Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Dejan Kosutic
  • 0.0 (0)
  • MANAGEMENT

“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

  1. 11H AGO

    Responding to Ransomware Attack [Case Study] | Interview with Yannick Hirt

    Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the attacker threatened data release. Key lessons include tested backups, detection and provider SLAs, privileged access controls, BIA/process mapping, strong documentation and forensics, communications, insurance coordination, and regular training. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Yannick Hirt (00:54) - How the Attack Started: Cloud Transformation, Gaps, and a Phishing Entry Point (04:06) - Day Zero Response: Disconnecting Systems and Standing Up the War Room (07:54) - Early Critical Decisions: Recovery Streams, Stakeholders, Police & Insurance (09:08) - Restore vs Rebuild: Mapping Critical Apps and Validating Backups (11:11) - Talking to the Attackers: “Service Desk” Negotiations and Typical Ransom Size (14:09) - To Pay or Not to Pay: Strategy, Data-Leak Risk, and Criminal “Reliability” (16:12) - Recovery Timeline & Aftermath: Dark Web Leak, Employee Calls, and Government Response (21:20) - Who Decides the Recovery Order? IT + Business Alignment (23:47) - PR in the War Room: Internal Updates, Guidelines & External Liaison (25:06) - Senior Management’s Real Job During Recovery (27:38) - Working With Cyber Insurance: Support Now, Paperwork Later (30:37) - Forensic Report Deep Dive: Entry Point, Lateral Movement, and Tradeoffs (32:25) - Consultants in a Ransomware Crisis: Networks, Pragmatism, and Calm (41:30) - Resources for Consultants and Cybersecurity Professionals

    43 min

  2. FEB 10

    What Should the Board Ask the CISO? | Interview with Clar Rosso

    In this episode, Dejan Kosutic talks with Clar Rosso, CEO of Rosso Strategic Advisors, board member of Excelsior University, and the former CEO of ISC2, about the evolving role of boards for cybersecurity. They discuss the increasing importance of cyber governance, the impact of AI, the concept of digital resilience, and the interaction between cybersecurity professionals and boards of directors. Claire shares her insights on how to better integrate cybersecurity into business operations and enhance board members' understanding. Tune in to learn how a strong cyber posture can help businesses achieve their strategic goals and mitigate risks. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Clar Rosso (00:21) - Introducing Today's Guest: Clar Rosso (01:18) - Cybersecurity as a Business Issue (03:54) - Board Members' Role in Cybersecurity (05:19) - Cyber Resilience vs. Cyber Defense (07:59) - Cybersecurity's Role in Business Growth (09:13) - Effective Communication with the Board (19:56) - Compliance and Risk Management (25:00) - The Future of Cybersecurity Audits (31:19) - Board's Role During a Cyber Breach (35:44) - Resources for Consultants and Cybersecurity Professionals

    37 min

  3. JAN 27

    The Crucial Role of Management Review in Cybersecurity Governance | Interview with Carlos Cruz

    In this special first-year anniversary episode of the Secure and Simple Podcast, host Dejan Kosutic from Advisera welcomes back Carlos Cruz, founder of Metanoia Consulting and ISO expert. They deep-dive into best practices for conducting effective management reviews, covering not just ISO 9001 and ISO 14001 but also ISO 27001 and other cybersecurity frameworks. The discussion highlights the importance of top management’s involvement, the process of converting raw data into actionable insights, and setting future objectives. Ideal for consultants, CISOs, and cybersecurity professionals aiming to enhance their governance and compliance strategies. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on management review (00:21) - Guest Introduction: Carlos Cruz (01:46) - Understanding Management Reviews (07:34) - Effective Management Review Practices (12:34) - Management Review Process (23:35) - Frequency and Importance of Management Reviews (28:40) - Setting and Reviewing Objectives (33:05) - Auditing and Performance (37:50) - Common Pitfalls in Management Reviews (41:25) - Consultant's Role in Management Reviews (49:28) - Integrated Management Systems (55:04) - Resources for Consultants

    56 min

  4. JAN 13

    Resolving a Conflict Between IT and Cybersecurity | Interview with Jared Leuschen

    In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, discusses the ongoing conflict between IT operations and cybersecurity governance with Jared Leuschen, CEO and Founder of Blue Tree. They delve into the human component behind security and compliance issues, misalignment and communication gaps within organizations, and practical solutions for aligning IT and cybersecurity efforts. The discussion also covers the importance of risk management, the role of consultants, and effective communication strategies between IT and cybersecurity teams. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jared Leuschen (01:12) - The IT and Cybersecurity Conflict (03:21) - Finding Alignment Through Communication (06:05) - Proactive IT Involvement in Cybersecurity (15:19) - Time Management and Leadership in IT (17:38) - The Role of Consultants in Cybersecurity (23:46) - Vendor Management and Supply Chain Security (30:33) - Aligning IT and Security with Business Goals (40:17) - Resources for Consultants

