Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/87/0f/75/870f7548-48c8-4c94-3aeb-121ad269486a/mza_11818424611668538939.jpg/600x600bb.jpg

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Dejan Kosutic

24 episodes

2 weeks ago

“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

Show more...

All content for Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance is the property of Dejan Kosutic and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

Show more...

Episodes (20/24)

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Simplifying ISO Standards: Insights and Best Practices | Interview with Jim Moran

In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Jim Moran, founder of SimplifyISO, to discuss the importance and methods of simplifying ISO management systems. Jim, with over 30 years of consulting experience, shares valuable insights on how overly complex management systems can hinder employee understanding and implementation, leading to higher costs and minimal return on investment. Key topics covered include the benefits of simplification, principles for effective ISO implementation, and the use of visuals and flowcharts. The episode also explores how consultants can leverage simplification to build stronger relationships with clients and scale their consulting businesses efficiently.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Jim Moran
(01:20) - The Importance of Simplifying ISO Implementation
(03:34) - Key Concepts in ISO Simplification
(08:47) - Using Visuals and Flowcharts for ISO Processes
(11:49) - Simplifying Documentation and Internal Audits
(24:18) - Visual Aids and Risk Assessment in ISO
(31:42) - Microlearning for Cybersecurity Awareness
(36:26) - Automating Document Control in ISO Standards
(38:51) - Balancing Complexity and Simplicity in Software Tools
(47:26) - Simplification Strategies for Consultants
(56:40) - Resources for Consultants

2 weeks ago

58 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Mastering Internal Audits for ISO Standards | Interview with Carlos Cruz

In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO at Advisera, welcomes Carlos Cruz, founder of Metanoia Consulting and a seasoned expert in ISO standards. Carlos and Dejan share best practices for performing internal audits across various ISO standards, including ISO 27001, and other cybersecurity frameworks such as NIS2 and DORA. Key topics discussed include the importance of internal audits, how to prepare effective audit checklists, and the role of AI in the future of auditing. The episode also explores the differences between internal audit programs and plans, the significance of audit objectives, and offers practical advice for consultants looking to expand their services into internal auditing. Carlos provides a deep dive into ensuring compliance and effectiveness while offering practical tips on maintaining independence and delivering valuable audit reports.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Carlos Cruz on internal audits
(01:38) - Importance and Best Practices for Internal Audits
(04:55) - Audit Objectives and Their Importance
(09:38) - Creating an Internal Audit Program
(13:31) - Audit Plans and Internal Audit Checklists
(27:06) - Conducting the Main Audit
(30:10) - The Importance of Evidence in Auditing
(36:43) - Preparing the Audit Report
(42:13) - Consultants and Internal Audits
(49:29) - Remote Auditing: Challenges and Opportunities
(57:17) - AI in Internal Auditing
(01:04:34) - Resources for Consultants

4 weeks ago

1 hour 5 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Exploring Cyber Warfare: Risks, Strategies, and Solutions | Interview with Steve Winterfeld

In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Steve Winterfeld, a seasoned security consultant, fractional CISO, and author of the book 'Cyber Warfare Techniques, Tactics, and Tools for Security Practitioners.' The discussion revolves around the relevance of cyber warfare for companies, the different types of cyber threats, and strategic ways to address them. Steve shares insights on cyber warfare's impact on various sectors, from espionage and sabotage to operational tactics. He emphasizes the importance of risk assessment, the utility of frameworks like the MITRE ATT&CK framework, and approaches to security hygiene. The conversation provides a comprehensive look at how businesses can enhance their cybersecurity measures to safeguard against advanced threats.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Steve Winterfeld
(01:10) - Understanding Cyber Warfare
(05:41) - Impact on Commercial Sector
(13:01) - Strategic, Operational, and Tactical Perspectives
(17:27) - Risk Management and Mitigation
(25:48) - Securing Supply Chains and Crisis Management
(30:36) - Validation Exercises and Technical Debt
(34:47) - Cybersecurity for Smaller Companies
(36:49) - Consulting Opportunities in Cybersecurity
(51:41) - Resources for Consultants

1 month ago

53 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Bridging the Cybersecurity Gap: From Tech Rooms to Boardrooms | Interview with Paul C Dwyer

