Razorwire Cyber Security & InfoSec Insights

Why do so many vendors still get it wrong when selling to security leaders? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Marius Poskus, CISO at a fintech organisation and host of the Cyber Diaries podcast, and Simon Woods, co-founder of One Compliance and a salesperson who's been working in cybersecurity sales for over 15 years. If you're a CISO, you already know how this goes. The same regurgitated emails, the "just 30 seconds of your time" cold calls, the pitches that lead with product features instead of understanding what problem you're actually trying to solve. It's one of the most complained about topics on LinkedIn and in this episode we sit down with a CISO who gets sold to every day and also someone who does the selling to talk about why so much of it is broken. The conversation covers why persistence without research is just spam, why the best vendor relationships take years to build, why AI-generated outreach is making things worse and what salespeople actually need to do differently if they want to get through the door. Whether you're on the receiving end of the hundredth cold approach this week or you're a vendor trying to work out why nobody's responding, there's something in this for both sides. Three key talking points: Why most sales approaches fail before they even start: Sales in cybersecurity has a low barrier to entry, and it shows. We talk why the industry seems to have settled into a cycle of lazy, templated outreach that treats every CISO the same. We cover why this isn't just annoying for the people on the receiving end but how it actively damages the reputation of vendors who might genuinely have something useful to offer. Relationships over transactions: The best vendor relationships in cybersecurity don't start with a sale. They start with genuine engagement, understanding someone's challenges and being useful before there's any commercial benefit. This episode makes the case that the salespeople who build real connections, who act as a first port of call rather than a product pusher, are the ones who eventually get through the door. What good actually looks like: So what does getting it right look like? We break down the practical habits and mindset shifts that separate the salespeople who get responses from the ones who get blocked, and why the answer has far less to do with product knowledge than most people think. If you've ever wanted to tell a salesperson exactly where they're going wrong, this episode does it for you. And if you're the salesperson, consider this a free masterclass. On what every salesperson should think about before hitting send: “Salespeople are not trying to understand the problems that CISOs face. It's all about selling features and product instead of understanding where the pain points are." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Why Your Inbox Is Full of Rubbish Find out why so many vendor approaches are lazy, untargeted and AI-generated, and why the low barrier to entry in cybersecurity sales means it's unlikely to improve any time soon. What Makes a Vendor Worth Your Time Discover the signs that a vendor has actually done their homework, understands your challenges and is worth a conversation, versus the ones who are just working through a list. How to Spot a Vendor Who's Out of Their Depth Learn the warning signs that someone is bluffing through a technical conversation rather than being honest about what they know and don't know, and why that should affect your procurement decisions. What You Can Tell From a Single Email Understand why the first approach from a vendor tells you almost everything you need to know about whether they're worth engaging with, and what the red flags look like. Why Vendors Keep Getting It Wrong Find out why so much sales outreach in cybersecurity follows the same broken playbook, and why understanding the mechanics behind it helps you filter faster. It's Not Just Vendors Explore why recruiters, lead generation companies and adjacent industries are all guilty of the same lazy outreach, and why CISOs are getting hit from every direction, not just product sales. When a Vendor Relationship Actually Pays Off Find out what a genuinely useful vendor relationship looks like from the buying side and how to recognise when someone is investing in you rather than just your budget. Managing the Noise So You Don't Miss What Matters Understand why the sheer volume of bad outreach creates a real risk of filtering out the vendors who could genuinely help, and how to build a process that catches the good ones without drowning in the rest. Resources Mentioned Never Split the Difference by Chris Voss One Compliance RMI Cyber Cyber Diaries podcast CTRL+ALT+DEFEND Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email [email protected]. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025

What happens when an AI model can find more vulnerabilities in a day than a red team could find in a year?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst at KuppingerCole covering AI and cybersecurity.Anthropic recently announced Mythos, a security-focused AI model reportedly capable of discovering vulnerabilities that have gone undetected for decades, including a 27-year-old bug in OpenBSD. But how much of this is genuine breakthrough and how much is marketing? This episode cuts through the hype and asks what Mythos actually means for the cybersecurity industry, from the arms race it signals between AI model providers to the competitive implications of restricting access to a small group of US-based companies.The conversation goes well beyond Mythos itself, into the reality that AI-powered hacking at scale is already happening, that existing models have already been used to compromise government infrastructure, and that open source and non-Western alternatives are freely available to anyone who wants them. With 80% of code now being vibe coded with minimal security checks, jailbreaking tools available on the open web and CISOs unable to keep pace with the speed of adoption, the question isn't whether AI will change cybersecurity. It's whether the industry can adapt fast enough to survive what's already here.Three key talking points:The Mythos hype vs the reality of AI-powered hacking: Anthropic's announcement made headlines, but the capability to find and exploit vulnerabilities at scale already exists in models available to anyone. This episode asks whether Mythos is really the breakthrough it's been presented as, or whether the industry should be more concerned about what's already out there, including a recent attack on the Mexican government carried out entirely using standard AI models.The competitive and geopolitical implications of restricted AI models: Mythos has been restricted to a small group of US-based companies, giving at least one major EDR vendor a significant edge over every competitor. But by announcing the capability publicly, Anthropic has effectively told the rest of the world it's possible to build. With Chinese, Russian and open source models already filling the gap, the question is whether restricting access to Western models actually contains anything at all.Why security practitioners can't keep up and what comes next: The pace of AI development has outstripped the ability of security teams to keep up. Even full-time practitioners can't stay on top of the daily volume of new models, new vulnerabilities and new attack techniques. If the people doing this for a living are struggling, what chance does an SMB with a part-time security person have? And where does it end? Possibly with offensive and defensive AI agents fighting it out at scale, with humans increasingly on the sidelines.Whether Mythos lives up to the hype or not, the arms race it signals is already underway. If you want to understand what that means for cybersecurity, this is the conversation to listen to.On the implications of restricting AI security models:“Anthropic may be doing this, but for those of us who are not lucky enough to be Anthropic's friend, other countries, other organisations are not so circumspect.”Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Anthropic's Mythos Announcement Find out what Anthropic is claiming about Mythos, why it reportedly found a 27-year-old vulnerability in OpenBSD and why not everyone is convinced it's the breakthrough the headlines suggest.AI-Powered Vulnerability Discovery at Scale Understand why the ability to find and exploit vulnerabilities at machine speed already exists and why Mythos may be less of a leap forward than it first appears.The Mexican Government Hack Hear how standard, publicly available AI models were used to compromise multiple government entities and exfiltrate massive amounts of sensitive data over a matter of weeks, without any zero days involved.Restricted Access and Competitive Advantage Explore why limiting Mythos to a handful of US-based companies raises questions about competitive fairness and what it means when one EDR vendor gets capabilities that nobody else has access to.The Open Source and Non-Western Model Landscape Discover why restricting Western models may not contain much at all, with Chinese, Russian and uncensored open source alternatives already being used by security researchers and attackers worldwide.Vibe Coding and Unchecked AI-Generated Code Find out why an estimated 80% of code is now vibe coded, why most of it isn't being properly tested and what that means for the attack surface organisations are unknowingly building.Jailbreaking and Uncensored Models Learn why tools that can jailbreak frontier models on the fly are freely available on the open web and what that tells us about the limits of trying to restrict AI capability.The CISO's Impossible Position Understand why CISOs are caught between an industry that's moving faster than they can govern and organisations that want to adopt AI regardless of whether the security is ready.Keeping Up With the Pace of Change Explore why even full-time security practitioners are struggling to stay on top of the daily volume of new developments and what that means for organisations with fewer resources.The Future: Agent vs Agent Hear why the near future of cybersecurity may look less like humans defending networks and more like offensive and defensive AI agents battling it out at scale, with practitioners increasingly in a supervisory role.Resources Mentioned Anthropic – Mythos/Project GlasswingMexican Government CyberattackGodMode AI / Pliny the Prompter (jailbreaking harness)Hugging Face (uncensored models)OpenClawDeepSeek (Chinese AI model)KuppingerColeSpartanX Technologies / SpartanX AIConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security

What happens when your organisation adopts AI faster than your security strategy can keep up?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst covering the intersection of AI, cybersecurity and identity.We started out planning to talk about the rise of CTEM (Continuous Threat Exposure Management) and why traditional pentesting and vulnerability scanning can't keep up anymore. But the conversation quickly went further than that, into the real security risks of AI agents, prompt injection, vibe coding and the speed at which organisations are adopting AI without thinking about what happens when it goes wrong. Martin shares examples from his red teaming work of how AI agents can be tricked into exfiltrating data and executing malicious code, Jonathan makes the case for why identity needs to become a first class attack surface in any CTEM programme; and all three of us end up genuinely concerned about what happens when CISOs are expected to govern technology that's moving faster than anyone can keep up with. This one ended up not going quite as planned, and it's all the better for it.Three key talking points:Why traditional security testing can't keep up with AI and agent-driven attacks: Annual pentests and periodic vulnerability scans were built for a world where things changed slowly. Martin and Jonathan explain why that model is no longer suitable when new AI vulnerabilities are emerging daily, most of them without a CVE number attached, and why CTEM as a continuous programme rather than a one-off exercise is becoming essential.How prompt injection and invisible exploits are rewriting the rules of risk: Martin shares examples from his red teaming work where AI agents were tricked into exfiltrating data through a fake spellchecker and downloading malicious code disguised as a support tool. He and Jonathan discuss why prompt injections are so difficult to defend against, how they can be hidden in emails, PDFs, code and even voice, and why traditional security tools don't detect them.What CISOs and tech leaders must face as responsibility and risk escalate: Organisations are adopting AI faster than security teams can govern it, and CISOs are caught between being seen as obstructionist if they slow things down or negligent if they let things through. Jonathan and Martin get into the legal grey areas around who's responsible when an AI agent causes harm and why the lack of clear legislation makes this even harder to navigate.If your organisation is adopting AI and your security model hasn't changed to match, this is a conversation worth listening to. On why traditional security testing no longer works:“You have new releases and new technology popping up almost on a daily basis. And you have vulnerabilities popping up on a daily basis as well. The traditional model we have in place with regular penetration testing, once every three months, once every year, that doesn't cut it anymore.”Martin VoelkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Acceleration of AI Adoption Find out why organisations are pushing AI adoption at a pace that's leaving security teams behind and why the pressure from upper management to automate is creating serious blind spots.Continuous Threat Exposure Management (CTEM) Evolution Learn why CTEM is a programme not a product, how it differs from traditional vulnerability management and why it focuses on what an attacker can actually exploit right now rather than theoretical CVE scores.Limitations of Traditional Security Testing Understand why annual pentests and periodic vulnerability scans were built for a different era and why they can't keep up with a landscape where new AI vulnerabilities emerge daily.The Changing Nature of Exploits Discover why many of the attacks hitting AI systems don't have a CVE associated with them at all, and why the traditional model of scoring and prioritising vulnerabilities is falling short.Prompt Injection Risks Learn how prompt injections work, why they can be embedded in almost anything from emails and PDFs to code comments and voice, and why they're so difficult to defend against compared to traditional injection attacks.Agentic AI and Chained Attacks Find out why compromising a single AI agent in an orchestrated system can have a knock-on effect across the entire ecosystem, and why the blast radius is far greater than with traditional vulnerabilities.Visibility and Explainability Understand why maintaining oversight of AI systems matters, why security teams risk rubber-stamping AI-driven decisions they don't fully understand and why explainability is becoming a critical requirement.Supply Chain and Third-Party AI Concerns Explore how the use of open source models, third-party AI agents and tools like OpenClaw is exposing organisations to indirect vulnerabilities they may not even know about.Identity as the New Attack Surface Learn why misconfigured identities, over-privileged service accounts and weak authentication between AI agents are becoming primary targets, and why CTEM programmes need to treat identity as a first class concern.Regulatory and Legal Accountability Find out why jurisdictions are still divided on who's responsible when an AI agent causes harm, from the Air Canada chatbot ruling to the question of what accountability looks like when AI is making autonomous decisions.Resources Mentioned GartnerOpenClawPCI DSSTenableNessusAnthropicClaudeClaude Secure CodeGroqAir Canada - AI LawsuitEngineering Council of Great Britain11 LabsVoiceboxSpartanX TechnologiesSpartanX AIMexican Government CyberattackConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: <a href="https://www.youtube.com/c/RazorthornSecurity" rel="noopener...

