Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance

Episodi

• ISO 27001 Certification: What Will the Auditor Look For? | Interview with Aron Lange 02.06.2026 37min

  In this Secure & Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Aron Lange, founder of GRC Lab and an ISO 27001 certification auditor, about what auditors look for in certification audits. Aron highlights common nonconformities and explains how auditors gather objective evidence through interviews, document review, and observation, emphasizing execution over paperwork. The conversation also covers auditor interpretation, challenging unsupported findings, risk-based control auditing, management-system vs security-posture certification, continual improvement, and the difference between nonconformities and opportunities for improvement.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Aron Lange (01:09) - Top Nonconformities in Audits (04:20) - How Auditors Gather Evidence (11:55) - The Limits of Tools Based on SOC 2 (14:05) - Challenging Auditor Interpretations (16:48) - Disputing Nonconformities (19:38) - Problem with Generic Controls (23:07) - Certifying Management System (27:02) - Nonconformity vs Improvement (29:58) - Auditing vs Consulting (32:24) - Auditor Mindset and Trust (35:03) - Prep Tips and Wrap Up (36:30) - Resources for Consultants and CISOs
• Anthropic’s Mythos and the Future of Vulnerability Management | Interview with Thom Langford 19.05.2026 41min

  In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO at Advisera) speaks with Thom Langford, CTO for the EMEA region at Rapid7, about Anthropic’s new AI model “Mythos” and its impact on cybersecurity. Langford argues that the fundamentals remain the same - discover, risk-contextualize, and patch - but the speed, scale, and volume of findings will surge, exposing immature vulnerability and patch-management programs. They explore continuous vulnerability monitoring tied to the SDLC, potential increases in breaches for less-prepared organizations, governance and arms-race concerns, changes to CISO scrutiny and responsibilities (including AI governance), impacts on budgets, and resilience as a differentiator.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Thom Langford (01:01) - Mythos Hype or Reality? (04:42) - Speed Scale and Patch Basics (06:48) - Maturity Gap and Risk Context (10:16) - Continuous Exposure Management (12:19) - Unprepared Firms and Breach Risk (14:43) - Release Governance and Arms Race (18:29) - CISO Role Under Scrutiny (27:36) - Strategy, Budgets, and Resilience (33:49) - Industry Shifts and Human Loop (38:08) - CISO Prep Recommendations (40:04) - Resources for CISOs and Consultants
• What CISOs Must Do Now About Quantum? | Interview with Andrew Gault 05.05.2026 43min

  In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Andrew Gault (CEO of ZeroTier) about how quantum computing could impact cybersecurity, especially encryption and identity. They explain key terms like post-quantum cryptography (PQC), Q-Day, cryptographically relevant quantum computers, and main threats, “harvest now, decrypt later” and “trust now, forge later.” Andrew outlines shifting timelines, citing U.S. CNSA 2.0 requiring quantum-resistant cryptography for new acquisitions after Jan 1, 2027, and broader conversion targets around 2029–2030, plus EU guidance aiming for critical sectors to be quantum resistant by ~2030 and others by 2035. They note PQC algorithms are standardized (e.g., NIST FIPS 203, ML-KEM), but the challenge is operational: inventory systems (“quantum bill of materials”), prioritize crown jewels, engage vendors, budget, and manage upgrades or mitigations for legacy systems, potentially using overlay networks.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Andrew Gault (01:14) - Why Quantum Matters (04:05) - Quantum Terms Explained (06:05) - When Q Day Hits (07:00) - Deadlines and Industry Shifts (11:34) - NIST Approved Algorithms (14:35) - New Threat Models (16:34) - Why Companies Delay (20:30) - Quantum Bill of Materials (23:08) - Executive Priorities (28:49) - Vendor Roadmaps (30:31) - Customer Messaging Strategy (34:02) - CISO Role and Influence (35:37) - Modernization Opportunity (38:59) - Consulting Market Opportunity (40:47) - Action Plan and Wrap Up (42:23) - Resources for Consultants and CISOs
• Continual Improvement, Nonconformities, and Corrective Actions | Interview with Carlos Cruz 21.04.2026 56min

