Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance
Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance
Podcast Description
“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere.
To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at [email protected].
Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.
Podcast Insights
Content Themes
The podcast covers various themes related to cybersecurity governance, ISO standards, and consulting practices. Key topics include the integration of ISO 27001 and GDPR, leveraging online courses for consulting success, the trends impacting certification bodies, and the strategic role of content marketing in establishing a consultancy. Episode examples include discussions on AI's role in consulting, building personal brands, and insights into supplier security frameworks.
“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere.
To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at [email protected].
Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.
In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Carlos Cruz, founder of Metanoia and an ISO 9001/ISO 14001 expert, about continual improvement in ISO standards and how the concepts apply to cybersecurity. They explain continual improvement through the PDCA cycle, using data and Pareto analysis to focus on key issues, then performing root cause analysis with tools like the fishbone (Ishikawa) diagram and the 5 Whys to avoid stopping at “human error.” They define nonconformities, clarify the difference between corrections (e.g., restoring operations) and corrective actions (i.e., removing root causes to prevent recurrence), and discuss when root cause analysis is warranted, including high-impact or recurring cybersecurity incidents. They also cover documenting and tracking nonconformities via approaches like ticketing systems, consultant do’s and don’ts, and practical ways to motivate management by translating issues into business impact.
Links from the episode:
– Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
– White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
– Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
– Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
– Beginner’s Course for ISO, Cybersecurity, and AI Consultants:https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
– How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) – Interview with Carlos Cruz on continual improvement
- (01:27) – PDCA and Continual Improvement
- (05:52) – Improvement Beyond Problems
- (08:22) – Nonconformities Explained
- (11:47) – When to Do Root Cause Analysis
- (15:19) – Pareto and Fishbone Methods
- (17:39) – Using the Five Whys Method
- (21:27) – Building Root Cause Culture
- (25:00) – Who Reports Nonconformities
- (29:27) – Corrections vs Corrective Actions
- (34:25) – Documenting Without Bureaucracy
- (40:32) – Consultants Do and Don’ts
- (47:02) – Selling Improvement to Management
- (50:00) – Top Tips for Continual Improvement
- (54:39) – Resources for Consultants and Security Officers
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.