The industry is full of people making security sound complicated so they can sell you the fix. Gary Hibberd and Jim talk about what actually works in cybersecurity.Welcome to Razorwire, where we bring you directly into honest conversations with the minds shaping our industry. I’m your host, Jim, and in this episode, I sit down with Gary Hibberd, co-founder of Consultants Like Us and a veteran of the security, data protection and privacy world.We talk about why so many organisations pour money into security tools and chase compliance without doing the real work underneath, and why it still leaves them exposed. Gary makes the case that one of the biggest security challenges right now is simply speed, that people and organisations are moving too fast to think clearly, and that slowing down is one of the most effective things you can do. We discuss where the industry is heading, why the focus needs to shift from cybersecurity as a purely technical discipline towards genuine organisational resilience and what it takes to cut through the noise of influencers and vendors selling quick fixes that don't exist.We also get into the challenges facing people newer to the industry who are trying to work out who to listen to, why communication and understanding risk matter just as much as technical skills, and why owning your place at the boardroom table is something the security community still needs to get better at.Key Talking Points:Why technical tools and frameworks aren't enough: Gary uses his marathon analogy to explain the issues with buying security kit without doing the work underneath. He and Jim share examples from the field and discuss why leadership and commitment matter more than the software you’ve bought.Beyond cybersecurity: why organisational resilience is the real goal: If your organisation treats security as a purely technical problem, it's missing the bigger picture. Gary and Jim make the case for why the industry needs to move beyond siloed thinking and start building genuine organisational resilience, and what that actually looks like in practice.How to avoid security "false prophets" and spot real expertise: Gary talks about the rise of influencers selling easy compliance that doesn't exist, from GDPR vendors promising a magic fix to people with big platforms and limited experience. He and Jim discuss what to look for in trustworthy voices and why critical thinking still matters more than following whoever shouts the loudest.Join us for an episode filled with real-world insights, practical takeaways, and a reminder that believing in yourself, and your value at the table, is the ultimate career defence.On why products alone won't protect you:"People go, oh, I've got IDS, I've got a SOC, I've got SIEM, I've got this platform, I've got that thing. And you're going, okay, so when was the last time you sat down as a team and talked about what it means to you as a business?"Gary HibberdListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:From IT to Infosec Find out how Gary's path from office admin and Lotus Notes programming through to European crisis management at GE Money shaped his approach to practical security thinking.Hacker Culture &amp; Mindset Explore why the original meaning of "hacker" was never a negative term, and how curiosity and a desire to push technology beyond its limits drove a whole generation into information security.Evolution of Security Challenges Learn why organisations are moving too fast to make good security decisions and why slowing down might be one of the most effective defences available.Impact of Compliance &amp; Frameworks Understand why standards like ISO 27001 and GDPR had to be introduced because organisations weren't securing data on their own and what that tells us about where the industry still falls short.False Prophets in Cyber Find out how the rise of influencers with big platforms and limited experience are making it harder for newcomers and established professionals alike to find reliable advice.Misconceptions About Tools &amp; Compliance Discover why buying security products is no substitute for doing the real work, and why so many organisations still confuse having the tools with actually being secure.Organisational Resilience as the Goal Find out why we should be treating governance, risk, compliance, business continuity and security as one conversation.Communication &amp; Soft Skills Learn why communication, understanding people and managing risk are just as important as technical skills for anyone working in security.Resources Mentioned Consultants Like UsISO 27001ISO 22301FortranCC++Lotus NotesLotus DominoMicrosoft Certified Systems EngineerGDPR (General Data Protection Regulation)Data Protection ActPCI DSSReal Cyber AwardsConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTD<a href="http://www.razorthorn.com" rel="noopener...

Are you confident you could spot a deepfake in your next meeting, or could someone be using your identity without you knowing?Welcome back to Razorwire, the cybersecurity podcast where we explore the challenges professionals face at the cutting edge of threat intelligence. In this episode, I sit down with Alexandra Jorissen, a specialist in deepfake detection and digital identity safeguards. We discuss the explosive rise of deepfake technology, where it's already being used and what it means for personal and professional security.SummaryIt’s no longer science fiction: deepfakes have become both a tool for petty fraud and a devastating weapon for sophisticated cybercriminals. Together, Alex and I discuss how rapidly these impersonations have improved, from laughable scams to well-orchestrated attacks inside global organisations. We get into how deepfakes are now being used for document fraud, insurance scams and internal expense fraud, and why most people still think they'd be able to spot one. Alex shares inside knowledge from her work with IdentifAI, reveals how detection technology is developing, and offers practical advice for anyone safeguarding digital identities, documents, and core business processes.Key Talking Points &amp; Reasons to ListenInside Real-Life Deepfake Attacks Hear how a single convincing deepfake Teams meeting led to a $25 million loss at engineering firm Arup, why even well-trained employees followed standard processes and still got fooled and what this tells us about how far social engineering has come.How Deepfakes Bypass Everyday Security Find out how deepfakes are being used far beyond fake videos, from altered salary slips and AI-generated taxi receipts to fraudulent insurance claims, faked passports that pass KYC checks and criminals impersonating executives in remote meetings. Learn why one company discovered its internal expense fraud was three times worse than expected.Detection, Zero Trust and Practical Defence Learn how IdentifAI's forensic detection analyses images pixel by pixel in nanoseconds, why a zero trust mindset needs to extend to identity verification in everyday business and what simple, practical steps like secret questions and duress codes can do to protect against impersonation right now.This is a must-listen for anyone who wants to understand the new deepfake threat landscape, and pick up the actionable intelligence to defend against it.Verifying Identities in Online Meetings: "A lot of people I speak to, they seem to think deepfakes aren't there yet. Like they would still be able to spot them. And that's a very false presumption."Alex JorissenListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Deepfakes See how deepfake technology has gone from laughable early efforts like the Will Smith spaghetti video to highly convincing fakes that even experienced professionals struggle to detect.Social Engineering and Deepfakes Learn how deepfakes are supercharging traditional social engineering tactics, making phishing and impersonation attacks far harder to spot than they used to be.Real-World Deepfake Scams Hear about actual cases where organisations have been deceived, including the Arup finance manager who transferred $25 million after a fake Teams call and companies that accidentally hired North Korean engineers using deepfaked identities.Abuse of Deepfakes for Fraud and Blackmail Find out how criminals are using AI to create compromising content of real people, using faked media to ransom victims or threaten reputational damage.Document and Identity Fraud Discover how deepfakes now extend to digital documents and IDs, with faked passports passing standard KYC checks and altered salary slips being used to secure larger loans.Breach of Age and Access Controls Learn how people, including minors, are using deepfaked images and identities to get around age verification and other digital barriers.Insider Threats and Employee Fraud Explore how easy it has become to create fake receipts and invoices using tools like ChatGPT, and why one company found its internal expense fraud was three times worse than it expected.Detection Technology and Limitations Understand how forensic AI analyses images pixel by pixel to detect manipulation, where the technology performs well and where limitations like screenshots and overlaid text still create challenges.The Importance of Zero Trust and Verification Find out why a zero trust mindset needs to apply to identity verification in everyday work, from checking badges to using secret questions and duress codes for high-risk communications.The Challenge of Awareness and Organisational Culture Hear why many organisations still believe deepfakes wouldn't fool them, and how deploying detection technology acts as both a defence and a deterrent that changes behaviour.Resources Mentioned Technical University of EindhovenDelft UniversityIdentifAi Nigerian prince scamWill Smith eating spaghetti (deepfake reference)Arup (British engineering and design firm) AI HackKnowBe4NISTConcurEU AI ActNanobanana Oliver RochfordBrad Pitt romance scam Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: <a

Are you ready for the cybersecurity incident that could bring your business to a standstill?On this episode of Razorwire, I sit down with Marius Poskus, a CISO and vCISO, to tackle one of the most crucial yet overlooked aspects of information security: incident response. Whether you’re leading a cyber team, supporting your board, or simply keen to sharpen your readiness, we dig into what happens when your best defences fail and chaos strikes.We talk about what actually happens when an incident hits and why polished policies on their own aren't enough. From the practical realities CISOs face at the sharp end of an incident, through the pitfalls of security theatre, to the importance of clear communications and building resilience, we get into the lessons the playbooks often miss. Marius and I talk through wargaming, learning from unexpected scenarios and how to empower teams to make tough decisions on the fly.Key talking points:Wargaming the Unthinkable:What happens when your CEO dies? When your entire C-suite is on a plane for six hours and unreachable? When someone poisons the fish at a team dinner? Jim and Marius talk about why the most valuable wargaming exercises aren't the predictable ones. Testing unusual, uncomfortable scenarios is what exposes the single points of failure nobody thought about and builds the kind of muscle memory that no written policy can replace.Decision-making Authority in Crisis:One of Marius's contacts had a major ransomware incident and needed to hire 200 people within hours. The biggest problem wasn't the attack itself, it was getting budget approved and contracts signed fast enough. Learn why pre-agreed access to emergency funds, signing authority and the ability to bypass normal procurement processes can be the difference between a swift response and days of lost time.Security Theatre and Why It Falls Apart Under Pressure:Marius has been making waves on LinkedIn talking about companies that want the appearance of security rather than the real thing. In this episode, he and Jim get into why polished policies that have never been tested crumble the moment a real incident hits, how to tell the difference between genuine preparedness and box-ticking and what it actually takes to build an incident response capability that works when it matters.Listen and step inside the mindset every cybersecurity professional needs before the worst happens.On testing your plan:"You never want to run through an incident response scenario first time when the real thing happens."Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Importance of Incident Response Find out why incident response is still one of the most neglected areas of security, how to get organisational buy-in for proper preparation and what happens when the first time you test your plan is during the real thing.Security Theatre vs. Real Preparedness Learn how focusing on the appearance of security rather than genuine preparedness leaves organisations vulnerable when a real incident hits, and what it takes to build real readiness through testing and practice.Practical Testing and Muscle Memory Discover why written policies aren't enough on their own and how regular testing and tabletop exercises help teams build the confidence to act effectively under pressure.Authority and Decision-Making During Events Learn how to set up clear escalation paths and decision-making authority before an incident happens, including access to emergency funds and the ability to hire specialist support at short notice.C-Suite Engagement and Support Find out how senior executives can best support their security teams during an incident, from trusting CISOs to lead the response to providing practical help like food, hotel rooms and team rotations.Communication and PR During Incidents Explore how thoughtful, transparent communication can protect reputation and rebuild trust after a breach, and why generic "we take security seriously" messaging does more harm than good.Resilience and Recovery Strategies Learn how to maintain business operations while an incident is unfolding, from planned team rotations and post-breach customer support to quantifying downtime for the board.Wargaming and Scenario Thinking Find out why testing unusual scenarios, not just technical failures, helps organisations expose single points of failure and prepare for real-world unpredictability.Critical Thinking and Cybersecurity Career Skills Discover why curiosity, initiative and adaptability matter more than following prescribed instructions, both for handling incidents and for building a career in cybersecurity.Learning from Mistakes and History Explore how drawing on real historical events and shared industry experiences equips professionals to handle crisis situations, make tough decisions and build personal resilience.Resources Mentioned SolarWindsCited as a high-impact security incident affecting third parties and requiring significant communication. https://www.solarwinds.com/Professor MesserCited as a free educational resource for CompTIA courses.https://www.professormesser.com/Network ChuckMentioned as a well-known YouTuber focused on networking tutorials and resources.https://www.youtube.com/c/NetworkChuckCompTIAReference to a popular provider of IT and cybersecurity certifications.https://www.comptia.org/Y2K (Year 2000 problem)Discussed as a past example of widespread incident response planning.https://en.wikipedia.org/wiki/Year_2000_problemChangi JailHistorical site referenced during a discussion of resilience and decision-making under pressure.https://en.wikipedia.org/wiki/Changi_PrisonRorke’s DriftBrought up as a historical account to learn about resilience.https://en.wikipedia.org/wiki/Battle_of_Rorke%27s_DriftApollo 13 (“Houston, we have a problem”)Referenced as an example of problem solving under extreme pressure with limited resources.https://en.wikipedia.org/wiki/Apollo_13US Military zombie apocalypse wargamingReferenced as an example of creative scenario planning for incident response.https://en.wikipedia.org/wiki/CONOP_8888The Y-FilesReferenced as a source of conspiracy theories and unusual scenarios Jim enjoys.https://www.youtube.com/@TheYFilesConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and...