  In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Carlos Cruz, founder of Metanoia and an ISO 9001/ISO 14001 expert, about continual improvement in ISO standards and how the concepts apply to cybersecurity. They explain continual improvement through the PDCA cycle, using data and Pareto analysis to focus on key issues, then performing root cause analysis with tools like the fishbone (Ishikawa) diagram and the 5 Whys to avoid stopping at “human error.” They define nonconformities, clarify the difference between corrections (e.g., restoring operations) and corrective actions (i.e., removing root causes to prevent recurrence), and discuss when root cause analysis is warranted, including high-impact or recurring cybersecurity incidents. They also cover documenting and tracking nonconformities via approaches like ticketing systems, consultant do’s and don’ts, and practical ways to motivate management by translating issues into business impact.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on continual improvement (01:27) - PDCA and Continual Improvement (05:52) - Improvement Beyond Problems (08:22) - Nonconformities Explained (11:47) - When to Do Root Cause Analysis (15:19) - Pareto and Fishbone Methods (17:39) - Using the Five Whys Method (21:27) - Building Root Cause Culture (25:00) - Who Reports Nonconformities (29:27) - Corrections vs Corrective Actions (34:25) - Documenting Without Bureaucracy (40:32) - Consultants Do and Don'ts (47:02) - Selling Improvement to Management (50:00) - Top Tips for Continual Improvement (54:39) - Resources for Consultants and Security Officers
• Cyber Ranges, Attack Simulations & AI: Proving Cyber Readiness | Interview with Lee Rossey 07.04.2026 47min

  In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) speaks with Lee Rossey, CTO and co-founder of SimSpace, about why much cybersecurity training is becoming outdated as AI accelerates both threats and defensive stacks. Rossey explains “train like you fight” through realistic, hands-on, team-based cyber range exercises that emulate an organization’s environment, tools, background traffic, and real attack scenarios such as ransomware and lateral movement. They discuss how cyber ranges complement tabletop exercises, what must be most realistic (security tools, attacks, and traffic), who should participate (SOC, IT, business owners, and leadership), and what typically breaks first under pressure. The conversation covers metrics like time to detect/respond/recover, ROI, and tool rationalization, evolving ranges for cloud/OT and AI, and the need to validate and govern AI-infused security tools with trust and oversight.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Lee Rossey (01:18) - Why Training Is Outdated (04:56) - What Is a Cyber Range (07:53) - Building Realistic Attacks (12:40) - Leadership Value and ROI (15:49) - Who Should Participate (19:53) - Senior Leaders in the Hot Seat (23:41) - Lessons From Debriefs (25:04) - Ranges Evolving With AI (30:33) - Preparing For A Cyber Range (32:15) - Measuring Exercise Results & Reporting (34:43) - Turning Findings Into Change (38:33) - AI Governance And Trust (41:39) - Regulations And Standards (45:41) - Resources for Consultants and Cybersecurity Professionals
• AI Agents vs. AI Agents: The Future of Security Operations | Interview with Monzy Merza 24.03.2026 48min

  In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Monzy Merza, co-founder and CEO of Crogl, about how cybersecurity is shifting to an “agent versus agent” world where attackers task AI agents to run fast, low-cost, sophisticated campaigns without human approvals. Merza outlines core security operations activities—preparation/tooling, alert investigation, and response—and explains how AI is changing each, including AI SOC agents that automatically connect to multiple data sources, enrich alerts, run MITRE kill chain analysis, and produce investigation reports, as well as AI-driven response actions and documentation. They discuss when humans must remain in the loop for high-impact decisions, how organizations build trust through phased adoption with measurable use cases, why roles may shift from analysts to more security engineers, and governance needs like flexible integrations, model choice, and transparency in AI security tools.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining - Crogl company https://crogl.com/- 2026 State of SecOps Report https://www.crogl.com/newsroom/state-of-secops-ai (00:00) - Interview with Monzy Merza (00:58) - Agent vs Agent Threats (03:22) - Three Phases of SecOps (05:53) - AI SOC Investigation Example (08:41) - Autonomy vs Human in the Loop (12:48) - Human Only Decisions (16:43) - Building Trust and Maturity (19:07) - Future Security Roles (24:24) - AI Change Wave (27:08) - Testing AI Maturity (29:25) - Governance Framework Gap (31:15) - Policy Meets Hallucinations (34:50) - Business Alignment Example (37:14) - Governance Requirements (41:57) - SOC Roles Reshaped (47:26) - Resources for Consultants and Cybersecurity Professionals
• Zero Trust as a Mindset: Identity, Governance, and Access | Interview with Andrew Gault 10.03.2026 45min