In this episode of the Secure and Simple Podcast, Dejan Kosutic, CEO of Advisera, interviews Paul C Dwyer, founder and CEO of Cyber Risk International and president of the ICTTF. They discuss digital resilience from a business and strategic standpoint, the role of company boards in cybersecurity, and how to effectively bridge the communication gap between technical experts and business leaders. Paul shares insights from his extensive 30-year career across military, law enforcement, and business sectors, emphasizing the importance of aligning cybersecurity and business strategies, understanding the core business, and enhancing communication skills among cybersecurity professionals to engage effectively with board members.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview Paul C Dwyer
(01:55) - Communication Gaps in Cybersecurity
(03:00) - Importance of Leadership in Cybersecurity
(07:17) - Building Trust and Rapport
(09:47) - Soft Skills and People Skills
(18:09) - Connecting Cybersecurity with Business Strategy
(23:58) - Understanding Resilience and Cybersecurity
(28:07) - Disaster Recovery and Business Continuity
(33:05) - Integrating Cyber Risk into Enterprise Risk Management
(39:21) - Supply Chain Security and Resilience
(44:58) - Effective Communication with the Board
(49:38) - Resources for Consultants

1 month ago

50 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Mastering Integrated ISO Management Systems | Interview with Jim Moran

In this episode of Secure and Simple Podcast, hosted by Dejan Kosutic, we are joined by Jim Moran, founder of Simplify ISO and member of the ISO Committee 280. With over 30 years of experience in consulting and various ISO standards, Jim shares his insights on the High-level Structure (HLS) of ISO management standards and the integration of various ISO standards into a cohesive management system. This episode covers strategies for merging ISO 9001, ISO 27001, and other standards, the benefits of HLS for integrated management systems, the importance of executive involvement, and recent updates to ISO 9001. Ideal for consultants, CISOs, and cybersecurity professionals, this episode provides practical tips and expertise on effectively implementing integrated management systems.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Jim Moran
(01:49) - Understanding High-Level Structure (HLS)
(11:30) - The Role of Annexes in ISO Standards
(15:22) - Integrated Management Systems in Practice
(22:38) - Documenting Integrated Management Systems
(27:07) - Integrating Management Reviews
(35:42) - Starting with One Standard vs. Multiple Standards
(39:12) - Changes in ISO 9001 and Other Standards
(43:17) - Future Trends: AI and Cybersecurity

2 months ago

48 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Volunteer Work in Cybersecurity Nonprofits | Interview with Aruneesh Salhotra

Join Dejan Kosutic, CEO of Advisera, on the Secure and Simple Podcast as he delves into the importance of cybersecurity NGOs with expert guest Aruneesh Salhotra. Explore the impact of organizations like OWASP and the Eclipse Foundation on global cybersecurity standards, the benefits of volunteering in these NGOs, and the influence of these nonprofits on government policies. Learn about Aruneesh’s involvement with projects like OWASP AI Exchange and AI BOM, and gain insights on how consultants and CISOs can leverage these organizations for professional growth and thought leadership.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Aruneesh Salhotra
(02:42) - Differences Between Cybersecurity NGOs
(04:55) - Governance-Oriented Cybersecurity NGOs
(06:19) - Educational Initiatives in Cybersecurity
(06:54) - OWASP AI Exchange and Its Impact
(13:51) - Volunteering in Cybersecurity NGOs
(25:45) - Aruneesh's Involvement in OWASP Projects
(34:43) - Resources for Consultants

2 months ago

36 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Building a Business-Aligned Cybersecurity Strategy | Interview with Thom Langford

