Sandy Smajic, Cybersecurity Consultant
Sandy Smajic

Cybersecurity.
Compliance.
Governance.

Helping organizations navigate security, regulation and digital trust — with structure, not guesswork.

Cybersecurity Consultant & Virtual CISO
Academic Authority
Sandy Smajic, founder, smiling in a white shirt

Sandy Smajic

Where deep industry experience meets academic expertise.

  • Cybersecurity Consultant
  • Virtual CISO
  • External Lecturer — HDBW
  • Founder — CyberHealth360
  • Founder — ComplianceHub360

What started as a passion for technology in Bosnia evolved into a mission to strengthen the security and resilience of European organizations. Through hands-on work in industry, energy, and automotive environments, I saw the same recurring challenge.

Most companies knew they needed cybersecurity but didn't know where to start. Traditional assessments were often too expensive, too complex, or simply not designed for the realities of small and mid-sized businesses.

That's why I built this ecosystem — a structured system that makes cybersecurity and compliance practical, transparent, and outcome-driven for every organization.

External Lecturer
IT Security — HDBW Hochschule

Sandy bridges two worlds that rarely meet: hands-on industry consulting and academic teaching. As an external lecturer in IT Security, he helps shape the next generation of security professionals while applying the same rigor to every client engagement.

8+
Years Experience
9
Frameworks Covered
3
Languages
  • BSc Information Technology
  • ISO 27001 Lead Implementer
  • TISAX Practitioner
  • NIS2 Specialist
Academic Expertise Meets Real-World Cybersecurity
IT SecurityInformation SecurityRisk ManagementComplianceBusiness ContinuityAI-supported SecurityCloud SecurityIdentity Management
Framework Coverage

Capability across the frameworks that matter

A transparent view of where my expertise runs deepest — so you know exactly what you are getting.

ExpertAdvancedWorking
Information Security
ISO 27001 / 27002Expert
NIST CSFAdvanced
SOC 2Advanced
EU Regulation
NIS2Expert
GDPRExpert
DORAAdvanced
Sector & Specialist
TISAXExpert
PCI DSSWorking
HIPAAWorking
Selected Engagements

How the ecosystem performs in practice

Anonymized examples drawn from real engagements across regulated sectors.

01

Specialty Pharmaceuticals

ISO 27001GDPR
The challenge

A growing pharma company needed to demonstrate robust information security to international partners but had no formal ISMS in place.

The approach

Ran a structured gap analysis, then built a proportionate ISO 27001 management system aligned to how their teams actually worked.

The outcome

Reached certification readiness with an ISMS the internal team could sustain — and the credibility to satisfy partner due diligence.

02

Energy & Utilities

NIS2ISO 27001
The challenge

A regional energy provider faced expanded obligations under NIS2 and was unsure which requirements applied to them.

The approach

Clarified scope and entity classification, mapped existing controls against NIS2, and prioritized the gaps that mattered most.

The outcome

A clear, board-approved roadmap to compliance and measurably improved resilience against the most relevant threats.

03

Automotive Supply Chain

TISAXISO 27001
The challenge

A tier supplier risked losing contracts without a valid TISAX label and limited internal security maturity.

The approach

Prepared the organization for assessment — closing control gaps, structuring evidence and coaching the team through the process.

The outcome

Successfully positioned for the required TISAX label, protecting existing contracts and unlocking new business.

Case studies are anonymized to protect client confidentiality. Outcomes are described qualitatively.