  In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Andrew Gault (CEO of ZeroTier) about Zero Trust as a strategy and mindset rather than a single technology, shifting away from perimeter-based security to “default deny” with continuous verification. Gault outlines core layers such as identity for users and devices, policy-based scoring, encryption, and ongoing monitoring to reduce lateral movement when breaches occur. They discuss extending zero trust principles to suppliers by issuing vendor identities managed centrally, governance needs like documented access policies, change management, and least privilege, and challenges such as shared credentials and the ongoing effort to keep permissions current. The conversation also covers non-human identities for AI agents, service accounts, ownership and lifecycle management, audit expectations under SOC 2 and ISO 27001, vendor lock-in tradeoffs, and using inventories and exception reduction as practical KPIs.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview Andrew Gault (00:47) - Strategy Not Perimeter (02:40) - Core Layers Explained (03:53) - Vendors And Suppliers (07:37) - Risks Reduced And Limits (12:24) - Non-Human Identities (16:04) - Managing Machine Accounts (18:34) - Governance And Policies (23:35) - Who Owns Zero Trust (25:40) - Building Security Culture (27:20) - Measuring Zero Trust Impact (30:08) - Compliance vs Real Security (34:35) - Avoiding Vendor Lock In (38:33) - KPIs and Legacy Exceptions (44:25) - Resources for Consultants and Cybersecurity Professionals
• Responding to Ransomware Attack [Case Study] | Interview with Yannick Hirt 24.02.2026 42min

  Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the attacker threatened data release. Key lessons include tested backups, detection and provider SLAs, privileged access controls, BIA/process mapping, strong documentation and forensics, communications, insurance coordination, and regular training.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Yannick Hirt (00:54) - How the Attack Started: Cloud Transformation, Gaps, and a Phishing Entry Point (04:06) - Day Zero Response: Disconnecting Systems and Standing Up the War Room (07:54) - Early Critical Decisions: Recovery Streams, Stakeholders, Police & Insurance (09:08) - Restore vs Rebuild: Mapping Critical Apps and Validating Backups (11:11) - Talking to the Attackers: “Service Desk” Negotiations and Typical Ransom Size (14:09) - To Pay or Not to Pay: Strategy, Data-Leak Risk, and Criminal “Reliability” (16:12) - Recovery Timeline & Aftermath: Dark Web Leak, Employee Calls, and Government Response (21:20) - Who Decides the Recovery Order? IT + Business Alignment (23:47) - PR in the War Room: Internal Updates, Guidelines & External Liaison (25:06) - Senior Management’s Real Job During Recovery (27:38) - Working With Cyber Insurance: Support Now, Paperwork Later (30:37) - Forensic Report Deep Dive: Entry Point, Lateral Movement, and Tradeoffs (32:25) - Consultants in a Ransomware Crisis: Networks, Pragmatism, and Calm (41:30) - Resources for Consultants and Cybersecurity Professionals
• What Should the Board Ask the CISO? | Interview with Clar Rosso 10.02.2026 37min

  In this episode, Dejan Kosutic talks with Clar Rosso, CEO of Rosso Strategic Advisors, board member of Excelsior University, and the former CEO of ISC2, about the evolving role of boards for cybersecurity. They discuss the increasing importance of cyber governance, the impact of AI, the concept of digital resilience, and the interaction between cybersecurity professionals and boards of directors. Claire shares her insights on how to better integrate cybersecurity into business operations and enhance board members' understanding. Tune in to learn how a strong cyber posture can help businesses achieve their strategic goals and mitigate risks.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Clar Rosso (00:21) - Introducing Today's Guest: Clar Rosso (01:18) - Cybersecurity as a Business Issue (03:54) - Board Members' Role in Cybersecurity (05:19) - Cyber Resilience vs. Cyber Defense (07:59) - Cybersecurity's Role in Business Growth (09:13) - Effective Communication with the Board (19:56) - Compliance and Risk Management (25:00) - The Future of Cybersecurity Audits (31:19) - Board's Role During a Cyber Breach (35:44) - Resources for Consultants and Cybersecurity Professionals
• The Crucial Role of Management Review in Cybersecurity Governance | Interview with Carlos Cruz 27.01.2026 56min

