greenhill.

• Instituted and maintained a 24x7 global security operations center (SOC), leveraging external service providers, to gain expertise while reducing costs.

• Managed the development of a fully operational incident response and business continuity plan, working across functional groups including legal, finance, and banking.

• Negotiated complex vendor IT contracts and outsourced third-party solutions, coordinating with legal and compliance teams to establish and enforce comprehensive policies, procedures, and standards.

Before Greenhill, John was Director of Technology for J.H. Whitney, a venture capital firm. He also held roles as a technology consultant for various firms in financial services, consumer products, real estate, and industrial manufacturing.