In this episode, Dejan Kosutic, CEO at Advisera, chats with Thom Langford, CTO of the EMEA region at Rapid7 and a director at (TL)2 Security. Thom shares invaluable insights from his 30-year career in cybersecurity, focusing on creating a business-aligned cybersecurity strategy and building a cybersecurity culture. Learn why understanding your business is crucial for effective cybersecurity, how to integrate security without hindering business operations, and ways to leverage cybersecurity as a competitive advantage. Thom also discusses the importance of risk management and how to effectively communicate cybersecurity needs to senior leadership.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Thom Langford
(01:18) - Understanding Cybersecurity Strategy
(04:00) - Implementing Effective Cybersecurity Measures
(08:56) - Risk Management in Cybersecurity
(17:02) - Cybersecurity as a Competitive Advantage
(28:31) - Security Professionals' Role in Business
(30:13) - People-Centered Security
(33:58) - Effective Training Strategies
(37:49) - Creating a Security Culture
(42:01) - The Power of Storytelling and Humor
(51:53) - Resources for Consultants

3 months ago

53 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Demystifying Corporate Governance With ISO 37000 | Interview with George Kesteven

In this episode of the Secure and Simple podcast, host Dejan Kosutic interviews George Kesteven, CEO of Frontex, who shares his experience in corporate governance. They discuss the critical importance of proper documentation and knowledge management in organizations for effective governance and compliance. The conversation covers the fundamentals of ISO 37000, how it helps organizations meet their governance objectives, and the distinctions between governance and management. They also explore how consultants can leverage ISO 37000 to assist organizations in achieving well-defined and structured governance systems.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with George Kesteven
(01:14) - The Importance of Governance and Compliance
(04:05) - Corporate Governance Management Systems Explained
(07:18) - ISO 37000: Principles and Applications
(14:26) - Governance vs. Management
(18:21) - Consultants' Role in Governance
(22:41) - The Value of Proper Documentation
(32:00) - ISO 37000: Starting Points for Consultants
(36:18) - Measuring Governance with ISO 37004
(38:44) - ESG and Corporate Governance
(42:13) - Resources for Consultants

3 months ago

43 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

U.S. vs International and European Cybersecurity Standards | Interview with John Verry

In this episode, host Dejan Kosutic, CEO of Advisera, welcomes John Verry, Managing Director at CBIZ Pivot Point Security consulting company. With over 25 years of experience and managing more than a thousand clients, John shares his immense expertise in various cybersecurity frameworks, including ISO 27001, CMMC, HIPAA, and HITRUST. The discussion delves deep into the complexities and opportunities within cybersecurity governance, the nuances of different frameworks (especially ISO 27001 and HITRUST), and the impact of AI and privacy regulations. Whether you're a consultant, CISO, or cybersecurity professional, this episode has valuable insights to help you navigate the ever-evolving landscape of cybersecurity compliance.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with John Verry
(00:15) - Meet the Guest: John Verry
(01:10) - Comparing Cybersecurity Frameworks
(05:12) - The Impact of AI and Other Frameworks
(07:46) - HITRUST and Its Market
(12:00) - HIPAA vs. HITRUST
(14:45) - ISO 27001 vs. SOC 2 in the US Market
(17:27) - Working with European Clients
(24:35) - Navigating Privacy Laws in the US and Europe
(29:20) - The Role of AI in Consulting
(40:13) - Resources for Consultants

4 months ago

41 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Best Practices for Writing Policies and Procedures | Interview with Carlos Cruz

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Carlos Cruz, founder of Metanoia Consulting in Portugal. They discuss essential best practices for creating and managing policies, procedures, plans, and other documents for compliance with ISO standards and cybersecurity regulations. Carlos shares insights on the distinction between procedures and work instructions, the importance of writing clear and concise documents, and the challenges of getting employees to adopt new procedures. They also cover the importance of templates, techniques for ensuring documents reflect current practices, and strategies for addressing resistance to new documents. This episode is a must-watch for consultants, CISOs, and other cybersecurity professionals looking to streamline their documentation process.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course: https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Carlos Cruz
(01:55) - Types of Documents: Policies, Procedures, and Work Instructions
(11:51) - The Importance of Short and Focused Documents
(21:46) - Structuring Documents for Clarity and Compliance
(33:34) - Adapting Documents to Client Needs
(39:31) - The Importance of Templates for Writing Documents
(43:58) - Deciding What to Document
(45:50) - The Roles in Document Creation
(01:15:04) - Common Mistakes in Document Writing
(01:21:39) - Resources for Consultants

4 months ago

1 hour 23 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

The Journey and Insights of a Successful Fractional CISO | Interview with Terry Ziemniak