    42 min

  5. 12/30/2025

    Penetration Testing & Threat Intelligence: Enhancing Cybersecurity | Interview with Sasa Jusic

    In this episode, host Dejan Kosutic interviews Sasa Jusic, a board member at Infigo IS and a cybersecurity expert. They delve deep into penetration testing and cyber threat intelligence, explaining their roles in enhancing cybersecurity. Learn about the differences between offensive and defensive security measures, the importance of DORA and ISO 27001 frameworks, the critical steps for preparing and executing successful penetration tests, and the elements of threat intelligence. Sasa also shares insights on the collaboration between IT and security teams, as well as the role of consultants in this evolving landscape. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Sasa Jusic (01:41) - Penetration Testing and Threat Intelligence Relationship (06:23) - DORA and Its Impact on Cybersecurity (08:22) - Types of Penetration Testing (10:33) - Preparing for a Successful Penetration Test (13:07) - Reporting and Translating Technical Findings (15:56) - Acting on Penetration Test Reports (19:52) - Understanding Threat Intelligence (22:11) - Tools for Threat Intelligence (29:01) - Common Misconceptions About Threat Intelligence (31:58) - Opportunities for Cybersecurity Consultants (36:42) - Key Recommendations for Security Officers (40:13) - Resources for Consultants

    42 min

  6. 12/16/2025

    Simplifying ISO Standards: Insights and Best Practices | Interview with Jim Moran

    In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Jim Moran, founder of SimplifyISO, to discuss the importance and methods of simplifying ISO management systems. Jim, with over 30 years of consulting experience, shares valuable insights on how overly complex management systems can hinder employee understanding and implementation, leading to higher costs and minimal return on investment. Key topics covered include the benefits of simplification, principles for effective ISO implementation, and the use of visuals and flowcharts. The episode also explores how consultants can leverage simplification to build stronger relationships with clients and scale their consulting businesses efficiently. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jim Moran (01:20) - The Importance of Simplifying ISO Implementation (03:34) - Key Concepts in ISO Simplification (08:47) - Using Visuals and Flowcharts for ISO Processes (11:49) - Simplifying Documentation and Internal Audits (24:18) - Visual Aids and Risk Assessment in ISO (31:42) - Microlearning for Cybersecurity Awareness (36:26) - Automating Document Control in ISO Standards (38:51) - Balancing Complexity and Simplicity in Software Tools (47:26) - Simplification Strategies for Consultants (56:40) - Resources for Consultants

    58 min

  7. 12/02/2025

    Mastering Internal Audits for ISO Standards | Interview with Carlos Cruz

    In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO at Advisera, welcomes Carlos Cruz, founder of Metanoia Consulting and a seasoned expert in ISO standards. Carlos and Dejan share best practices for performing internal audits across various ISO standards, including ISO 27001, and other cybersecurity frameworks such as NIS2 and DORA. Key topics discussed include the importance of internal audits, how to prepare effective audit checklists, and the role of AI in the future of auditing. The episode also explores the differences between internal audit programs and plans, the significance of audit objectives, and offers practical advice for consultants looking to expand their services into internal auditing. Carlos provides a deep dive into ensuring compliance and effectiveness while offering practical tips on maintaining independence and delivering valuable audit reports. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on internal audits (01:38) - Importance and Best Practices for Internal Audits (04:55) - Audit Objectives and Their Importance (09:38) - Creating an Internal Audit Program (13:31) - Audit Plans and Internal Audit Checklists (27:06) - Conducting the Main Audit (30:10) - The Importance of Evidence in Auditing (36:43) - Preparing the Audit Report (42:13) - Consultants and Internal Audits (49:29) - Remote Auditing: Challenges and Opportunities (57:17) - AI in Internal Auditing (01:04:34) - Resources for Consultants

    1h 6m

  8. 11/18/2025

    Exploring Cyber Warfare: Risks, Strategies, and Solutions | Interview with Steve Winterfeld

    In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Steve Winterfeld, a seasoned security consultant, fractional CISO, and author of the book 'Cyber Warfare Techniques, Tactics, and Tools for Security Practitioners.' The discussion revolves around the relevance of cyber warfare for companies, the different types of cyber threats, and strategic ways to address them. Steve shares insights on cyber warfare's impact on various sectors, from espionage and sabotage to operational tactics. He emphasizes the importance of risk assessment, the utility of frameworks like the MITRE ATT&CK framework, and approaches to security hygiene. The conversation provides a comprehensive look at how businesses can enhance their cybersecurity measures to safeguard against advanced threats. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Steve Winterfeld (01:10) - Understanding Cyber Warfare (05:41) - Impact on Commercial Sector (13:01) - Strategic, Operational, and Tactical Perspectives (17:27) - Risk Management and Mitigation (25:48) - Securing Supply Chains and Crisis Management (30:36) - Validation Exercises and Technical Debt (34:47) - Cybersecurity for Smaller Companies (36:49) - Consulting Opportunities in Cybersecurity (51:41) - Resources for Consultants

    53 min
See All (29)

About

“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

Information

You Might Also Like