Home
Podcasts
Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance
Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance
Secure & Simple demystifies governance and compliance challenges faced by CISOs, consultants, and other cybersecurity professionals. Hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA, the episodes present topics in an easy-to-understand way. The podcast provides unique insights and practical advice for navigating complex regulatory frameworks. Listeners can suggest topics or participate in the show by contacting the team at podcast@advisera.com.
Episodes
ISO 27001 Certification: What Will the Auditor Look For? | Interview with Aron Lange
In this Secure & Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Aron Lange, founder of GRC Lab and an ISO 27001 certification auditor, about what auditors look for in certification audits. Aron highlights common nonconformities and explains how auditors gather objective evidence through interviews, document review, and observation, emphasizing execution over p
Anthropic’s Mythos and the Future of Vulnerability Management | Interview with Thom Langford
In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO at Advisera) speaks with Thom Langford, CTO for the EMEA region at Rapid7, about Anthropic’s new AI model “Mythos” and its impact on cybersecurity. Langford argues that the fundamentals remain the same - discover, risk-contextualize, and patch - but the speed, scale, and volume of findings will surge, exposing immature vul
What CISOs Must Do Now About Quantum? | Interview with Andrew Gault
In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Andrew Gault (CEO of ZeroTier) about how quantum computing could impact cybersecurity, especially encryption and identity. They explain key terms like post-quantum cryptography (PQC), Q-Day, cryptographically relevant quantum computers, and main threats, “harvest now, decrypt later” and “trust now,
Continual Improvement, Nonconformities, and Corrective Actions | Interview with Carlos Cruz
In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Carlos Cruz, founder of Metanoia and an ISO 9001/ISO 14001 expert, about continual improvement in ISO standards and how the concepts apply to cybersecurity. They explain continual improvement through the PDCA cycle, using data and Pareto analysis to focus on key issues, then performing root cause analys
Cyber Ranges, Attack Simulations & AI: Proving Cyber Readiness | Interview with Lee Rossey
In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) speaks with Lee Rossey, CTO and co-founder of SimSpace, about why much cybersecurity training is becoming outdated as AI accelerates both threats and defensive stacks. Rossey explains “train like you fight” through realistic, hands-on, team-based cyber range exercises that emulate an organization’s environment
AI Agents vs. AI Agents: The Future of Security Operations | Interview with Monzy Merza
In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Monzy Merza, co-founder and CEO of Crogl, about how cybersecurity is shifting to an “agent versus agent” world where attackers task AI agents to run fast, low-cost, sophisticated campaigns without human approvals. Merza outlines core security operations activities—preparation/tooling, alert investigatio
Zero Trust as a Mindset: Identity, Governance, and Access | Interview with Andrew Gault
In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Andrew Gault (CEO of ZeroTier) about Zero Trust as a strategy and mindset rather than a single technology, shifting away from perimeter-based security to “default deny” with continuous verification. Gault outlines core layers such as identity for users and devices, policy-based scoring, encryption,
Responding to Ransomware Attack [Case Study] | Interview with Yannick Hirt
Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the
What Should the Board Ask the CISO? | Interview with Clar Rosso
In this episode, Dejan Kosutic talks with Clar Rosso, CEO of Rosso Strategic Advisors, board member of Excelsior University, and the former CEO of ISC2, about the evolving role of boards for cybersecurity. They discuss the increasing importance of cyber governance, the impact of AI, the concept of digital resilience, and the interaction between cybersecurity professionals and boards of di
The Crucial Role of Management Review in Cybersecurity Governance | Interview with Carlos Cruz
In this special first-year anniversary episode of the Secure and Simple Podcast, host Dejan Kosutic from Advisera welcomes back Carlos Cruz, founder of Metanoia Consulting and ISO expert. They deep-dive into best practices for conducting effective management reviews, covering not just ISO 9001 and ISO 14001 but also ISO 27001 and other cybersecurity frameworks. The discussion highlights t
Resolving a Conflict Between IT and Cybersecurity | Interview with Jared Leuschen
In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, discusses the ongoing conflict between IT operations and cybersecurity governance with Jared Leuschen, CEO and Founder of Blue Tree. They delve into the human component behind security and compliance issues, misalignment and communication gaps within organizations, and practical solutions for aligning I
Penetration Testing & Threat Intelligence: Enhancing Cybersecurity | Interview with Sasa Jusic
In this episode, host Dejan Kosutic interviews Sasa Jusic, a board member at Infigo IS and a cybersecurity expert. They delve deep into penetration testing and cyber threat intelligence, explaining their roles in enhancing cybersecurity. Learn about the differences between offensive and defensive security measures, the importance of DORA and ISO 27001 frameworks, the critical steps for pr