Is there really honour amongst cybercriminals or is it every hacker for themselves?On this episode of Razorwire, I’m joined by Martin Voelk, a seasoned ethical hacker, to take a look at how the world’s most notorious cybercriminal groups really operate. We trace the journey from early hacking culture to today’s sprawling underworld of digital organised crime. Along the way, we ask: What does "hacker" truly mean and who actually gets caught when the authorities close in?We discuss the blurred lines between white hat and black hat hackers and why some of the most skilled operators never set foot in the countries they target. Martin and I explore the various motivations behind cyber attacks, from ideology to pure profit and debate why classic notions of criminal “honour” simply don’t hold up in this ruthless business. We share stories from both sides of the fence - how cyber gangs operate like corporations, how rivalry and betrayal play out behind the scenes and why it’s never been easier to get started in cybercrime (if you’re not fussy about the law). The episode closes with a stark look at the arms race between attackers and defenders and what it means for the future of cybersecurity.Three key talking pointsFresh Perspectives on Hacker Mentality:Martin breaks down the difference between hackers, researchers and outright criminals, challenging media stereotypes. We examine why understanding attacker psychology isn’t just academic - it’s essential for building better defences.Behind the Scenes of Cybercrime-as-a-Service:Hear how today’s criminal groups mirror legitimate organisations, complete with their own HR, development teams and even “scapegoats” to throw authorities off their trail. Discover what this corporatisation means for detection, attribution and response.The Global Chessboard: Tactics, Rivalries and AI Advances:Learn why the most effective cyber operators operate with impunity from certain countries, protected through corruption and international legal gaps. We unpack how rivalries really play out, the role of AI in hands of both attackers and defenders and what to expect as attack automation accelerates.Tune in and arm yourself with real-world insights that go beyond the headlines - because what you don’t know about the criminal underground could be your biggest risk.AI-Powered Cyber Threats Target Weaker Defences: "Because the hackers are predominantly looking at the weakest targets, does it make sense to hack into the most sophisticated bank in the United States? Or do I rather target a mid-sized bank in Mexico where I already know that they had previous security vulnerabilities?"Martin VoelkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of HackingExplore how hacking started as a curiosity-driven activity, the role of groups like the Chaos Computer Club and why the term “hacker” was never originally a negative label.Different Types of HackersLearn about the three main categories of attacker (hacktivists, financially motivated criminals and state-sponsored groups) and what drives each of them.Organised Crime's Role in CybercrimeDiscover how cybercrime evolved from individuals working alone to structured operations with recruitment, development teams and corporate-style hierarchies.Scapegoats and Sacrificial LambsFind out what can happen to less skilled members of criminal groups and how the people who get arrested are rarely the ones running the operation.Safe Havens and Jurisdictional GapsUnderstand how top operators work from countries with no extradition treaties, often protected by corruption, and why Western law enforcement struggles to reach them.The Rise of Ransomware and EspionageLearn why attackers target Western organisations where ransoms are more likely to be paid and how corporate espionage is a bigger part of the picture than most people realise.Rivalries and Alliances Among Hacker GroupsFind out how competition between groups plays out in forums, why it’s driven by profit rather than politics and how hackers from rival nations routinely work together.AI's Dual Impact on CybersecurityLearn why AI has made it easier than ever to develop malicious code, how both sides are using it and why SMBs and less cyber-aware countries face the greatest risk going forward.Resources Mentioned Silk RoadDread Pirate RobertsConti FilesChaos Computer ClubGitHubHugging FaceClaude CodeCursor CLIGoogle Anti-GravityFlipper ZeroTor networkEl Salvador crypto currency acceptanceTron chainConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: <a...

What threats should CISOs prioritise as we move into 2026?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're looking ahead to the challenges facing security leaders in 2026.I'm joined by Richard Cassidy, EMEA CISO at Rubrik, and together, we discuss the three themes dominating CISO conversations: navigating the expanding regulatory landscape, preparing for quantum computing's impact on existing cryptography and understanding how attackers are shifting from loud ransomware to quiet economic warfare through time drag operations.SummaryThis episode examines the strategic and operational challenges CISOs face in 2026. The conversation covers how evolving regulations require fundamental changes to business operations and threat response, why tabletop exercises with executive teams are becoming standard practice for testing organisational maturity and how quantum computing is moving from theoretical concern to practical planning requirement. Richard and Jim discuss the technological shifts happening simultaneously with AI and quantum computing and why security awareness gained during the pandemic is being eroded by the race to implement new technologies without proper security consideration. The episode explores how attackers are evolving beyond traditional ransomware towards time drag operations that threaten business continuity without triggering incident declarations and why the combination of deepfakes and AI-driven social engineering represents a fundamental challenge to shared reality.Three Key Talking Points:The Regulatory Burden and Tabletop TestingLearn about the regulatory challenges CISOs face across DORA, NIS2 and evolving frameworks, plus why organisations are increasingly running tabletop exercises with executive teams. Discover how war gaming activities help boards understand real-world breach scenarios and test organisational maturity beyond traditional red teaming. Find out how recent breaches at companies like Ubisoft, M&amp;S and Jaguar Land Rover are driving leadership to take security seriously.Quantum Computing's Imminent ImpactUnderstand why quantum computing has moved from background concern to top-three CISO priority for 2026 to 2028. Explore the timeline for quantum threats to existing cryptography, what organisations need to do now to prepare for post-quantum cryptography and why there's significant uncertainty around adoption strategies. See how quantum computing combines with AI to create a tectonic shift in security technology that requires planning today.Time Drag Operations and Economic WarfareDiscover the shift from loud ransomware to quiet time drag attacks where threat actors threaten extended operational downtime rather than data theft. Learn why boards will pay millions to restore business continuity without declaring cyber incidents and how attackers are exploiting the economic model where disruption costs more than ransom. Explore how this combines with AI-powered deepfakes and social engineering to create attacks that undermine shared reality itself.On the appearance of security: "The economic model of cybercrime has shifted from traditional theft to time drag. If attackers know they can present you with a problem where you're not going to be able to recover your key systems for an inordinate amount of time, there's a higher likelihood that you are going to pay for a level of data or knowledge that will get you back to operational efficiency rather quick."Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Evolving Regulatory FrameworksLearn about the challenges posed by DORA, NIS2 and other regulatory requirements, including uncertainty around implementation, costs and the procedural changes they demand from organisations.Executive Tabletop ExercisesDiscover why organisations are moving beyond traditional pen testing to run war gaming scenarios with executive teams, testing how leadership would respond to real-world breach scenarios like those that hit M&amp;S, JLR and MGM.Quantum Computing PreparationUnderstand why quantum computing has become a top-three CISO concern for 2026 to 2028, what organisations need to know about post-quantum cryptography and why planning needs to start now despite uncertainty around timelines.Security Awareness ErosionExplore how the security awareness gained during the pandemic is being pushed aside by the rush to implement AI and other technologies, with businesses prioritising efficiency over security considerations.The RAM Crisis and Supply Chain ImpactFind out about the technological shifts happening with component shortages, RAM price increases and how hardware availability is affecting security planning and organisational technology strategies.AI as a Constant ThemeSee how AI weaves through every major security challenge, from regulatory compliance to quantum preparation, even when it's not explicitly the top concern.The Shift to Time Drag OperationsLearn about the attacker evolution from loud, transactional ransomware to quiet economic warfare where threat actors threaten indefinite operational disruption rather than data theft.Why Boards Pay Without Declaring IncidentsUnderstand the economics of why executive teams will pay millions to restore business continuity quickly rather than endure months of disruption, often without ever declaring a cyber incident publicly.Deepfakes and Loss of Shared RealityDiscover the fundamental challenge posed by AI-driven deepfakes and social engineering that make it increasingly difficult to determine what's real, including examples of CEO-targeted WhatsApp attacks and voice cloning.Educating Users Against Sophisticated Social EngineeringExplore why organisations must improve user education to detect the growing sophistication of AI-powered social engineering, deepfakes and attacks designed to exploit human trust and decision-making.Resources Mentioned RubrikDORANIST FrameworkNIST2Marks and Spencer Cyber AttackJaguar Land Rover Cyber AttackMGM Cyber AttackUbisoft Cyber AttackCorsairNvidiaIBMScattered SpiderShiny Lapis HuntersNCSE USASun Tzu's Art of War<a href="https://vaclavsmil.com/" rel="noopener

