Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance
Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance
Podcast Description
“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere.
To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at [email protected].
Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.
Podcast Insights
Content Themes
The podcast covers various themes related to cybersecurity governance, ISO standards, and consulting practices. Key topics include the integration of ISO 27001 and GDPR, leveraging online courses for consulting success, the trends impacting certification bodies, and the strategic role of content marketing in establishing a consultancy. Episode examples include discussions on AI's role in consulting, building personal brands, and insights into supplier security frameworks.
“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere.
To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at [email protected].
Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.
Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the attacker threatened data release. Key lessons include tested backups, detection and provider SLAs, privileged access controls, BIA/process mapping, strong documentation and forensics, communications, insurance coordination, and regular training.
Links from the episode:
– Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
– White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
– Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
– Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
– Beginner’s Course for ISO, Cybersecurity, and AI Consultants:https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
– How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) – Interview with Yannick Hirt
- (00:54) – How the Attack Started: Cloud Transformation, Gaps, and a Phishing Entry Point
- (04:06) – Day Zero Response: Disconnecting Systems and Standing Up the War Room
- (07:54) – Early Critical Decisions: Recovery Streams, Stakeholders, Police & Insurance
- (09:08) – Restore vs Rebuild: Mapping Critical Apps and Validating Backups
- (11:11) – Talking to the Attackers: “Service Desk” Negotiations and Typical Ransom Size
- (14:09) – To Pay or Not to Pay: Strategy, Data-Leak Risk, and Criminal “Reliability”
- (16:12) – Recovery Timeline & Aftermath: Dark Web Leak, Employee Calls, and Government Response
- (21:20) – Who Decides the Recovery Order? IT + Business Alignment
- (23:47) – PR in the War Room: Internal Updates, Guidelines & External Liaison
- (25:06) – Senior Management’s Real Job During Recovery
- (27:38) – Working With Cyber Insurance: Support Now, Paperwork Later
- (30:37) – Forensic Report Deep Dive: Entry Point, Lateral Movement, and Tradeoffs
- (32:25) – Consultants in a Ransomware Crisis: Networks, Pragmatism, and Calm
- (41:30) – Resources for Consultants and Cybersecurity Professionals
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.