  In this special first-year anniversary episode of the Secure and Simple Podcast, host Dejan Kosutic from Advisera welcomes back Carlos Cruz, founder of Metanoia Consulting and ISO expert. They deep-dive into best practices for conducting effective management reviews, covering not just ISO 9001 and ISO 14001 but also ISO 27001 and other cybersecurity frameworks. The discussion highlights the importance of top management’s involvement, the process of converting raw data into actionable insights, and setting future objectives. Ideal for consultants, CISOs, and cybersecurity professionals aiming to enhance their governance and compliance strategies.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on management review (00:21) - Guest Introduction: Carlos Cruz (01:46) - Understanding Management Reviews (07:34) - Effective Management Review Practices (12:34) - Management Review Process (23:35) - Frequency and Importance of Management Reviews (28:40) - Setting and Reviewing Objectives (33:05) - Auditing and Performance (37:50) - Common Pitfalls in Management Reviews (41:25) - Consultant's Role in Management Reviews (49:28) - Integrated Management Systems (55:04) - Resources for Consultants
• Resolving a Conflict Between IT and Cybersecurity | Interview with Jared Leuschen 13.01.2026 41min

  In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, discusses the ongoing conflict between IT operations and cybersecurity governance with Jared Leuschen, CEO and Founder of Blue Tree. They delve into the human component behind security and compliance issues, misalignment and communication gaps within organizations, and practical solutions for aligning IT and cybersecurity efforts. The discussion also covers the importance of risk management, the role of consultants, and effective communication strategies between IT and cybersecurity teams. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jared Leuschen (01:12) - The IT and Cybersecurity Conflict (03:21) - Finding Alignment Through Communication (06:05) - Proactive IT Involvement in Cybersecurity (15:19) - Time Management and Leadership in IT (17:38) - The Role of Consultants in Cybersecurity (23:46) - Vendor Management and Supply Chain Security (30:33) - Aligning IT and Security with Business Goals (40:17) - Resources for Consultants
• Penetration Testing & Threat Intelligence: Enhancing Cybersecurity | Interview with Sasa Jusic 30.12.2025 41min

  In this episode, host Dejan Kosutic interviews Sasa Jusic, a board member at Infigo IS and a cybersecurity expert. They delve deep into penetration testing and cyber threat intelligence, explaining their roles in enhancing cybersecurity. Learn about the differences between offensive and defensive security measures, the importance of DORA and ISO 27001 frameworks, the critical steps for preparing and executing successful penetration tests, and the elements of threat intelligence. Sasa also shares insights on the collaboration between IT and security teams, as well as the role of consultants in this evolving landscape.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Sasa Jusic (01:41) - Penetration Testing and Threat Intelligence Relationship (06:23) - DORA and Its Impact on Cybersecurity (08:22) - Types of Penetration Testing (10:33) - Preparing for a Successful Penetration Test (13:07) - Reporting and Translating Technical Findings (15:56) - Acting on Penetration Test Reports (19:52) - Understanding Threat Intelligence (22:11) - Tools for Threat Intelligence (29:01) - Common Misconceptions About Threat Intelligence (31:58) - Opportunities for Cybersecurity Consultants (36:42) - Key Recommendations for Security Officers (40:13) - Resources for Consultants
• Simplifying ISO Standards: Insights and Best Practices | Interview with Jim Moran 16.12.2025 58min

  In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Jim Moran, founder of SimplifyISO, to discuss the importance and methods of simplifying ISO management systems. Jim, with over 30 years of consulting experience, shares valuable insights on how overly complex management systems can hinder employee understanding and implementation, leading to higher costs and minimal return on investment. Key topics covered include the benefits of simplification, principles for effective ISO implementation, and the use of visuals and flowcharts. The episode also explores how consultants can leverage simplification to build stronger relationships with clients and scale their consulting businesses efficiently. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jim Moran (01:20) - The Importance of Simplifying ISO Implementation (03:34) - Key Concepts in ISO Simplification (08:47) - Using Visuals and Flowcharts for ISO Processes (11:49) - Simplifying Documentation and Internal Audits (24:18) - Visual Aids and Risk Assessment in ISO (31:42) - Microlearning for Cybersecurity Awareness (36:26) - Automating Document Control in ISO Standards (38:51) - Balancing Complexity and Simplicity in Software Tools (47:26) - Simplification Strategies for Consultants (56:40) - Resources for Consultants
• Mastering Internal Audits for ISO Standards | Interview with Carlos Cruz 02.12.2025 1h 5min