Are cryptocurrencies revolutionising finance, or are they simply empowering cybercriminals and state-sponsored hackers?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, we're tackling one of the most polarising topics at the intersection of finance and security: cryptocurrency.I'm joined by Richard Cassidy, Oliver Rochford and Jonathan Care, and together, we debate whether Bitcoin has solved any real problems or simply enabled cybercriminals to operate at an unprecedented scale, with 98% of ransomware payments now made in cryptocurrency.SummaryThis episode looks at how cryptocurrency has impacted real-world security and policy, including how it has facilitated over $3 billion in theft by state-sponsored groups like Lazarus to fund North Korea's nuclear programme and romance scams that have drained 4.6 billion victims with zero recourse. Everything illegal in traditional financial markets is legal in crypto. Yet in Argentina, Venezuela and Nigeria, people use it to preserve value against hyperinflation and bypass authoritarian controls. The debate centres on whether governments truly control crypto through exchanges and legal tender conversion, whether blockchain transparency helps law enforcement more than it helps criminals and whether ransomware payment rates dropping to 19% proves cybersecurity is winning despite crypto, not because of it.Three key talking points from this episode:Criminal Infrastructure and the Ransomware Economy. Find out how cryptocurrency is used for ransomware payments and how this has enabled the ransomware epidemic. Learn about state-sponsored theft, romance scams operating at an industrial scale and why dark web marketplaces like Hydra and AlphaBay succeeded Silk Road in facilitating organised crime. Discover the impact of payment rates dropping to 19% as companies choose disaster recovery over paying criminals.Government Control vs Decentralisation Claims. Explore the heated debate about whether governments truly control cryptocurrency through regulating exchanges and legal tender conversion or whether the protocol itself remains ungovernable. Learn why KYC requirements at exchanges undermine the original vision of anonymity, how states force participation through tax requirements and whether crypto can function without an army to back it. Real-World Use Cases vs Original Promises. Discover how cryptocurrency is being used in Argentina, Venezuela and Nigeria to preserve value against hyperinflation and bypass authoritarian capital controls. Examine whether these legitimate use cases justify a technology that hasn't solved its original problems: transaction speed remains too slow for real-time use, energy consumption is enormous compared to Visa, scalability hasn't improved and volatility undermines its claim as a stable store of value.If you’re a cybersecurity professional looking to understand both the promise and peril of cryptocurrency, this episode is essential listening.On the lawless nature of cryptocurrency:"Every scam, every market rig that has been outlawed in real world money markets is wide open in crypto. As Richard points out, we're not only deregulated, it is lawless."Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cryptocurrency as Ransomware's Preferred Payment Method. Learn why ransomware payments use cryptocurrency and how this payment method enabled the ransomware epidemic that became every CISO's biggest headache.Declining Ransomware Payment Rates. Discover why payment rates dropped to just 19% in 2024, with overall payments down 35% to $813.55 million, as companies increasingly choose disaster recovery over paying criminals.The Irreversibility Problem. Learn why cryptocurrency transactions being irreversible means mistakes and theft are permanent, with no chargebacks or recourse for victims of fraud.State-Sponsored Cryptocurrency Theft. Understand how the Lazarus Group has stolen over $3 billion in crypto through targeting exchanges, DeFi protocols and blockchain bridges.Romance Scams and Pig Butchering Operations. Learn about the explosion in crypto-enabled romance scams, fake investment platforms and rug pulls operating at industrial scale.Pump and Dump Market Manipulation. Find out why pretty much everything untoward is perfectly legal in crypto, from coordinated manipulation on Telegram and Discord to influencer fraud, wash trading and spoofing.Government Control Through Legal Tender Conversion Understand why governments ultimately control cryptocurrency through regulating exchanges, requiring tax payments in fiat currency and controlling the conversion points between crypto and legal tender.Blockchain Transparency for Law Enforcement. Learn how public blockchains can be easier to analyse than shell companies behind offshore banking, with tools like Chain Analysis, Elliptic and Interpol using on-chain data to track illicit networks.Proof-of-Work Mining's Environmental Impact. Examine the massive energy consumption of cryptocurrency mining, why specialised hardware becomes obsolete within a year and the climate impact of a payment system processing fewer transactions than Visa does in an hour.Exchange Security Failures and Hacks. See how exchanges like Mount Gox and BYBIT lost billions through security failures and why holding crypto at exchanges rather than in personal wallets creates unnecessary risk.Resources Mentioned Financial Crime Enforcement Network (FinCEN) US agency tracking financial crime, referenced for 2024 ransomware payment statistics showing 35% decrease to $813.555 million. https://www.fincen.gov/Chain Analysis Blockchain analysis platform helping law enforcement track cryptocurrency transactions and disrupt criminal networks. https://www.chainalysis.com/Elliptic Cryptocurrency investigation platform used by law enforcement and financial institutions to identify criminal activity on blockchains. https://www.elliptic.co/Lazarus Group North Korean state-sponsored threat actor attributed with over $3 billion in cryptocurrency theft to fund nuclear programmes. Overview: https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/north-koreaHydra Market Russian-language dark web marketplace that succeeded Silk Road before being shut down in 2022, facilitating billions in illicit cryptocurrency transactions. Background: https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-biggest-marketplace-dark-web-offlineAlphaBay Major dark web marketplace that operated from 2014-2017, enabling cryptocurrency-based transactions for drugs, weapons and stolen data. <a href="https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down" rel="noopener noreferrer"...

What happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading?Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it.Summary2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support.We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh.Three Key Talking Points:The Theatre of SecurityUnderstand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them.The Junior Pipeline CrisisDiscover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing.Burnout as Occupational TraumaLearn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers.If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it.On the appearance of security: "Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way."Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:2025 Year in Review Explore what actually happened this year, from falling ransomware payment rates to the continued rise in burnout and stress levels across the industry.Marketing-Driven Threat Intelligence Discover why claims about AI-enabled ransomware and nation-state AI usage turned out to be more hype than reality.The CISO Accountability Trap Understand why security leaders are handed responsibility without power, budget or support and why so many are choosing to step back from leadership roles.Burnout as a Systemic Problem Learn why organisations still treat burnout as an individual issue rather than addressing the systemic factors that cause it.Legal Protections for Occupational Trauma Explore whether cybersecurity professionals could gain legal recognition for work-related harm, similar to content moderators and healthcare workers.The AI Skills Shortage Coming in 2026 Find out why Oliver predicts salaries will rise as companies realise they've hollowed out their junior pipeline with premature AI deployment.Economics vs Security Spending Understand why businesses treat security breaches like shoplifting and why perfect security isn't the goal for most organisations.Cognitive Load and Dashboard Design Discover how principles from aviation flight deck design could reduce alert fatigue and improve security operations workflows.The Younger Generation's Boundaries Learn what Gen Z might teach us about setting limits, refusing workplace nonsense and reframing work around life instead of the other way around.Predictions for 2026 Hear what the panel thinks is coming next year, from salary increases to AI backlash and the potential consequences of neglecting security basics.Resources Mentioned Coveware (Ransomware Payment Data)Referenced by Oliver regarding the drop in ransomware payments in 2025.MIT Sloan (AI-Enabled Ransomware Claims)Referenced by Oliver as an example of retracted threat intelligence claims.AnthropicReferenced regarding claims about nation-state actors using their AI service.ISC2 Workforce SurveyReferenced by Eve Parmiter regarding burnout statistics (59%) in cybersecurity.SolarWinds Breach and CISO ImpactReferenced by Jim regarding the personal toll on the SolarWinds CISO.Health and Safety Executive (UK)Referenced by Bec McKeown regarding employer responsibility for workplace stress.Cloudflare OutagesReferenced by Marius Poskus regarding organisations bypassing WAF protections during downtime.Anu AI (Foresight and Predictions Tool)Mentioned by Oliver Rochford as his startup with a free community edition.Mental Health in Cybersecurity FoundationReferenced in context of ongoing burnout discussions.Cyber Diaries PodcastMentioned by Marius Poskus as his...

Is burnout in cybersecurity inevitable, or are we finally learning how to prevent it?Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today.SummaryTwo-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation.Three Key Talking Points:Human Factors and the Reality of Leadership BurnoutUnderstand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.Spotting Burnout Early - Inside and Around YouGet practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.Building Resilience and Finding Peer SupportDiscover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field.If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip.On power vs responsibility:“CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.”Eve ParmiterListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can fix.Navigating the Working Location Debate Find out how remote, hybrid and office preferences impact team cohesion and what it means for your mental health.Balancing CISO Responsibility Without Authority Understand why security leaders face mounting pressure without the power to create change and how this fuels burnout.Spotting Burnout Before It's Too Late Learn to identify the subtle behavioural shifts that signal burnout in yourself and colleagues before it becomes a crisis.Creating Teams That Can Weather the Storm See how managers can build resilience by recognising and responding to individual stress patterns.Leveraging Different Perspectives Under Pressure Explore why mixing personalities and viewpoints strengthens problem-solving and team support during incidents.Building a Culture Where People Can Speak Up Understand what psychological safety actually looks like and why it's essential for preventing burnout.Finding Professional Support That Actually Helps Learn where to access peer support and resources designed specifically for cybersecurity professionals.Getting Involved in Industry-Wide Solutions Discover how the Mental Health in Cybersecurity Foundation is creating practical frameworks and communities to address burnout collectively.Resources Mentioned&nbsp;1. ISACA (Cybersecurity Research and Reports)Referenced by Bec McKeown regarding global research on cybersecurity stress levels.Website: https://www.isaca.org/2. NLP (Neuro-Linguistic Programming)Mentioned as a resource for self-understanding and career development.Overview: https://www.britannica.com/topic/neuro-linguistic-programming3. Major UK Brands Affected by Cyber AttacksHarrods: https://www.bbc.co.uk/news/articles/cpq5w324pd3o&nbsp;Marks &amp; Spencer: &nbsp;https://www.bbc.co.uk/news/articles/c93x16zkl9do&nbsp;Jaguar Land Rover &nbsp;https://www.bbc.co.uk/news/articles/ckg1w255gy1o&nbsp;Co-op: &nbsp;https://www.bbc.co.uk/news/articles/ckgq9dke4e5o&nbsp;4. ‘Be Left of Bang’&nbsp;Used as a metaphor by Bec McKeown for proactivity in noticing stress and burnout.Book Info: https://www.amazon.co.uk/Left-Bang-Marine-Combat-Program/dp/19368913015. Maslach’s Research into Burnout&nbsp;Cited by Eve Parmiter about organisational factors driving burnout.Overview: https://www.verywellmind.com/burnout-4157336Christina Maslach Profile: https://psychology.berkeley.edu/people/christina-maslach6. Mental Health in Cybersecurity Foundation (Community and Support Resource)Discussed by Bec McKeown as a growing support and best practice group; LinkedIn page only (no website yet).LinkedIn: https://www.linkedin.com/company/mental-health-in-cybersecurity-foundation/7. The Cyber Sentinel's Handbook (by James Rees)Mentioned as a resource for information security professionals at all levels.Amazon link: https://www.amazon.co.uk/Cyber-Sentinels-Handbook-professionals-ebook/dp/B0CXTS3S7D/Available as paperback, e-book and via Kindle Unlimited.Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you...

Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.SummaryWe examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.Key Talking Points&nbsp;The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.On the security of key documentation:&nbsp;"Attackers aren't breaking in anymore, they're logging in."David Higgins, CyberArkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.Zero Standing Privilege as the New Normal How organisations are moving away from permanent permissions toward just-in-time access, why no one should have standing privileges anymore and how this approach aligns with modern cloud environments.The Passwordless Movement Goes Mainstream What's changed to make passwordless authentication viable now, why passkeys are moving from hype to implementation and the real challenges of rolling out modern authentication to millions of users.Third Party and Non-Human Identity Challenges The growing problem of managing identities for contractors, suppliers, automated systems and AI and why this volume of identities is creating new security and access control headaches.Continuous Authentication and Risk-Based Approaches Why logging in once isn't enough anymore, how behavioural analysis can detect when an owned identity is being misused and why risk-based authentication is making a comeback after years of being overlooked.The Help Desk as Attack Vector How attackers are purchasing stolen credentials then simply calling help desks to reset MFA tokens, why context matters as much as credentials and what this means for authentication strategies.Balancing Security Friction with User Acceptance Why completely frictionless security is impossible, how to find the right balance between protection and productivity and why users will find workarounds if authentication becomes too painful.Privilege Access Management Evolution How PAM has evolved from simple credential vaulting to addressing root causes, why managing secrets at scale remains challenging and the shift toward eliminating standing privileges entirely.The Privacy vs Security Dilemma Concerns around government databases for digital ID verification, the risks of centralised identity storage and why securing authentication data is becoming more critical as we move toward digital-first validation.Resources Mentioned&nbsp;CyberArkOneSpan&nbsp;Gartner Hype Cycle for Digital Identity&nbsp;FIDO AlliancePrinciple of Least PrivilegeAWS (Amazon Web Services)Microsoft Azure&nbsp;Google Cloud Platform (GCP)WebAuthn&nbsp;CTAP (Client to Authenticator Protocol)UK Digital ID VerificationConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