Simplifying ISO Standards: Insights and Best Practices | Interview with Jim Moran
In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Jim Moran, founder of SimplifyISO, to discuss the importance and methods of simplifying ISO management systems. Jim, with over 30 years of consulting experience, shares valuable insights on how overly complex management systems can hinder employee understanding and implementation, leading to hi
Mastering Internal Audits for ISO Standards | Interview with Carlos Cruz
In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO at Advisera, welcomes Carlos Cruz, founder of Metanoia Consulting and a seasoned expert in ISO standards. Carlos and Dejan share best practices for performing internal audits across various ISO standards, including ISO 27001, and other cybersecurity frameworks such as NIS2 and DORA. Key topics discussed include the
Exploring Cyber Warfare: Risks, Strategies, and Solutions | Interview with Steve Winterfeld
In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Steve Winterfeld, a seasoned security consultant, fractional CISO, and author of the book 'Cyber Warfare Techniques, Tactics, and Tools for Security Practitioners.' The discussion revolves around the relevance of cyber warfare for companies, the different types of cyber threats, and strategic w
Bridging the Cybersecurity Gap: From Tech Rooms to Boardrooms | Interview with Paul C Dwyer
In this episode of the Secure and Simple Podcast, Dejan Kosutic, CEO of Advisera, interviews Paul C Dwyer, founder and CEO of Cyber Risk International and president of the ICTTF. They discuss digital resilience from a business and strategic standpoint, the role of company boards in cybersecurity, and how to effectively bridge the communication gap between technical experts and business le
Mastering Integrated ISO Management Systems | Interview with Jim Moran
In this episode of Secure and Simple Podcast, hosted by Dejan Kosutic, we are joined by Jim Moran, founder of Simplify ISO and member of the ISO Committee 280. With over 30 years of experience in consulting and various ISO standards, Jim shares his insights on the High-level Structure (HLS) of ISO management standards and the integration of various ISO standards into a cohesive management
Volunteer Work in Cybersecurity Nonprofits | Interview with Aruneesh Salhotra
Join Dejan Kosutic, CEO of Advisera, on the Secure and Simple Podcast as he delves into the importance of cybersecurity NGOs with expert guest Aruneesh Salhotra. Explore the impact of organizations like OWASP and the Eclipse Foundation on global cybersecurity standards, the benefits of volunteering in these NGOs, and the influence of these nonprofits on government policies. Learn about Ar
Building a Business-Aligned Cybersecurity Strategy | Interview with Thom Langford
In this episode, Dejan Kosutic, CEO at Advisera, chats with Thom Langford, CTO of the EMEA region at Rapid7 and a director at (TL)2 Security. Thom shares invaluable insights from his 30-year career in cybersecurity, focusing on creating a business-aligned cybersecurity strategy and building a cybersecurity culture. Learn why understanding your business is crucial for effective cybersecuri
Demystifying Corporate Governance With ISO 37000 | Interview with George Kesteven
In this episode of the Secure and Simple podcast, host Dejan Kosutic interviews George Kesteven, CEO of Frontex, who shares his experience in corporate governance. They discuss the critical importance of proper documentation and knowledge management in organizations for effective governance and compliance. The conversation covers the fundamentals of ISO 37000, how it helps organizations m
U.S. vs International and European Cybersecurity Standards | Interview with John Verry
In this episode, host Dejan Kosutic, CEO of Advisera, welcomes John Verry, Managing Director at CBIZ Pivot Point Security consulting company. With over 25 years of experience and managing more than a thousand clients, John shares his immense expertise in various cybersecurity frameworks, including ISO 27001, CMMC, HIPAA, and HITRUST. The discussion delves deep into the complexities and op
Best Practices for Writing Policies and Procedures | Interview with Carlos Cruz
In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Carlos Cruz, founder of Metanoia Consulting in Portugal. They discuss essential best practices for creating and managing policies, procedures, plans, and other documents for compliance with ISO standards and cybersecurity regulations. Carlos shares insights on the distinction between procedures and work instru
The Journey and Insights of a Successful Fractional CISO | Interview with Terry Ziemniak
In this episode of the Secure and Simple Podcast, we sit down with Terry Ziemniak, an experienced fractional CISO with over a decade in the field. Terry shares his unique career journey from traditional cybersecurity roles to becoming a trusted fractional CISO. We discuss the key differences between full-time and fractional CISOs, how to balance multiple clients, and the importance of ali
ISO-as-a-Service and AI: Innovation in Consultancy | Interview with Alexander Jaber
In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Alexander Jaber, CEO of Compliant Business Solutions GmbH, a consulting company from Germany. They discuss ISO 27001 as a service, an innovative approach that combines consulting, policy writing, software, and certification into a cohesive package. Alexander shares insights on the consulting business, the impo
Role of EU Cybersecurity Bodies and How to Cooperate With Them | Interview with Brian Honan