  In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO at Advisera, welcomes Carlos Cruz, founder of Metanoia Consulting and a seasoned expert in ISO standards. Carlos and Dejan share best practices for performing internal audits across various ISO standards, including ISO 27001, and other cybersecurity frameworks such as NIS2 and DORA. Key topics discussed include the importance of internal audits, how to prepare effective audit checklists, and the role of AI in the future of auditing. The episode also explores the differences between internal audit programs and plans, the significance of audit objectives, and offers practical advice for consultants looking to expand their services into internal auditing. Carlos provides a deep dive into ensuring compliance and effectiveness while offering practical tips on maintaining independence and delivering valuable audit reports. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on internal audits (01:38) - Importance and Best Practices for Internal Audits (04:55) - Audit Objectives and Their Importance (09:38) - Creating an Internal Audit Program (13:31) - Audit Plans and Internal Audit Checklists (27:06) - Conducting the Main Audit (30:10) - The Importance of Evidence in Auditing (36:43) - Preparing the Audit Report (42:13) - Consultants and Internal Audits (49:29) - Remote Auditing: Challenges and Opportunities (57:17) - AI in Internal Auditing (01:04:34) - Resources for Consultants
• Exploring Cyber Warfare: Risks, Strategies, and Solutions | Interview with Steve Winterfeld 18.11.2025 53min

  In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Steve Winterfeld, a seasoned security consultant, fractional CISO, and author of the book 'Cyber Warfare Techniques, Tactics, and Tools for Security Practitioners.' The discussion revolves around the relevance of cyber warfare for companies, the different types of cyber threats, and strategic ways to address them. Steve shares insights on cyber warfare's impact on various sectors, from espionage and sabotage to operational tactics. He emphasizes the importance of risk assessment, the utility of frameworks like the MITRE ATT&CK framework, and approaches to security hygiene. The conversation provides a comprehensive look at how businesses can enhance their cybersecurity measures to safeguard against advanced threats.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Steve Winterfeld (01:10) - Understanding Cyber Warfare (05:41) - Impact on Commercial Sector (13:01) - Strategic, Operational, and Tactical Perspectives (17:27) - Risk Management and Mitigation (25:48) - Securing Supply Chains and Crisis Management (30:36) - Validation Exercises and Technical Debt (34:47) - Cybersecurity for Smaller Companies (36:49) - Consulting Opportunities in Cybersecurity (51:41) - Resources for Consultants
• Bridging the Cybersecurity Gap: From Tech Rooms to Boardrooms | Interview with Paul C Dwyer 04.11.2025 50min

  In this episode of the Secure and Simple Podcast, Dejan Kosutic, CEO of Advisera, interviews Paul C Dwyer, founder and CEO of Cyber Risk International and president of the ICTTF. They discuss digital resilience from a business and strategic standpoint, the role of company boards in cybersecurity, and how to effectively bridge the communication gap between technical experts and business leaders. Paul shares insights from his extensive 30-year career across military, law enforcement, and business sectors, emphasizing the importance of aligning cybersecurity and business strategies, understanding the core business, and enhancing communication skills among cybersecurity professionals to engage effectively with board members. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview Paul C Dwyer (01:55) - Communication Gaps in Cybersecurity (03:00) - Importance of Leadership in Cybersecurity (07:17) - Building Trust and Rapport (09:47) - Soft Skills and People Skills (18:09) - Connecting Cybersecurity with Business Strategy (23:58) - Understanding Resilience and Cybersecurity (28:07) - Disaster Recovery and Business Continuity (33:05) - Integrating Cyber Risk into Enterprise Risk Management (39:21) - Supply Chain Security and Resilience (44:58) - Effective Communication with the Board (49:38) - Resources for Consultants
• Mastering Integrated ISO Management Systems | Interview with Jim Moran 21.10.2025 48min