How can small and medium businesses protect themselves from cyber threats without spending a fortune or just ticking boxes for compliance?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, we’re taking a look into the challenges faced by SMEs on the journey through cybersecurity compliance and insurance.I’m joined by Lewis Lockwood from Incursion and Josh X of Capsule, who bring experience from the front lines of offensive security and insurance broking. Together, we tackle the misconception that security is prohibitively expensive and explore how smart strategies can strengthen your defences without breaking the bank.SummaryWe tackle a topic at the heart of SME cybersecurity struggles - from box-ticking compliance to negotiating cyber insurance and surviving data breaches. Lewis Lockwood explains why Cyber Essentials is more than a paperwork exercise and how agility can be a secret weapon for smaller companies. Josh X talks about the realities of selling cyber insurance to resource-stretched businesses, the importance of aligning insurance with actual security posture and the real risks hidden even in smaller businesses.Whether you’re a founder, IT manager or just curious about how attackers think, you’ll get practical advice, cautionary tales and actionable steps you can take today.Key Talking Points&nbsp;Cyber Essentials as Practical Defence, Not Just Compliance Learn why basic frameworks like Cyber Essentials shield SMEs from common attacks, offering affordable, actionable protection that goes well beyond box-ticking.How Insurance and Security Must Work Together Discover the realities of cyber insurance for small businesses, including why your security posture affects premiums and claims, and what actually happens if you’re hit by ransomware or invoice fraud.Learning from Real-World Breaches and SME Pitfalls Hear first hand stories about high profile incidents, negotiation tactics with threat actors and how even a local florist or butcher can be targeted. Understand why continuous education, simple security controls and the right insurance mix can prevent both financial disaster and sleepless nights.Tune in for a conversation that’s honest, insightful and practical - with takeaways you can put into action immediately, no matter your company size.On the security of key documentation:&nbsp;“Where are you storing your insurance documents? If someone wants to get into your network, the easiest thing to do is to look at their insurance documents and be like, okay, they've got a million pound limit, let me ask for £2 mil.”Josh X, CapsuleListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cybersecurity Cost Perceptions Why the belief that security is prohibitively expensive for SMEs is misleading and what actually drives costs.The Role of Cyber Essentials How Cyber Essentials provides a practical, affordable security baseline for small and medium businesses without breaking the bank.Insurance as a Safety Net Why cyber insurance can't replace proper security measures and how to understand its role as a last resort, not a first line of defence.SME Agility in Security How smaller organisations can use their size as an advantage to quickly implement fixes and adapt to security recommendations compared to larger enterprises.Rise in Cyber Insurance Adoption What's driving growing awareness and uptake of cyber insurance among SMEs and why certain sectors are slower to adopt.Practical Security Measures Simple, cost-effective steps SMEs can take to drastically reduce risk, including patching, access control and MFA.Fraud and Social Engineering Threats Real-world attack scenarios targeting SMEs, from invoice fraud to phishing, and why user awareness matters more than you think.Incident Response and Business Impact The wider consequences of a cyber incident beyond financial loss, including operational disruption, PR crises, regulatory fines and personal liability for directors.Insurance Document Security Why you need to secure your insurance documentation and how attackers use policy details to calibrate ransom demands.The Value of Security Accreditation How frameworks like ISO 27001 and Cyber Essentials can lower your insurance premiums and deliver tangible business benefits beyond compliance.Resources Mentioned&nbsp;Incursion Cyber Security (incursion-security.co.uk)&nbsp;Capsule (capsulecover.com)Cyber EssentialsCyber Essentials PlusIASMEISO 27001DORANIST2PCI DSSHITRUSTJaguar Land Rover Cyber AttackHarrods Cyber AttackCo-op Cyber AttackNHS Cyber AttackSony Cyber AttackICO (Information Commissioner's Office)SOC2DMARCBlockchain technologyConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

What happens when the dark side gets its hands on cutting-edge AI and why might even seasoned defenders find themselves playing catch-up?Welcome back to Razorwire, where I’m joined by Oliver Rochford and Richard Cassidy to discuss how criminals are using AI, what's actually working and how the threat landscape is changing. We explore how adversaries are using AI, what’s actually working in the wild and how professionals can prepare for the unsettling pace of change.Summary:We discuss AI-powered phishing, deepfakes in recruitment and self-evolving malware. The conversation moves beyond the classic image of lone hackers, unveiling an economy of cybercrime with advanced automation, international collaboration and ruthless incentives. The real tension lies in whether AI is simply sharpening existing attack tools or if we’re on the brink of something genuinely new and autonomous. We dissect economic shifts in attack and defence and raises questions about resilience, readiness and just how quickly the future may arrive.3 Key Talking Points:AI in current attacks: Discover how attackers are already automating phishing, password cracking and social engineering at scale, with some criminal campaigns boasting success rates that would have been unthinkable without AI.Deepfakes and infiltration: Hear real cases of attackers using AI-generated identities and language tools to pass job interviews and access company systems, including documented North Korean operations.The autonomy debate: Join the debate over whether we’re seeing the emergence of fully autonomous AI attacks or just more sophisticated versions of existing threats,&nbsp; and what it means for risk management and defending against a fast-paced, well-funded adversary.Ideal for any cybersecurity professional looking for sharp perspectives and real-world examples on the present and future impact of AI in the hands of attackers.&nbsp;The New Question for Cybersecurity:"We don't need to ask anymore, ‘Do we have good security?’ What we have to say, and what the question should be is, ‘Are we resilient when AI is being used against us? And how do we do that from a technology perspective?’ And there's no one answer."Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered:AI as the New Adversary Learn how criminals are using advanced AI tools to make cyber threats less predictable and harder to control.Phishing Supercharged by AI Discover why AI-generated phishing campaigns achieve significantly higher success rates than traditional attempts and what makes them harder to spot.Deepfakes and Recruitment Fraud Hear how attackers use deepfakes and voice-changing technology to impersonate job candidates and infiltrate organisations under false identities.Automation and Evolving Malware Explore the debate around whether malware can autonomously adapt and rewrite itself, reducing the need for human hackers to intervene directly.Limits of Current AI Threats Understand why truly autonomous, intelligent cyber attacks aren't widely observed in the wild yet, despite AI amplifying certain attack vectors.Economic Shift in Cybercrime See how AI has lowered costs and barriers to entry for cybercriminals, allowing attacks to scale rapidly without nation-state resources.Social and Psychological Impacts Consider how AI's rapid advancement is outpacing society's ability to adapt, leading to new forms of manipulation and radicalisation.Defence Strategies Lagging Behind Find out why most defensive tools still rely on older methods and haven't matched the sophistication of AI-powered attacks.Importance of Cyber Resilience Learn why resilience measures like robust backup, disaster recovery and regular risk assessments are now critical as AI heightens attack speed and scale.Ethics, Regulation and the Future Race Examine how the race to adopt AI technologies by criminals and corporations alike is happening without adequate regulation or ethical boundaries.Resources Mentioned&nbsp;MIT SloanSafe SecurityVirusTotalPromptLockFirewood (Malware)Mirai (Malware / Botnet Variant)HackerOneExpo (LLM Project)AnthropicOpenAIEuropolChatGPTGenTek AIArctic WolfSQL SlammerMorris WormThe ZiziansFuture Shock (Book)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Are you making career moves in cybersecurity or is cybersecurity making moves around you?Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.Summary:Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.Key Talking Points:The Truth About Career Pathways:We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.Security Culture and Human Factors:We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.AI, Emerging Threats and Resilience:Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.The Future of AI in Software Development:&nbsp;“Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why the sexy-sounding jobs aren't where beginners should aim.Stop buying tools to solve people problems: Why organisations waste money chasing technology instead of fixing processes and how this approach guarantees poor security outcomes.Recognise that compliance doesn't mean you're secure: How mistaking audit requirements for actual protection leaves your business exposed and why ticking boxes won't stop breaches.Build a security culture that works: Why punishing people for clicking phishing links backfires and how rewarding reporting creates collaboration instead of fear.Question autonomous AI in security: Why removing humans from security decisions is riskier than most people realise and what happens when AI makes critical choices without oversight.Shift from firefighting to prevention: How to identify root causes instead of just responding to incidents and why this approach saves time and money.Use your network to accelerate your career: Why the relationships you build in the infosec community matter and how asking for help from people who've solved your problems before is a professional skill, not a weakness.Resources Mentioned&nbsp;MP CybersecurityCyber Diaries PodcastCtrl Alt Defend (YouTube channel)CompTIA Security+CompTIA Network+CompTIA A+ISOSOC2Cyber Sentinels HandbookMicrosoft CopilotMontinuGreg van der GaastJack JonesJane FranklandConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Is your security stack making you safer or just adding to the chaos?Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.Three key reasons to listen:“Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.Welcome to the Future: Solving Problems, Not Just Selling Tools"If you're coming to market, remember the product is only half the game.Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it.&nbsp;If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds another noisy layer without reducing tool sprawl.Integration Challenges and Data Standards Find out why lack of shared standards makes integration painful, and how to use your purchasing power to demand vendors support open standards and data portability.Cost Fallacies of Consolidation Discover why promised cost savings from consolidating tools rarely appear once you factor in migration, retraining, integration and operational complexities.System Integrators and Rising Complexity Learn why systems integrators and resellers often profit from complexity rather than simplification, and how to spot when you're being sold more than you need.Shifting Vendor Strategies: Acquisitions and Synergy Understand how large vendors grow through acquisitions that never get properly integrated, and what to look for when evaluating whether a "platform" is actually unified or just a collection of separate products.Staying Flexible as Things Change Learn why security leaders need agile, modular strategies and should avoid long-term commitments to match the pace of change in technology and security threats.Resources Mentioned&nbsp;Gartnercyberfuturist.comAgoriaRubrikDORANIS 2Microsoft CopilotMcAfeeWizAWS S3Iceberg DataClickHouseGoldman SachsLangChainThe Cyber Sentinels HandbookConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastX:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Are you prepared for the psychological toll that comes with handling disturbing content in the cybersecurity world?Welcome to Razorwire, where today we’re exploring into the realities behind a career in cyber, from technical warfare to the often-overlooked human cost.&nbsp;In this episode, I’m joined by therapist and consultant Eve Parmiter to examine the real psychological impact of repeated exposure to distressing material that many of us face during incident investigations, content moderation and threat research.Eve draws on her background in trauma therapy and real-world experiences both inside and outside of cybersecurity. Together, we discuss why even seasoned professionals struggle to talk about their experiences, how secondary trauma manifests in our daily lives and what can actually help in environments that don’t provide enough support.If you've ever had to investigate colleagues, review disturbing material, or make impossible decisions under pressure, this conversation will resonate. We don't shy away from hard truths, but we do focus on practical ways to build resilience and find some measure of satisfaction in doing the right thing - even when it's difficult.In this episode:1. Understand the true impact of secondary trauma in cyber roles.We break down the difference between stress, burnout and trauma specific to cybersecurity professions, exploring how exposure to disturbing content changes your outlook - and why it’s not a personal weakness.2. Learn why most pros don’t talk about their struggles and how to break the silence.Eve explains why lacking the right language keeps many from processing what they experience and offers insight into building peer support systems and practical organisational responses.3. Discover tested strategies for coping and recovery.You’ll leave with actionable advice straight from the worlds of therapy and cyber on how to protect yourself, when to seek help and the importance of cultivating supportive communities.Tune in for a genuine, valuable discussion that puts the mental health of cybersecurity professionals front and centre and find out how to make a tough job more sustainable for yourself and your team.Why Self Care Isn't Enough for Trauma"You can't self care your way out of trauma. There is no amount of bubble baths or ice baths that are going to remove certain images or certain experiences."Eve ParmiterListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Psychological Impact of Difficult Materials. Why exposure to traumatic or distressing digital content leads to anxiety, depression and long term negative outlooks.Challenges Discussing Trauma in Cybersecurity. How professionals can overcome their reluctance to discuss experiences when they lack the language or organisational support.Primary vs Secondary Traumatic Stress. Learn how to identify when direct and indirect exposure to disturbing content creates real psychological effects that often resemble PTSD.Addressing Vicarious Trauma and Worldview Shifts. How to cope when repeatedly witnessing other people's trauma changes how you perceive the world and interact with your environment.Moral Distress and Injury in Decision Making. Find out how to manage situations where you face ethical dilemmas with no clear 'right' choices.Overcoming Isolation in Infosec Roles. Learn ways to tackle the solitary nature of many cybersecurity positions and find methods for sharing and processing difficult experiences.Building Organisational Support Structures. Explore how to create better support systems, clearer policies and access to therapy or community resources for those regularly exposed to harmful material.Implementing Practical Coping Strategies for Daily Exposure. How using visual and audio moderation tools can reduce the impact of reviewing distressing content.Building Resilience and Finding Meaning. How community, positive reinforcement and focusing on 'doing good' help professionals recover and maintain motivation.Resources for Mental Health in Cybersecurity. Find organisations and peer networks dedicated to improving mental health for cybersecurity professionals.&nbsp;Resources Mentioned&nbsp;Mental Health and Cybersecurity Foundationeveparmiter.comConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastX: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Understanding AI security threats before they become your next crisisOn this episode of Razorwire, I explore the emerging frontier of AI security with leading experts Jonathan Care and Martin Voelk. We examine the latest risks, show you how adversaries are exploiting AI systems and share practical advice for professionals working with these rapidly advancing technologies.We move past the marketing speak to reveal how attackers are using generative AI, what it really takes to test these complex systems and what the rise of agentic, self-operating AI means for defenders. Security leaders, penetration testers and anyone implementing business technology need to understand these threats before committing to new AI solutions.This conversation addresses real incidents, examines practical realities and highlights why many enterprises are dangerously unprepared for what's ahead in AI security.Key TopicsInside the Mind of the Attacker: Learn how both ethical hackers and financially motivated criminals are already using AI to automate attacks, spread misinformation and create new vulnerabilities. Martin and Jonathan share examples of prompt injection, data poisoning and “model jailbreaking” - all tactics reshaping the cyber threat landscape right now.Pen Testing AI: What’s Different and What’s Still the Same: Go behind the scenes with insights into penetration testing for large language models and agentic AI. The episode discusses fresh attack surfaces, why classic testing skills are still vital and the new OWASP Top 10 for LLMs. If you’re considering buying AI-powered tools, take away concrete advice on how to stress-test these systems before attackers do.Business Risk, Legal Headaches and What to Demand from Vendors: With AI now touching everything from customer bots giving dodgy medical advice to autonomous agents able to cause chaos, the conversation gives practical advice about reputational, legal and operational risks. Listen for the must-ask questions every business should take to their vendors as well as new regulatory requirements that mean robust AI testing can’t be left as an afterthought.If you want to stay ahead of AI and cybersecurity developments and avoid building tomorrow's biggest headache, this episode is essential listening.AI Model Bias Debate:&nbsp;" 77% of enterprises are reporting at least one AI related security incident. 62% of enterprises lack any dedicated testing programme.”Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Test Your AI Before Attackers Do - With 77% of enterprises already hit by AI security incidents but 62% lacking testing programmes, discover what specific vulnerabilities to check for and how to implement proper AI red teaming.Stop AI Hallucinations From Damaging Your Business - Understand how AI systems fabricate information and create legal liability, plus practical steps to identify and mitigate these risks before they affect customers or operations.Protect Against Medical and Legal AI Disasters - Learn from real cases where AI gave dangerous advice and created legal obligations, including what liability questions you need to address with vendors and internal teams.Secure Agentic AI That Can Take Real Actions - Discover why AI agents that can invoke APIs, modify data and trigger real-world changes require completely different security approaches than traditional chatbots.Defend Against Prompt Injection Attacks - Get specific techniques for testing and protecting against AI-specific vulnerabilities that traditional cybersecurity controls cannot address.Identify Poisoned Training Data and Supply Chain Attacks - Understand how attackers manipulate AI training data and learn what questions to ask about data sources and model provenance.Implement Automated and Continuous AI Testing - Explore new tools and frameworks for always-on adversarial testing of AI systems, including what capabilities to build in-house versus buy.Navigate AI Model Bias and Censorship Issues - Understand how different AI models reflect their creators' biases and learn strategies for getting balanced information across multiple sources.Meet New Regulatory Requirements for AI Testing - Prepare for mandatory adversarial testing under the EU AI Act and US executive orders, including what documentation and processes you'll need.Build AI Security Skills and Career Paths - Identify the specific certifications, training and technical skills needed for AI security roles, plus advice for both newcomers and experienced professionals transitioning to AI security.Resources Mentioned&nbsp;OWASP Top 10 for LLMChatGPTGeminiGrokClaudeAnthropicRetrieval Augmented Generation (RAG)RedditWikipediaHugging FaceGitHubDeepseekGwen (Alibaba)Burp SuiteModel Scan (Hidden Layer)Terra SecurityNIST Generative AI ProfileEU AI ActUS Executive Order 14110NIST AI RMFExpo.comSecOps SchoolLearn PromptingCISO Intelligence (Newsletter)Cyber Sentinels HandbookPliny the PrompterConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit <a href="http://www.razorthorn.com" rel="noopener noreferrer"...

