Imagen de portada del espectáculo Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance

Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance

Podcast de Dejan Kosutic

inglés

Tecnología y ciencia

Oferta limitada

2 meses por 1 €

Después 4,99 € / mesCancela cuando quieras.

  • 20 horas de audiolibros / mes
  • Podcasts exclusivos
  • Podcast gratuitos
Empezar

Acerca de Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance

“Secure & Simple” demystifies governance and compliance challenges faced by CISOs, consultants, and other cybersecurity professionals. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

Todos los episodios

39 episodios

Portada del episodio How Hackers Exploit Human Bias and Technical Weaknesses | Interview with Kevin Beaver

How Hackers Exploit Human Bias and Technical Weaknesses | Interview with Kevin Beaver

In this Secure and Simple Podcast episode, host Dejan Kosutic interviews independent information security consultant and Hacking for Dummies author Kevin Beaver about how hackers are often underestimated and how many run operations like a professional business. Beaver explains psychology concepts that affect security decisions, including the Dunning-Kruger effect, sunk cost fallacy, bystander apathy, expediency, myopia, cognitive dissonance, and confirmation bias, and how these lead to shortcuts, unchecked assumptions, and missed risks. He shares what he looks for first in penetration tests, and discusses how AI is changing phishing and vulnerability exploitation, potential future AI-on-AI attacks, the problem of executive policy exemptions, and ways to build security culture through business-focused reporting to leadership. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software [https://advisera.co/Conformio-software] - White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits [https://advisera.co/page-all-toolkits] - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses [https://advisera.co/Consultant-Courses] - Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account [https://advisera.co/page-Company-Training-Account]  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t [https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t] - How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining [https://advisera.co/GrowYourConsultancyTraining]  * (00:00) - Interview with Kevin Beaver * (01:15) - What People Misjudge About Hackers * (03:42) - Psychology Meets Cybersecurity * (10:26) - Expediency and Security Shortcuts * (12:45) - Pen Testing Basics and Old Patches * (19:51) - Do Hackers Think the Same Way * (22:41) - AI Exploits Rising * (25:41) - AI Governance Reality Check * (31:01) - Confirmation Bias in Security * (34:23) - Culture Drives Cleaner Pen Tests * (37:20) - Reporting to Boards That Works * (40:35) - Three Steps to Preparedness * (43:35) - Defensible Security Approach * (44:09) - Free Resources for Security Professionals

14 de jul de 2026 - 45 min
Portada del episodio How CISOs Should Talk to Corporate Boards | Interview with Michelle Drolet

How CISOs Should Talk to Corporate Boards | Interview with Michelle Drolet

In this Secure and Simple Podcast episode, host Dejan Kosutic (Advisera) interviews Michelle Drolet, CEO and founder of Towerwall, about communicating cybersecurity to corporate boards. Drolet says boards often don’t know what questions to ask, so CISOs should drive the agenda by focusing on incident impact, business risk, and alignment to strategic initiatives rather than vulnerabilities or technical tools. She recommends concise, ROI- and compliance-oriented metrics tied to dollars-and-cents outcomes, limiting “blast radius,” and protecting critical data, while avoiding overly detailed dashboards. She emphasizes having a cybersecurity advocate on the board, running interactive tabletop exercises, addressing cyber as a business enabler affecting sales, insurance, and vendor risk, and using frameworks and regulations as measurable KPIs. The discussion also covers AI adoption with guardrails, CISO reporting lines, and future pressures like quantum planning. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software [https://advisera.co/Conformio-software] - White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits [https://advisera.co/page-all-toolkits] - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses [https://advisera.co/Consultant-Courses] - Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account [https://advisera.co/page-Company-Training-Account]  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t [https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t] - How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining [https://advisera.co/GrowYourConsultancyTraining]  * (00:00) - Interview with Michelle Drolet * (00:55) - Driving The Board Agenda * (02:31) - Build Program Around Strategy * (05:06) - Tabletop Exercises For Engagement * (08:01) - Finding A Board Advocate * (09:34) - Cyber As Business Enabler * (13:36) - Security Reporting and Metrics * (19:39) - Answering Are We Secure * (26:01) - Frameworks And Compliance As KPIs * (34:18) - Future CISO Quantum Planning * (36:10) - vCISO Lessons And Board Comms * (40:26) - Resources for Security Professionals

30 de jun de 2026 - 41 min
Portada del episodio Why Conventional Cybersecurity Won’t Protect AI? | Interview with Hugo Huang

Why Conventional Cybersecurity Won’t Protect AI? | Interview with Hugo Huang

In this Secure & Simple Podcast episode, host Dejan Kosutic (Advisera) talks with Hugo Huang, Product Director at Canonical and author of a Harvard Business Review article, about why conventional cybersecurity tools and patching alone are insufficient for AI systems. Huang shares research conducted with Canonical, IDC, and Google Cloud, highlighting leaders’ concerns about shadow AI usage, opaque and costly AI agents, and securing new hardware like GPUs, IPUs, and TPUs. They discuss AI-specific threats such as data poisoning, adversarial prompting, and model inversion attacks. Huang argues for hardening architecture with confidential computing (e.g., Intel TDX, AMD SEV, Nvidia H100) and for managerial changes, including CEO-level ownership, HR planning for scarce AI-security talent, supplier strategy to avoid vendor lock-in, and using frameworks like NIST’s AI risk management framework to guide policies and governance. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software [https://advisera.co/Conformio-software] - White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits [https://advisera.co/page-all-toolkits] - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses [https://advisera.co/Consultant-Courses] - Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account [https://advisera.co/page-Company-Training-Account]  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t [https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t] - How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining [https://advisera.co/GrowYourConsultancyTraining]  * (00:00) - Interview with Hugo Huang * (04:34) - Three Executive Fears * (07:58) - New AI Attack Types * (11:59) - Patching Is Not Enough * (14:33) - Confidential Computing Basics * (17:00) - TPUs Market Shift * (19:46) - Management Must Change * (28:26) - Security Protects Brand * (33:34) - Suppliers Vendor Lock-in * (41:31) - Advisera Resources