  In this episode of Secure and Simple Podcast, hosted by Dejan Kosutic, we are joined by Jim Moran, founder of Simplify ISO and member of the ISO Committee 280. With over 30 years of experience in consulting and various ISO standards, Jim shares his insights on the High-level Structure (HLS) of ISO management standards and the integration of various ISO standards into a cohesive management system. This episode covers strategies for merging ISO 9001, ISO 27001, and other standards, the benefits of HLS for integrated management systems, the importance of executive involvement, and recent updates to ISO 9001. Ideal for consultants, CISOs, and cybersecurity professionals, this episode provides practical tips and expertise on effectively implementing integrated management systems.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jim Moran (01:49) - Understanding High-Level Structure (HLS) (11:30) - The Role of Annexes in ISO Standards (15:22) - Integrated Management Systems in Practice (22:38) - Documenting Integrated Management Systems (27:07) - Integrating Management Reviews (35:42) - Starting with One Standard vs. Multiple Standards (39:12) - Changes in ISO 9001 and Other Standards (43:17) - Future Trends: AI and Cybersecurity
• Volunteer Work in Cybersecurity Nonprofits | Interview with Aruneesh Salhotra 07.10.2025 36min

  Join Dejan Kosutic, CEO of Advisera, on the Secure and Simple Podcast as he delves into the importance of cybersecurity NGOs with expert guest Aruneesh Salhotra. Explore the impact of organizations like OWASP and the Eclipse Foundation on global cybersecurity standards, the benefits of volunteering in these NGOs, and the influence of these nonprofits on government policies. Learn about Aruneesh’s involvement with projects like OWASP AI Exchange and AI BOM, and gain insights on how consultants and CISOs can leverage these organizations for professional growth and thought leadership. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Aruneesh Salhotra (02:42) - Differences Between Cybersecurity NGOs (04:55) - Governance-Oriented Cybersecurity NGOs (06:19) - Educational Initiatives in Cybersecurity (06:54) - OWASP AI Exchange and Its Impact (13:51) - Volunteering in Cybersecurity NGOs (25:45) - Aruneesh's Involvement in OWASP Projects (34:43) - Resources for Consultants
• Building a Business-Aligned Cybersecurity Strategy | Interview with Thom Langford 23.09.2025 53min

  In this episode, Dejan Kosutic, CEO at Advisera, chats with Thom Langford, CTO of the EMEA region at Rapid7 and a director at (TL)2 Security. Thom shares invaluable insights from his 30-year career in cybersecurity, focusing on creating a business-aligned cybersecurity strategy and building a cybersecurity culture. Learn why understanding your business is crucial for effective cybersecurity, how to integrate security without hindering business operations, and ways to leverage cybersecurity as a competitive advantage. Thom also discusses the importance of risk management and how to effectively communicate cybersecurity needs to senior leadership. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Thom Langford (01:18) - Understanding Cybersecurity Strategy (04:00) - Implementing Effective Cybersecurity Measures (08:56) - Risk Management in Cybersecurity (17:02) - Cybersecurity as a Competitive Advantage (28:31) - Security Professionals' Role in Business (30:13) - People-Centered Security (33:58) - Effective Training Strategies (37:49) - Creating a Security Culture (42:01) - The Power of Storytelling and Humor (51:53) - Resources for Consultants
• Demystifying Corporate Governance With ISO 37000 | Interview with George Kesteven 09.09.2025 43min

  In this episode of the Secure and Simple podcast, host Dejan Kosutic interviews George Kesteven, CEO of Frontex, who shares his experience in corporate governance. They discuss the critical importance of proper documentation and knowledge management in organizations for effective governance and compliance. The conversation covers the fundamentals of ISO 37000, how it helps organizations meet their governance objectives, and the distinctions between governance and management. They also explore how consultants can leverage ISO 37000 to assist organizations in achieving well-defined and structured governance systems. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with George Kesteven (01:14) - The Importance of Governance and Compliance (04:05) - Corporate Governance Management Systems Explained (07:18) - ISO 37000: Principles and Applications (14:26) - Governance vs. Management (18:21) - Consultants' Role in Governance (22:41) - The Value of Proper Documentation (32:00) - ISO 37000: Starting Points for Consultants (36:18) - Measuring Governance with ISO 37004 (38:44) - ESG and Corporate Governance (42:13) - Resources for Consultants