Is your compliance strategy making life easier or just adding more chaos?Welcome to Razorwire, where we take you to the heart of cybersecurity with voices that have seen it all. I’m Jim, your host and in this episode, I’m joined by Martin Davies (Audit Alliance Manager at Drata) and Patrick Sullivan (VP of Strategy and Innovation at A-LIGN). Together, we explore how to cut the compliance overhead, eliminate duplication across multiple frameworks and turn compliance into a competitive advantage that actually speeds up sales cycles.Compliance is rarely anyone’s favourite topic, yet it’s unavoidable and organisations are under more pressure than ever to do it well. We explore why compliance keeps getting more complex, what’s actually driving value and how the right blend of people, processes and technology can transform it from a painful cost centre into a genuine strategic asset.Key topics:Cutting Compliance Overhead: Discover practical ways to avoid duplication of effort, map overlapping controls across frameworks and use technology to bring order to compliance chaos.Compliance as a Value Generator, Not Just a Cost: Hear real world perspectives on shifting the mindset around compliance, from being a necessary evil to a competitive differentiator that can support new business, speed up sales cycles and add commercial value.The Road Ahead: Continuous Monitoring and Emerging Pressures: Explore the shift from annual audits to ongoing assurance, the impact of AI on compliance frameworks and the new reality of management liability in regulations like DORA and NIS2.If you’re ready to rethink compliance and turn it into a source of strategic advantage, this is an episode you won’t want to miss.On duplication of effort:&nbsp;"The words ‘compliance overhead’ - when I hear that, I hear duplication of effort. If someone's doing the same control twice, that's objectively a bad thing."&nbsp;Martin DaviesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:How to tackle the complexity of compliance - Understand why compliance requirements keep growing and discover strategies for managing multiple frameworks without getting overwhelmed.How to turn compliance from cost centre to value generator - Learn practical approaches for positioning compliance as a competitive advantage that can speed up sales cycles and create business value.Practical ways to streamline your compliance processes - Discover methods to eliminate duplication of effort, reduce time waste and support more agile business operations.How to identify and eliminate overlap across frameworks - Learn techniques for mapping overlapping standards and consolidating controls to avoid doing the same work twice.How to leverage technology and GRC tools effectively - Understand how platforms like Drata can transform evidence management, reduce audit stress and bring order to compliance chaos.What auditors actually look for during assessments - Learn why auditors focus on intent and sound processes rather than box-ticking, and how to prepare effectively for audits.When to shift from annual to continuous monitoring - Understand the growing trend towards ongoing assurance and when point-in-time assessments aren't enough.How to manage third party and supply chain compliance risks - Learn strategies for validating and managing external risks as organisations rely more heavily on third parties.Resources Mentioned&nbsp;CTEMDrataA-LIGNPwCPCI DSSISO 27001DORANIS 2HITRUSTHIPAAPCI SSCEU AI ActSOC 2AICPASafeBaseCyber Sentinels Handbook (book)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Why venture capitalists have abandoned cybersecurity and what this means for real innovationWelcome to Razorwire, the podcast where we go beyond the headlines to dig into what really matters in information security. I'm your host, James Rees and this week we're pulling back the curtain on the world of venture capital in cybersecurity. The brutal truth is that VC money has dried up, innovation has stalled and according to this week’s special guest, we're mostly seeing "the same crap with AI on it." VCs are having layoffs, funds are frozen at 13-14 years with no exits and genuine breakthroughs are nowhere to be found.In this episode, I sit down with cybersecurity expert Oliver Rochford to dissect the state of VC investment in information security in 2025. We break down why funding is tightening, where the "innovation" is really happening (or not) and how security start-ups can survive in a changing landscape. If you're tired of jargon and want to know what's really happening behind the scenes, from market consolidation through to the real world impact on practitioners and products, this one's for you.3 key talking points you won’t want to miss:Why VC money is slowing and what that means for innovationWe explore the shifting strategies of venture capital in the security industry: what’s drying up, where the smart bets are moving and whether this environment is strangling real progress.The reality behind “consolidation” and the myth of the mega-vendorOliver unpicks the idea of market consolidation and explains why, despite the headlines, the security market remains fragmented and why there’s unlikely to be a handful of companies owning it all.What start-ups really need to survive in the current marketWe talk through the pitfalls, survival tactics and realities facing new security vendors. From the importance of business fundamentals to why flashy tech might not be enough, you’ll get practical insight into turning great ideas into sustainable businesses.Tune in for a realistic look at the business side of cybersecurity, packed with lessons directly from the experts.The Startup Funding Struggle:"No one's getting any money. Not the investors, not the VCs. They've had rounds of layoffs in the VC industry, which you can imagine, the people with money have had layoffs."Oliver RochfordListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, you’ll learn:Why VC Funding Has Hit Crisis Point: Discover why venture capital investment has frozen in cybersecurity, with VC funds now at 13-14 years (well beyond the typical 10-year lifecycle) and no viable exits in sight and why even VCs themselves are having layoffs.How Major Vendors Are Replacing Traditional VCs: Learn why Cisco, Okta and Zscaler have established their own investment arms and how this shift is concentrating power whilst reducing diversity in startup selection.What's Really Happening Behind the Scenes: Understand how silent fire sales are occurring and why limited partners are refusing to invest further, stalling new cybersecurity ventures.Why "Consolidation" Is Actually a Myth: Learn why the cybersecurity vendor landscape remains highly fragmented despite headlines suggesting otherwise and why no single vendor will ever dominate.How Cybersecurity Compares to Other Tech Markets: Discover why the total addressable market for cybersecurity ($78 billion) pales next to what Microsoft alone spent on AI data centres ($85 billion), making it less appealing for VCs.Which Niches Are Still Getting Funding: Find out why only security telemetry pipelines, AISecOps, cloud security and machine identities are attracting investment whilst most areas see nothing.Why European Startups Face Impossible Odds: Understand the "stunted trees on a mountain" reality, where European startups get 10% of American budgets but are expected to deliver the same results.What Happens to "Autonomous" Security Promises: Learn why most companies promising fully automated pen testing or autonomous security operations inevitably pivot to AI-assisted managed services.How AI Is Breaking Traditional Metrics: Discover why customers jump between AI tools monthly rather than committing annually, making traditional revenue metrics unreliable and forcing new approaches.What Startups Must Do to Survive Now: Understand why rapid traction and clear revenue paths are now essential for securing follow-on investments in this tougher environment.Why Innovation Has Actually Stalled: Learn why there's been no real innovation in cybersecurity for five years, with most products being iterations rather than genuine breakthroughs.How Market Barriers Have Grown Higher: Discover why larger vendors with established customer bases and investment arms now dominate, making it nearly impossible for new startups to break through.Why Networks Matter More Than Ever: Understand how increasing emphasis on backgrounds and connections is creating fewer opportunities for diverse or unconventional teams to succeed.Resources MentionedInfosecGartnerWizRazor's Edge Continuous Threat Exposure ManagementY CombinatorThe Cyber Sentinels HandbookConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Are small and medium-sized businesses finally getting the cybersecurity solutions they deserve - or is the market still leaving them exposed?Welcome back to Razorwire, the podcast where I investigate the real world challenges and breakthroughs in cybersecurity, bringing you the stories and advice of the industry’s leading minds. I’m Jim, and in this episode, I’m sitting down with Piers Morgan - no, not that Piers Morgan - who serves as Senior Vice President and General Manager for EMEA at Coro cybersecurity. We’re exploring the future of endpoint security for small and medium-sized businesses and why this sector is seeing a big shift in how security is delivered, priced and managed.In our conversation, we get frank about the tangled mess of security tools, why dashboards are driving everyone mad and how the industry’s obsession with complexity has left the “forgotten” mid-market crying out for help. Piers shares how Coro is shaking up the space with unified, affordable security, without the vendor lock-in and upsell traps that so often sting growing businesses.Key Talking Points:The end of the dashboard nightmare: Discover why having “one pane of glass” for your entire security stack has become more than just marketing hype for smaller firms, and how Coro is actually delivering on this long standing promise.Security without breaking the bank: We dig into the true cost of endpoint protection and how most businesses are burning cash on complex tools they barely use. Learn what a flat rate, scalable approach really looks like in practice.What’s next in SME security: Hear how Coro’s approach to AI and automation is giving small businesses access to enterprise-grade defences, along with Piers’ view on where the market is heading, the threats reshaping mid-sized risk and why managed services are becoming the new frontline for the channel.If you’re a cybersecurity professional, consultant or MSP grappling with SME security demands, you’ll hear practical insights&nbsp; and perhaps question a few of your own assumptions about what’s possible for the “forgotten middle” of our industry.On the cost burden for smaller businesses:"It can go up to fifteen hundred dollars a seat a year. Now, when you're timesing that by a few hundred licences and users, that's a significant amount of cash. We can manage it in one single platform... we can do it up to a tenth of the cost of what they're currently using today."Piers Morgan (Coro)Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Escape the multiple dashboard trap Learn why juggling numerous disconnected security platforms creates operational chaos and discover practical approaches to streamline your security operations.&nbsp;Right-size security solutions for smaller organisations Understand how to match your security investments to your actual needs and resources, avoiding the enterprise-focused tools that often overwhelm smaller teams.&nbsp;Implement unified security platforms effectively Discover how to evaluate and deploy consolidated security solutions that deliver enterprise-grade protection without the complexity or cost.&nbsp;Calculate the true cost of your security stack Learn to audit your current security spending and identify where you're paying for unused capabilities or redundant tools.&nbsp;Adapt your security strategy to modern threats Understand why traditional security approaches fail against today's attackers who target organisations of all sizes, not just major corporations.&nbsp;Leverage automation to reduce security workload See how to implement security solutions that work behind the scenes, freeing your team from constant monitoring and alert management.&nbsp;Work effectively with managed service providers Learn how to evaluate and engage MSPs as security partners, particularly if you lack in-house cybersecurity expertise.&nbsp;Navigate vendor consolidation and avoid integration pitfalls Understand how to assess whether vendor acquisitions actually improve security platforms or just create more complexity.&nbsp;Prepare for increasing regulatory demands Learn how to build security programmes that meet compliance requirements without breaking your budget or overwhelming your team.&nbsp;Future-proof your security investments Discover how AI integration and modular architectures can make your security solutions more adaptive and scalable as threats evolve.Resources MentionedPiers Morgan (Coro Cybersecurity)Coro (Coro Cybersecurity)CrowdStrikeAzureAWSBarracudaGartnerForresterCanalysMarks &amp; Spencer (M&amp;S) Cyber BreachPCIISO 27001Windows DefenderConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