16 de jun de 2026 - 42 min
Portada del episodio ISO 27001 Certification: What Will the Auditor Look For? | Interview with Aron Lange

ISO 27001 Certification: What Will the Auditor Look For? | Interview with Aron Lange

In this Secure & Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Aron Lange, founder of GRC Lab and an ISO 27001 certification auditor, about what auditors look for in certification audits. Aron highlights common nonconformities and explains how auditors gather objective evidence through interviews, document review, and observation, emphasizing execution over paperwork. The conversation also covers auditor interpretation, challenging unsupported findings, risk-based control auditing, management-system vs security-posture certification, continual improvement, and the difference between nonconformities and opportunities for improvement. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software [https://advisera.co/Conformio-software] - White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits [https://advisera.co/page-all-toolkits] - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses [https://advisera.co/Consultant-Courses] - Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account [https://advisera.co/page-Company-Training-Account]  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t [https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t] - How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining [https://advisera.co/GrowYourConsultancyTraining]  * (00:00) - Interview with Aron Lange * (01:09) - Top Nonconformities in Audits * (04:20) - How Auditors Gather Evidence * (11:55) - The Limits of Tools Based on SOC 2 * (14:05) - Challenging Auditor Interpretations * (16:48) - Disputing Nonconformities * (19:38) - Problem with Generic Controls * (23:07) - Certifying Management System * (27:02) - Nonconformity vs Improvement * (29:58) - Auditing vs Consulting * (32:24) - Auditor Mindset and Trust * (35:03) - Prep Tips and Wrap Up * (36:30) - Resources for Consultants and CISOs

2 de jun de 2026 - 37 min
Portada del episodio Anthropic’s Mythos and the Future of Vulnerability Management | Interview with Thom Langford

Anthropic’s Mythos and the Future of Vulnerability Management | Interview with Thom Langford

In this Secure and Simple Podcast episode, host Dejan Kosutic (CEO at Advisera) speaks with Thom Langford, CTO for the EMEA region at Rapid7, about Anthropic’s new AI model “Mythos” and its impact on cybersecurity. Langford argues that the fundamentals remain the same - discover, risk-contextualize, and patch - but the speed, scale, and volume of findings will surge, exposing immature vulnerability and patch-management programs. They explore continuous vulnerability monitoring tied to the SDLC, potential increases in breaches for less-prepared organizations, governance and arms-race concerns, changes to CISO scrutiny and responsibilities (including AI governance), impacts on budgets, and resilience as a differentiator. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software [https://advisera.co/Conformio-software] - White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits [https://advisera.co/page-all-toolkits] - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses [https://advisera.co/Consultant-Courses] - Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account [https://advisera.co/page-Company-Training-Account]  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t [https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t] - How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining [https://advisera.co/GrowYourConsultancyTraining]  * (00:00) - Interview with Thom Langford * (01:01) - Mythos Hype or Reality? * (04:42) - Speed Scale and Patch Basics * (06:48) - Maturity Gap and Risk Context * (10:16) - Continuous Exposure Management * (12:19) - Unprepared Firms and Breach Risk * (14:43) - Release Governance and Arms Race * (18:29) - CISO Role Under Scrutiny * (27:36) - Strategy, Budgets, and Resilience * (33:49) - Industry Shifts and Human Loop * (38:08) - CISO Prep Recommendations * (40:04) - Resources for CISOs and Consultants

19 de may de 2026 - 41 min
Soy muy de podcasts. Mientras hago la cama, mientras recojo la casa, mientras trabajo… Y en Podimo encuentro podcast que me encantan. De emprendimiento, de salid, de humor… De lo que quiera! Estoy encantada 👍
Soy muy de podcasts. Mientras hago la cama, mientras recojo la casa, mientras trabajo… Y en Podimo encuentro podcast que me encantan. De emprendimiento, de salid, de humor… De lo que quiera! Estoy encantada 👍
MI TOC es feliz, que maravilla. Ordenador, limpio, sugerencias de categorías nuevas a explorar!!!
Me suscribi con los 14 días de prueba para escuchar el Podcast de Misterios Cotidianos, pero al final me quedo mas tiempo porque hacia tiempo que no me reía tanto. Tiene Podcast muy buenos y la aplicación funciona bien.
App ligera, eficiente, encuentras rápido tus podcast favoritos. Diseño sencillo y bonito. me gustó.
contenidos frescos e inteligentes
La App va francamente bien y el precio me parece muy justo para pagar a gente que nos da horas y horas de contenido. Espero poder seguir usándola asiduamente.

Elige tu suscripción

Más populares

Oferta limitada

Premium

20 horas de audiolibros

  • Podcasts exclusivos

  • Disfruta los podcast de Podimo sin anuncios

  • Cancela cuando quieras

2 meses por 1 €
Después 4,99 € / mes

Empezar

Premium Plus

100 horas de audiolibros

  • Podcasts exclusivos

  • Disfruta los podcast de Podimo sin anuncios

  • Cancela cuando quieras

Disfruta 30 días gratis
Después 9,99 € / mes

Prueba gratis

Sólo en Podimo

Audiolibros populares

Preguntas frecuentes

Más preguntas y respuestas
Empezar

2 meses por 1 €. Después 4,99 € / mes. Cancela cuando quieras.