In this episode of the Secure and Simple Podcast, we sit down with Terry Ziemniak, an experienced fractional CISO with over a decade in the field. Terry shares his unique career journey from traditional cybersecurity roles to becoming a trusted fractional CISO. We discuss the key differences between full-time and fractional CISOs, how to balance multiple clients, and the importance of aligning cybersecurity with business goals. Terry also provides valuable insights on the essentials of well-written security policies, the crossover between AI governance and cybersecurity, and tips for aspiring fractional CISOs. Join us for a deep dive into the world of fractional cybersecurity leadership and learn how to navigate and succeed in this growing field.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Terry Ziemniak
(02:28) - The Value of Business Alignment in Cybersecurity
(11:20) - Understanding the Role of a Fractional CISO
(18:29) - Educating Stakeholders on Cybersecurity
(23:13) - Finding Allies in the Organization
(25:42) - Importance of Well-Written Security Policies
(29:48) - Market Opportunities for Fractional CISOs
(31:26) - Challenges and Strategies for Fractional CISOs
(38:24) - AI Governance and Cybersecurity
(45:05) - Future of the CISO Role
(48:34) - Resources for Consultants

5 months ago

49 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

ISO-as-a-Service and AI: Innovation in Consultancy | Interview with Alexander Jaber

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Alexander Jaber, CEO of Compliant Business Solutions GmbH, a consulting company from Germany. They discuss ISO 27001 as a service, an innovative approach that combines consulting, policy writing, software, and certification into a cohesive package. Alexander shares insights on the consulting business, the importance of building client trust, the impact of AI on consultancy, and the future of compliance. Tune in to learn about the challenges and advantages of this unique service model and how AI could transform the industry.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Alexander Jaber
(05:01) - ISO 27001 as a Service Explained
(12:57) - Customer Collaboration and Trust
(19:26) - Importance of Using Software
(20:39) - Service Relevance for Different Company Sizes
(22:16) - Pricing Model
(25:51) - Impact of AI on Compliance
(29:23) - Future of Consultants in an AI-Driven World
(34:17) - AI Agents in Compliance
(39:39) - Resources for Consultants

5 months ago

41 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Role of EU Cybersecurity Bodies and How to Cooperate With Them | Interview with Brian Honan

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Brian Honan, the CEO of BH Consulting, to discuss the evolving landscape of cybersecurity and its governance, particularly in the EU. Brian shares insights on the role of European cybersecurity bodies like ENISA and the importance of cybersecurity in business operations. The discussion covers how to effectively communicate cybersecurity concerns to non-technical stakeholders, tips for building a successful consultancy, and the potential impact of new regulations like NIS2 and DORA on the industry. Learn about the resources and tools available for consultants on the ENISA website and how collaboration with national and EU bodies can enhance cybersecurity efforts.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Brian Honan
(05:21) - European Cybersecurity Organizations and Their Roles
(12:49) - Consulting and EU Cybersecurity Resources
(18:11) - Engaging with National and EU Cybersecurity Bodies
(25:38) - The Role of Cyber Ireland
(27:54) - Government Grants and Support
(29:50) - Consultant's Role in Government Policy
(31:40) - Translating Cybersecurity for Businesses
(37:15) - Competitive Advantage Through Cybersecurity
(43:52) - Opportunities in Cybersecurity Regulations
(51:04) - Resources for Consultants

6 months ago

52 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Coaching as a Service for Human-Centric Cybersecurity | Interview with Dominic Vogel

In this episode of the Secure and Simple Podcast, host Dejan Kosutic sits down with Dominic "Dom" Vogel, president of Vogel Cyber Leadership and Coaching. Dom shares his unique journey from traditional cybersecurity consulting to a more human-focused coaching approach. He emphasizes the importance of building strong, empathetic relationships within tech teams and improving internal branding. Dom also discusses the value of integrating cybersecurity strategies with business goals and how a human-centric methodology can lead to more meaningful and sustainable change in organizations. With insights into his coaching methods and client success stories, this episode provides actionable advice for cybersecurity professionals, IT leaders, and consultants looking to enhance their leadership and coaching skills.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Dominic Vogel
(02:40) - Human-Centric Approach to Cybersecurity Coaching
(04:25) - Coaching Success Stories
(14:55) - The Importance of Internal Branding
(19:46) - Cybersecurity Leadership in Small Organizations
(24:08) - Aligning Cybersecurity with Business Goals
(29:33) - Building Sustainable Client Relationships
(31:26) - Value-Based Pricing in Consulting
(34:47) - The Importance of Saying No
(37:20) - Opportunities in Small and Mid-Sized Businesses
(40:13) - Leveraging Speaking Engagements for Leads
(43:23) - The Role of AI in Consulting
(47:31) - Resources for Consultants