How do we measure and manage the human element of cyber risk beyond technology and basic security training?Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.3 Key Talking Points:Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.On Moving Beyond Traditional Training:&nbsp;"Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."Flavius PlesuListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.Accidental vs. Malicious Insider Threats Explore the full spectrum of risky behaviours your organisation faces, from unintentional mistakes to deliberate attempts to circumvent controls, and how to address each type.Behavioural Segmentation and Psychographics Learn how psychographic profiling and behavioural analysis can help you identify risk tendencies in your workforce and tailor security interventions accordingly.Crowdsourced Security Intelligence See how to leverage collective workforce insight to detect risks that traditional security teams miss, turning your employees into valuable intelligence sources.Storytelling in Incident Response Understand why analysing chains of behaviour, rather than isolated events, is crucial for predicting and preventing future security incidents.Predictive Modelling for Proactive Security Discover how combining multiple risk indicators enables you to anticipate and prevent security breaches before they occur, moving from reactive to proactive security.Balancing Security Monitoring with Privacy Navigate the ethical and practical challenges of user monitoring, particularly around GDPR compliance and maintaining employee trust.Cultivating a Security-Conscious Culture Learn strategies for engaging users constructively, transforming them from compliance-focused participants to active partners in your organisation's security efforts.Resources MentionedOutThinkGartnerUCL (University College London)PhishMeSANSBitdefenderAVGIBM WatsonLimeWirePCI DSSMicrosoft Graph APIThe Cyber Sentinels HandbookConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Six months into DORA's implementation, what's actually happening in financial services organisations?Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced.Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.Key Talking Points:From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.On the accountability gap in third party risk:"Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore."Romain DeslorieuxListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists.&nbsp;Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions.&nbsp;Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands.&nbsp;The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of delivering DORA's operational requirements whilst avoiding recruitment pitfalls and team burnout.&nbsp;Compliance versus True Operational Resilience Recognise the warning signs that distinguish genuine business transformation from ineffective box-ticking approaches to DORA implementation.&nbsp;The Role of Consultants Learn how to leverage external expertise for DORA compliance whilst building internal capabilities and avoiding dangerous over-dependence on consultants.&nbsp;Disparities across Europe Navigate the varying interpretations and enforcement approaches across member states, particularly around critical definitions like "major incident" and "critical ICT".&nbsp;Supply Chain and Smaller Entities Understand the specific challenges facing smaller fintechs and niche providers in meeting DORA standards, plus strategies for managing extended supply chain risks.&nbsp;Centralised Approaches to Security Implement proven centralised security and resilience frameworks that maximise scarce resources whilst enforcing consistent policy across organisations.&nbsp;The Shift to Resilience Thinking Embrace the industry-wide mindset change from prevention-focused compliance to comprehensive operational continuity and recovery planning at board level.Resources MentionedThalesRubrikKuppingerColeDigital Operation Resilience Act (DORA)GDPRISO 27000PCI DSSNIST frameworksSOC 2CSSF (Commission de Surveillance du Secteur Financier, Luxembourg)ABBF (Bankers Association, Luxembourg)Microsoft Active DirectorySecurity ScorecardEuropean Banking Authority (EBA)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, where we examine the realities facing cybersecurity professionals on the front lines of digital defence.In this episode, I am joined by Rob Priest, a former NHS insider with 24 years of experience, and returning co-host Richard Cassidy to expose the cybersecurity crisis gripping Britain's healthcare system. From WannaCry's devastating impact to recent ransomware attacks on children's hospitals, our experts reveal why the NHS remains a prime target for cybercriminals despite years of warnings and government promises.Rob shares insights from his transition from running around hospital corridors with paper records to witnessing sophisticated nation-state attacks that can cripple entire trust networks for months. Richard brings his unique perspective as both a cybersecurity professional and working paramedic who experienced firsthand how cyber attacks paralyse emergency services when systems go dark.Whether you're a healthcare professional worried about patient safety, a cybersecurity expert trying to understand why healthcare remains so vulnerable, or a concerned citizen wondering why your medical data isn't better protected, this conversation cuts through the political rhetoric to examine what's actually happening behind NHS firewalls.Tune in for an unvarnished look at legacy systems running on Windows 95, the shortage of qualified CISOs across 213 NHS trusts and why the government's latest cybersecurity mandates might create more problems than they solve.Listen in for:The Hidden Fallout of Cyber Attacks on Patient Care - Understand the cascading impact that ransomware and outages have, not just on IT, but on clinicians, paramedics and everyday patient outcomes. Rob shares first-hand accounts of real NHS incidents and why cyber breaches are, at their core, clinical emergencies.Why Legacy Tech and Fragmented Leadership Leave Us Exposed - Hear why outdated, unsupported systems and a chronic lack of cyber leadership make true resilience so tough in large NHS trusts. We unpack the disconnect between government strategy, local implementation and real world risk.Practical Steps (and Missed Opportunities) for NHS Cyber Resilience - Explore what actually works, from playbooks and clinical 'huddles' to the role of centralised threat intelligence - and where policy too often lags behind reality. If you want to know how to prioritise resilience amid chronic uncertainty, this episode is essential listening.Get ready for a grounded discussion that blends expert perspective with genuine NHS war stories - plus candid thoughts on what really needs to change.On learning from cyber incidents before they happen:&nbsp;"Organisations that understand the impacts of events the best are the ones that have actually gone through it. My question is: does that have to be the case?"Rob Priest, RubrikListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Escalating Cyber Threats to the NHS - Learn how nation-state actors and cybercriminals are targeting NHS organisations through supply chain weaknesses and vulnerable digital infrastructure.&nbsp;Recognising Legacy Technology and Technical Debt Challenges - Discover why outdated IT systems and unsupported medical devices create persistent security challenges and make patching complex and risky.&nbsp;Assessing the Impact on Patient Care and Clinical Operations - Understand how cyber incidents lead directly to care disruptions, cancelled appointments and patient safety risks when systems become unavailable.&nbsp;Identifying Supply Chain Vulnerabilities - Learn about the risks from third party vendors and service providers that expose NHS trusts to breaches originating beyond their direct control.&nbsp;Recognising Workforce and Leadership Gaps - Explore the critical shortage of cybersecurity leadership across NHS trusts and why so few employ dedicated CISOs or security professionals.&nbsp;Evaluating Government Strategy, Regulation and Funding - Understand the challenges of fragmented mandates, insufficient funding and slow implementation of government-led cybersecurity initiatives.&nbsp;Understanding the Fallout of Organisational Change - Learn how ongoing restructurings like NHS England's disbandment create uncertainty, undermine coordination and risk losing experienced staff.&nbsp;Exploring Centralisation vs. Localisation Challenges - Discover the tensions between centralised security services and the bespoke needs of individual trusts in maintaining effective governance.&nbsp;Learning from Real-World Incident Impacts – We discuss the lessons learned from major incidents like WannaCry and ransomware attacks and why organisational learning remains slow despite clear vulnerabilities.&nbsp;Implementing Resilience and Cyber Preparedness - Learn practical approaches including playbooks, cyber incident drills, impact quantification and integrating clinical and cybersecurity teams to improve NHS cyber maturity.Resources MentionedRubrikNHS (National Health Service)NHS EnglandNHS DigitalNCSC (National Cyber Security Centre)Active Cyber Defence Programme (NCSC initiative)NCSC Cyber Assessment Framework (CAF)DSBT (Data Security and Protection Toolkit)WannaCrySynnovisBritish Medical Association (BMA)Cyber Security Strategy for Health and Adult Social Care 2023–2030Cyber Security Resilience BillDORA (Digital Operational Resilience Act, EU)Indiana Jones and the Raiders of the Lost Ark (film)The Cyber Sentinel’s Handbook (book)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube:<a href="https://www.youtube.com/channel/UCq1XP2u-oXolixToLwngF2A" rel="noopener noreferrer"...

