Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Monzy Merza, co-founder and CEO of Crogl and former security researcher, explains how attackers now deploy AI agents to run fast automated campaigns. He explores agent-vs-agent threats, AI SOC agents that enrich alerts and produce MITRE-based investigations, when humans must remain in the loop, shifting SecOps roles toward engineers, and practical governance and testing for agentic tools.

Andrew Gault, CEO of ZeroTier — builder of secure overlay networks — talks Zero Trust as a mindset, not a single tool. He covers identity-first strategies, policy-based scoring, encryption, and continuous verification. Conversation dives into vendor and machine identities, governance and change management, limits like shared credentials, and practical KPIs such as inventories and exception reduction.

Yannick Hirt, founder and CEO of Odysseus and incident-response specialist, recounts a real ransomware attack on an international industrial firm. He describes phishing of a privileged account, standing up a war room, mapping critical apps, and choosing restore-from-verified-cloud-backups. They cover negotiating via intermediaries, recovery timelines, insurer coordination, forensics tradeoffs, and the value of realistic war-room training.

Clar Rosso, experienced cybersecurity leader and former (ISC)2 CEO now running Rosso Strategic Advisors, explains board-level cyber oversight and digital resilience. She discusses how AI raised board attention, why resilience matters more than just defense, and which high-level metrics and controls boards should focus on. Short, business-focused guidance on aligning cybersecurity with strategic goals.

In this special first-year anniversary episode of the Secure and Simple Podcast, host Dejan Kosutic from Advisera welcomes back Carlos Cruz, founder of Metanoia Consulting and ISO expert. They deep-dive into best practices for conducting effective management reviews, covering not just ISO 9001 and ISO 14001 but also ISO 27001 and other cybersecurity frameworks. The discussion highlights the importance of top management’s involvement, the process of converting raw data into actionable insights, and setting future objectives. Ideal for consultants, CISOs, and cybersecurity professionals aiming to enhance their governance and compliance strategies.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Carlos Cruz on management review (00:21) - Guest Introduction: Carlos Cruz (01:46) - Understanding Management Reviews (07:34) - Effective Management Review Practices (12:34) - Management Review Process (23:35) - Frequency and Importance of Management Reviews (28:40) - Setting and Reviewing Objectives (33:05) - Auditing and Performance (37:50) - Common Pitfalls in Management Reviews (41:25) - Consultant's Role in Management Reviews (49:28) - Integrated Management Systems (55:04) - Resources for Consultants

In this engaging discussion, Jared Leuschen, CEO of Blue Tree, shares his insights on the critical conflict between IT and cybersecurity. He explains the root causes, including misaligned goals and communication breakdowns. Jared emphasizes the importance of aligning teams and setting KPIs for effective security practices. He advocates for proactive involvement of IT in security policy and suggests utilizing fractional consultants to bridge gaps. The conversation reveals how to turn security from a blocker into a business enabler through open dialogue and education.

Sasa Jusic, a board member at Infigo IS with extensive cybersecurity experience, dives into the intricacies of penetration testing and threat intelligence. He explains how these two elements complement each other, highlighting the interplay of offensive and defensive security strategies. Sasa discusses important frameworks like DORA and ISO 27001 and shares critical insights on effective pen test preparation and executing successful reporting. He emphasizes the necessity of collaboration across teams and offers practical advice for optimizing threat intelligence within organizations.

In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Jim Moran, founder of SimplifyISO, to discuss the importance and methods of simplifying ISO management systems. Jim, with over 30 years of consulting experience, shares valuable insights on how overly complex management systems can hinder employee understanding and implementation, leading to higher costs and minimal return on investment. Key topics covered include the benefits of simplification, principles for effective ISO implementation, and the use of visuals and flowcharts. The episode also explores how consultants can leverage simplification to build stronger relationships with clients and scale their consulting businesses efficiently. Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Jim Moran (01:20) - The Importance of Simplifying ISO Implementation (03:34) - Key Concepts in ISO Simplification (08:47) - Using Visuals and Flowcharts for ISO Processes (11:49) - Simplifying Documentation and Internal Audits (24:18) - Visual Aids and Risk Assessment in ISO (31:42) - Microlearning for Cybersecurity Awareness (36:26) - Automating Document Control in ISO Standards (38:51) - Balancing Complexity and Simplicity in Software Tools (47:26) - Simplification Strategies for Consultants (56:40) - Resources for Consultants

Carlos Cruz, founder of Metanoia Consulting, shares his 35 years of expertise in ISO management systems. He discusses the critical importance of internal audits for ensuring compliance and effective systems. Key insights include setting clear audit objectives, the necessity of audit checklists, and strategies for preparing audits to gather evidence. He also highlights the role of AI in enhancing audit productivity and encourages consultants to incorporate audits into their services for continued growth and revenue.

In this conversation, Steve Winterfeld, a seasoned security consultant and author, dives into the complexities of cyber warfare. He discusses the evolving landscape of cyber threats that affect businesses of all sizes, from espionage to sabotage. Steve emphasizes the need for risk assessments and strategic frameworks like MITRE ATT&CK to enhance cybersecurity. He outlines the roles of various actors and the importance of active defense over mere attribution. His insights into balancing innovation with security are especially relevant for today’s digital landscape.