6 months ago

48 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Next-level Consulting: Marketing & AI Governance Opportunities | Interview with Tudor Galos

In this episode of the Secure and Simple Podcast, we delve into the secrets of becoming a subject matter expert and thriving as a consultant. Our special guest, Tudor Galos, shares his transition from a marketing role at Microsoft to establishing his AI and GDPR consultancy. We explore the power of providing valuable content, maintaining positive client experiences, and navigating the growing field of AI governance. Packed with insights on marketing strategies, building trust, and dominating your niche, this episode is a must-watch for cybersecurity (and other) consultants.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Tudor Galos
(01:11) - Transition from Corporate to Entrepreneurship
(03:40) - Offering Free Consultations to Build a Brand
(07:48) - Focusing on Small and Medium-Sized Clients
(12:20) - Building Trust and Securing Clients
(20:45) - The Importance of Specialization
(24:37) - Expanding into AI Governance
(35:05) - Pricing Strategies for Consultants
(37:45) - The Future of Consulting in the AI Era
(42:23) - Advice for Aspiring Consultants
(44:42) - Resources for Consultants

7 months ago

46 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

How to Scale Cybersecurity Consultancy | Interview with Bevan Lane

In this episode of the Secure and Simple Podcast, host Dejan Kosutic speaks with Bevan Lane, CEO of InfoSec Advisory Group. Bevan shares his journey from starting as an independent contractor to building a successful cybersecurity consultancy with offices in South Africa and London, and clients across five continents. Learn about his approach to scaling the business, including hiring passionate young talent, leveraging automation, and adapting to industry changes. Bevan also discusses the importance of balancing work and family life and provides valuable advice for aspiring consultants. Stay tuned for insights on the future of cybersecurity consulting and more.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Bevan Lane
(03:11) - Hiring and Training the Right People
(06:26) - Mentorship and Structured Training
(09:34) - Challenges of Retaining Talent
(10:55) - CEO's Role and Company Growth Strategy
(14:22) - Impact of AI on Consulting and Auditing
(17:49) - Finding and Partnering with Clients
(22:45) - Leveraging LinkedIn for Business Growth
(27:02) - Challenges in Consultancy
(30:29) - Balancing Work and Personal Life
(35:23) - Future of Consulting and Auditing
(40:27) - Advice for Aspiring Consultants
(42:54) - Resources for Consultants

7 months ago

44 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Unlocking Business Value From NIS2: The Consultant’s Role | Interview with Philippe Cornette

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Philippe Cornette, an interim CISO and founding partner at DigiSôter consultancy, to discuss the challenges and opportunities in cybersecurity consulting. They delve into the importance of aligning cybersecurity projects with business value, the evolving nature of cybersecurity frameworks like NIS2, and the critical skills consultants need to succeed. Philippe shares his journey from working as an employee for over two decades to becoming a consultant and offers valuable insights into how consultants can make a significant impact in this ever-changing field.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Philippe Cornette
(03:33) - The Role of a Chief Troubleshoot Officer
(05:15) - Understanding NIS2 Directive
(09:35) - Aligning Business with Cybersecurity
(13:38) - The Importance of Business Risk Analysis
(15:44) - Challenges in IT and OT Convergence
(17:02) - Consultant's Role in Cybersecurity Projects
(26:41) - Expertise and Change Management in Cybersecurity
(29:22) - Navigating EU Regulations
(33:04) - Consulting Opportunities in Cybersecurity
(36:05) - The Future of Consulting with AI
(41:40) - CISO as a Service Explained
(47:35) - Competing in the Consulting Market
(56:23) - Resources for Consultants