In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Brian Honan, the CEO of BH Consulting, to discuss the evolving landscape of cybersecurity and its governance, particularly in the EU. Brian shares insights on the role of European cybersecurity bodies like ENISA and the importance of cybersecurity in business operations. The discussion covers how to effectivel
Coaching as a Service for Human-Centric Cybersecurity | Interview with Dominic Vogel
In this episode of the Secure and Simple Podcast, host Dejan Kosutic sits down with Dominic "Dom" Vogel, president of Vogel Cyber Leadership and Coaching. Dom shares his unique journey from traditional cybersecurity consulting to a more human-focused coaching approach. He emphasizes the importance of building strong, empathetic relationships within tech teams and improving internal brandi
Next-level Consulting: Marketing & AI Governance Opportunities | Interview with Tudor Galos
In this episode of the Secure and Simple Podcast, we delve into the secrets of becoming a subject matter expert and thriving as a consultant. Our special guest, Tudor Galos, shares his transition from a marketing role at Microsoft to establishing his AI and GDPR consultancy. We explore the power of providing valuable content, maintaining positive client experiences, and navigating the gro
How to Scale Cybersecurity Consultancy | Interview with Bevan Lane
In this episode of the Secure and Simple Podcast, host Dejan Kosutic speaks with Bevan Lane, CEO of InfoSec Advisory Group. Bevan shares his journey from starting as an independent contractor to building a successful cybersecurity consultancy with offices in South Africa and London, and clients across five continents. Learn about his approach to scaling the business, including hiring pass
Unlocking Business Value From NIS2: The Consultant’s Role | Interview with Philippe Cornette
In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Philippe Cornette, an interim CISO and founding partner at DigiSôter consultancy, to discuss the challenges and opportunities in cybersecurity consulting. They delve into the importance of aligning cybersecurity projects with business value, the evolving nature of cybersecurity frameworks like NIS2, and the cr
Understanding the EU Electronic Evidence Package | Interview with Cristos Velasco
In this episode of the Secure and Simple Podcast, host Dejan Kosutic welcomes Cristos Velasco, an independent consultant and associate professor specializing in cyber law, cybercrime, cybersecurity, and AI. They discuss the new EU electronic evidence package published in August 2023 and its enforcement in 2026, diving into the regulation, the directive, and its implications for law enforc
Leveraging Online Courses for Consulting Success | Interview with Richea Perry
In this episode of the Secure and Simple Podcast, host Dejan Kosutic welcomes independent cybersecurity consultant and Cyber JA podcast host, Richea Perry. Richea shares his journey from facing job loss during COVID-19 to becoming a successful consultant by leveraging online courses on platforms like Udemy. He discusses the importance of building a personal brand, creating valuable conten
Promoting Consulting Business Through Content Marketing | Interview with Punit Bhatia
In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Punit Bhatia, founder of FIT4Privacy Consulting Company, author of 4 books on GDPR, and host of the FIT4Privacy podcast. Punit shares his journey from working at a bank to becoming a leading consultant in privacy and AI governance. He discusses the importance of content marketing, personal branding, and consis
Trends in ISO Standards: Certification Body Perspective | Interview with Tom Wheat
In this insightful episode of the Secure and Simple Podcast, host Dejan Kosutic discusses the evolving landscape of standards with Tom Wheat, UK Country Manager at PJR. They delve into the importance of ISO 27001 as the benchmark for global information security, the internal processes within certification bodies, and the value certification bodies can add beyond just issuing certificates.
How to Combine ISO 27001 and GDPR | Interview with Luigi Viscione
This episode features Luigi Viscione, CEO and Founder of Micsar, a seasoned consultant with a decade of experience in IT security and data protection. Luigi discusses the intersection of privacy and cybersecurity, the challenges and benefits of being a consultant, as well as the importance of integrating multiple security frameworks like GDPR and ISO 27001. Gain insights on how to streaml
Trends with ISO 27001, NIS2, and Supplier Security | Interview with René Matthiassen
In this episode of the Secure and Simple Podcast, host Dejan Kosutic is joined by Rene Matthiassen, a senior security consultant and partner at Front Door Security. With 30 years of experience in cybersecurity frameworks, Rene discusses the importance of tailored security frameworks, particularly ISO 27001, and how they benefit companies and suppliers under NIS2 scope. They delve into Ren
How to Become a Successful Consultant | Interview with Carlos Cruz
In this episode of Secure and Simple Podcast, host Dejan Kosutic interviews Carlos Cruz, founder of Metanoia and ISO 9001 & ISO 14001 expert at Advisera. Carlos shares his journey in the consulting business, starting from the 1990s, and provides valuable insights on the do's and don'ts of building a successful consulting career. Learn how Carlos used writing, training, and strategic c
Recommended
10 to Life
1128 MINISTRY
11 O'Clock Comics Podcast
123 GO! Food
1-2-3 Learn Spanish with Me!
128 Civics Questions for U.S. Citizenship Test
12 Hour Sound Machines for Sleep (no loops or fades)
#12minconvos
12 Minute Meditation
12 Rules for Life: An Antidote to Chaos by Jordan B. Peterson, Book Summary, Podcast, English
1440 Explores
1490 Doom - Lore Series Podcast