7 months ago

57 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Understanding the EU Electronic Evidence Package | Interview with Cristos Velasco

In this episode of the Secure and Simple Podcast, host Dejan Kosutic welcomes Cristos Velasco, an independent consultant and associate professor specializing in cyber law, cybercrime, cybersecurity, and AI. They discuss the new EU electronic evidence package published in August 2023 and its enforcement in 2026, diving into the regulation, the directive, and its implications for law enforcement and service providers. Cristos shares his journey into consultancy, the significance of electronic evidence and digital forensics, and the challenges presented by rapidly changing technologies and legislation. They also explore the benefits for companies preparing for these new regulations and offer advice for aspiring consultants in the cybersecurity field.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Cristos Velasco
(01:05) - Cristos Velasco's Career Journey
(03:10) - Understanding Electronic Evidence
(06:11) - Challenges in Preserving Blockchain Evidence
(09:01) - Upcoming EU Electronic Evidence Package
(11:55) - Preparing for the New EU Package
(18:48) - Digital Forensics vs. Electronic Evidence
(20:57) - Freezing Digital Evidence: Importance and Challenges
(22:35) - Legal Complexities in Data Retention and Preservation
(24:35) - Technical and Organizational Aspects of Evidence Preservation
(31:51) - Chain of Custody in Digital Evidence
(38:40) - Consulting and Training in Cybersecurity
(45:02) - Resources for Consultants

8 months ago

46 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Leveraging Online Courses for Consulting Success | Interview with Richea Perry

In this episode of the Secure and Simple Podcast, host Dejan Kosutic welcomes independent cybersecurity consultant and Cyber JA podcast host, Richea Perry. Richea shares his journey from facing job loss during COVID-19 to becoming a successful consultant by leveraging online courses on platforms like Udemy. He discusses the importance of building a personal brand, creating valuable content, and how networking on LinkedIn and other platforms can lead to consulting opportunities. Richea also provides insights into the use of AI in course creation, effective communication skills, and the future of online education in cybersecurity. Tune in to learn best practices for building a portfolio of online courses and using them to support your consulting practice.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Richea Perry
(01:10) - Journey to Becoming a Consultant
(04:15) - Transition from Technical to Consulting
(06:25) - Starting with Udemy Courses
(10:43) - Developing Course Content
(20:18) - Using AI in Course Creation
(23:24) - Recording Courses Efficiently
(26:25) - Editing Tools
(28:13) - Promoting Your Courses
(31:50) - Monetizing and Business Model
(34:40) - Choosing the Right Platform
(36:35) - Future of Online Training and AI
(41:04) - Essential Skills for Consultants
(45:22) - Final Recommendations
(48:28) - Additional Resources for Consultants

8 months ago

49 minutes

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Promoting Consulting Business Through Content Marketing | Interview with Punit Bhatia

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Punit Bhatia, founder of FIT4Privacy Consulting Company, author of 4 books on GDPR, and host of the FIT4Privacy podcast. Punit shares his journey from working at a bank to becoming a leading consultant in privacy and AI governance. He discusses the importance of content marketing, personal branding, and consistency in building a consultancy business. Punit also provides insights into how creating expert materials, publishing books, speaking at events, and maintaining a presence on platforms like YouTube and LinkedIn have contributed to his success. Tune in to learn best practices for promoting your consultancy and establishing a strong professional network.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertize to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account

(00:00) - Interview with Punit Bhatia
(01:02) - Starting a Consulting Career: Punit's Journey
(03:47) - The Freedom of Being an Independent Consultant
(04:36) - Building an International Clientele
(07:33) - Visibility and Content Marketing Strategies
(13:02) - Effective Use of Social Media Channels
(18:14) - The Podcast Journey
(23:21) - Leveraging Content for Business
(25:49) - The Role of Books in Brand Building
(27:39) - The Importance of Consistency
(34:53) - Expanding Expertise to AI
(36:45) - Future of AI and Privacy Standards
(39:56) - Final Thoughts and Recommendations
(41:13) - Useful Resources for Consultants

8 months ago

42 minutes