Can we secure generative AI before it outpaces our ability to defend it?Welcome back to Razorwire, where we have our finger on the pulse of cybersecurity’s most urgent dilemmas and future threats. I’m your host, Jim and in this episode, I sit down with Ante Gojsalić, CTO and co-founder of SplxAI, to unpick the tangled challenges of securing the next wave of generative AI before it becomes too integrated, too complex and too risky to control.Generative AI is reshaping everything from business operations to personal lives, but the race to capitalise on its potential leaves us with difficult questions. Are we allowing technological progress to sprint ahead of security? Is anyone putting robust protections at the heart of these new AI systems? Ante shares stories from the frontlines - explaining why both East and West are taking wildly different approaches, why securing AI isn’t as simple as plugging in a new tool and how the real vulnerabilities lie hidden in the everyday systems we’re already beginning to trust.Three key talking points to listen out for:Why securing AI is fundamentally different - and harder - than traditional IT - Ante shares real scenarios where the unpredictable, fast-evolving nature of large language models means old school security techniques simply can’t keep pace. Find out why continuous testing, automation and security-by-design are more critical than ever.Hidden risks as AI agents take on human-like roles in business - We explore where the most pressing security gaps lie as AI agents begin to make decisions, handle confidential data and even manipulate users. Learn how attackers are already exploiting these systems - and what steps organisations can take to avoid catastrophic mistakes.The battle between business priorities and security fundamentals -Hear our thoughts on why commercial pressure and the quest for innovation often override basic security and discover hands on, pragmatic advice for leaders aiming to bake security into AI projects from day one - before it’s too late.Whether you’re a CISO, an AI developer or a cyber strategist, this episode of Razorwire will arm you with practical insights and hard-won lessons on defending against the unknowns of AI.Why Continuous Security Testing Is Essential:&nbsp;"So imagine you do the security evaluation [of AI] on day one, then they change it a hundred times and you don't do another pen test. It's not relevant anymore. So, yeah, the continuous thing is important. Automation is important. And with AI, which is non-deterministic and which is still very changeable day by day, it's different than web security or API security… It's just unstable."- Ante Gojsalić, on why traditional security approaches fail with AI systemsListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Rise of Generative AI - Understand what generative AI actually is and how to assess its rapidly expanding applications within your organisation's threat landscape.&nbsp;Global AI Arms Race - Learn how different regional approaches to AI development affect your security strategy and vendor selection decisions.&nbsp;Security vs Speed in AI Development - Discover practical ways to balance innovation pressure with security requirements without stifling business growth.&nbsp;Emerging Threats to AI Systems - Identify specific vulnerabilities you need to watch for, including agentic decision-making risks, data leaks and adversarial attacks targeting your AI implementations.&nbsp;Challenges of Securing AI from the Start - Get actionable guidance on integrating security into AI system design rather than retrofitting protection after deployment.&nbsp;Continuous Security Testing for AI - Learn why traditional annual pen testing fails for AI systems and how to implement ongoing security assessment that keeps pace with model updates.&nbsp;AI-Powered Social Engineering - Recognise the sophisticated phishing and manipulation tactics enabled by generative AI and how to prepare your users for these evolved threats.&nbsp;Changing User Behaviours and Trust - Understand how widespread AI adoption, particularly among younger users, changes your security awareness and training requirements.&nbsp;Regulation and Governance Gaps - Assess whether current compliance frameworks adequately address AI risks and how to fill gaps in your governance approach.&nbsp;Future-Proofing AI Security - Prepare for emerging security challenges as AI systems increasingly blur human-machine decision boundaries and adapt your security strategy accordingly.Resources MentionedSplxAIProbe (SplxAI flagship product)Ray KurzweilDeepSeekOpenAI GPTMitraOWASPDevSecOpsRazors Edge Continuous Pen TestingDORAPCIThe IT Crowd - Show me the internetThe Cyber Sentinels Handbook, A Primer for Information Security Professionals (book by Jim/James Rees)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.In this episode, James Rees is joined by security awareness specialists Amy Stokes-Waters and Jemma to dismantle outdated approaches to security training. From click-through fatigue to the critical importance of culture change, our experts explore why traditional computer-based training fails to make organisations truly secure.Listen as Amy and Jemma share their expertise on transforming security awareness from a box-ticking exercise into meaningful behaviour change. Their refreshingly honest assessment of the "80% compliance myth" and why focusing on business impact rather than personal consequences undermines effectiveness will have security professionals nodding in recognition.Whether you're a CISO struggling with training completion rates, an IT professional tired of being ignored, or someone who's repeatedly clicked "next" through mandatory security modules wondering if there's a better way, this conversation offers practical alternatives to the stale CBT approach that dominates the industry.Tune in for a candid discussion that feels like eavesdropping on three security professionals brainstorming how to fix what's broken in security awareness while acknowledging the realities of human behaviour.3 Key Talking Points:Why Traditional Security Training Fails Everyone Discover the fundamental flaws in conventional security awareness approaches that waste both time and budgets. When Amy reveals that "less than 1% [of IT budgets] is spent on humans" while "95% of incidents are caused by humans," you'll understand why throwing money at technical solutions while neglecting human factors is a losing strategy. Listen for actionable insights on avoiding the compliance trap that leaves organisations vulnerable despite ticking all the regulatory boxes.The McDonald's Approach to Security Awareness Learn why successful security awareness should mirror effective marketing campaigns rather than dreaded annual training sessions. Our experts break down how security teams should adopt McDonald's persistent, multi-channel strategy instead of expecting one-off sessions to change behaviour. You'll gain practical strategies for implementing "security by osmosis" that keeps protective measures visible and top-of-mind without creating training fatigue or resistance.Measuring What Actually Matters Transform how you evaluate security awareness effectiveness with metrics that genuinely reflect improved security. When Jemma dismantles the "80% of people scored 80%" myth, you'll understand why completion rates and phishing test results fail to indicate real security improvements. Listen for concrete guidance on tracking meaningful engagement metrics like security team contact, proactive reporting, and actual incident reduction that demonstrate true cultural change rather than superficial compliance."What a lot of people are doing is security training for compliance, but they're not actually doing anything around the culture. They're hitting the compliance metrics. Brilliant. But the actual culture of the organization is still inherently insecure."- Amy Stokes-Waters, on the difference between compliance and cultural changeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Budget Reality Check: Learn why organisations spending less than 1% of IT budgets on human factors whilst 95% of incidents are human-caused represents a critical strategic errorBite-sized Learning: Understand why continuous micro-learning beats annual training blocks for better retention and genuine security improvementsMarketing Mindset: Adopt proven principles from successful marketing campaigns to make security awareness omnipresent and effective rather than a dreaded annual chorePersonalisation Power: Discover how offering people choices in how they learn dramatically increases engagement and knowledge retention across diverse workforcesRole-Based Approach: Implement targeted security training for different departments (developers, finance, executives) that addresses their specific risk profilesPhishing Test Pitfalls: Recognise how traditional phishing simulations may inadvertently discourage collaboration and reporting – exactly the behaviours good security requiresMeaningful Metrics: Shift from completion statistics to tracking genuine engagement indicators like security team contact and incident reduction ratesSecurity Champions Network: Identify and nurture internal advocates who can amplify security messaging and create positive peer influencePersonal Relevance: Transform employee apathy by connecting security practices to personal benefits rather than abstract organisational consequencesCulture Over Compliance: Build genuine security culture that withstands evolving threats rather than merely satisfying point-in-time compliance requirementsMobile-first Training: Engage the "TikTok generation" with security awareness delivered through the devices and formats they already preferOther episodes you'll enjoySecurity vs Privacy: The Ethics of Data CollectionYouTube: https://youtu.be/iIRv0qVXmWM&nbsp;Spotify: https://open.spotify.com/episode/0wbWKF9zyxkHMY5kKMZyx5&nbsp;The Business of Biometrics: Data Protection and Ethical Standards in Cyber SecurityYouTube: https://youtu.be/eWfRalOk0E8&nbsp;Spotify: https://open.spotify.com/episode/1QJPHcVRkKIIht3zsJWqWq&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYouTube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.In this brilliantly unfiltered episode, we're joined by security professionals Iain Pye and Chris Dawson for a no-holds-barred discussion about security measures that cross the line from prudent to preposterous. From biometric authentication dilemmas to the maddening theatre of airport security, our experts dissect the fine balance between protecting assets and actually getting things done.Listen as Chris and Iain lock horns on what constitutes "reasonable" security, with Chris arguing for Fort Knox-level protection while Iain advocates for practicality, whilst your host Jim attempts to referee. Their real-world examples of security absurdity, including trapping thieves in revolving doors and putting warning signs in car parks, will have you nodding in recognition or shaking your head in disbelief.Whether you're a battle-scarred security professional or maybe just someone who's stood impatiently in endless security queues wondering why your belt buckle is suddenly a threat to national security, this conversation offers both genuine insight and proper laughs about the sometimes bizarre world of overzealous security controls.Tune in for a refreshingly honest chat that feels like overhearing three security experts having a pint down the pub whilst debating the madness that sometimes defines our industry.3 Key Talking Points:The Security vs Practicality TightropeListen as our experts dissect the eternal balancing act between locked-down security and business functionality. When Chris boldly claims he'd implement "seven layers of security" for critical infrastructure while Iain argues for practicality, you'll gain valuable perspective on finding that sweet spot where protection doesn't become paralysis.The Psychology Behind Security ResistanceDiscover why people willingly hand over biometric data to tech giants yet baulk at the same requests from employers. Our conversation uncovers the fascinating psychological disconnect between consumer and corporate security acceptance, offering insights you can apply immediately to your own security implementation strategies.Beyond Bureaucracy: When Risk Management Goes WrongExperience the painful yet hilarious reality of security bureaucracy gone mad, from needless warning signs in car parks to the absurdity of airport security theatre. You'll leave with a clearer understanding of how to champion meaningful security measures while avoiding the trap of controls that exist merely to tick compliance boxes."Information security professionals the world over, in various different cultures and various different parts of the world have had the words echoing through the halls: ‘Isn't that a bit much?’"- James Rees, Razorthorn SecurityListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Finding the Balance: Discover how to navigate the tension between robust security measures and practical business operations without alienating your colleaguesBiometric Backlash: Understand why people readily surrender their biometrics to tech giants but resist providing the same data to employersSecurity Theatre: Learn to identify when security measures serve more as performance than protection, particularly in public spaces like airportsRisk Management Revelations: Gain insights into creating meaningful risk assessments that protect assets without drowning in needless bureaucracyHuman Behaviour: Recognise how "laziness" and resistance to security controls might actually signal poorly designed systems rather than difficult usersSecurity Culture: Explore how organisational risk culture directly impacts the effectiveness and acceptance of security measuresPhysical vs Digital Controls: Compare approaches to security across both physical spaces (like data centres) and digital environmentsProportionate Response: Develop strategies for implementing security controls that match the actual threat level without overengineering solutionsCompliance vs Security: Distinguish between controls that genuinely protect your organisation and those that merely tick regulatory boxesSecurity Stakeholder Management: Master the art of communicating security needs to business leaders without being dismissed as "overzealous"Other episodes you'll enjoySecurity vs Privacy: The Ethics of Data CollectionYouTube: https://youtu.be/iIRv0qVXmWM&nbsp;Spotify: https://open.spotify.com/episode/0wbWKF9zyxkHMY5kKMZyx5&nbsp;The Business of Biometrics: Data Protection and Ethical Standards in Cyber SecurityYouTube: https://youtu.be/eWfRalOk0E8&nbsp;Spotify: https://open.spotify.com/episode/1QJPHcVRkKIIht3zsJWqWq&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYouTube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

How can overcoming personal adversity lead to a successful career in cybersecurity?Welcome to Razorwire, the podcast that delves into the world of cybersecurity by sharing the journeys of its most inspiring figures.&nbsp;Join us for a truly heartwarming episode as we welcome Jemma, the brilliant mind behind CultureGem and a passionate champion for security behaviour and culture. Jemma's incredible journey - from surviving homelessness to becoming a respected voice in InfoSec - reminds us how our different paths can bring richness and depth to our industry.Jemma shares her powerful story and gives fresh perspectives on the human side of cybersecurity, why accessibility matters in learning and the reason technical solutions alone will never be enough. We discuss the changing face of InfoSec culture, the eyebrow-raising phenomenon of "cyberlebrities", and how we might better spend our security budgets to protect the people who matter most.Whether you're a seasoned professional or just starting your InfoSec journey, you'll find wisdom in Jemma's approach to making security concepts meaningful for everyone - from corporate executives to her beloved nan.Tune in for a conversation that, for me, genuinely felt like catching up with a friend at the pub, whilst challenging us all to think differently about creating a more inclusive approach to security.3 Key Talking Points:The Human Element of CybersecurityLearn why organisations allocate less than 1% of security budgets to human factors despite 97% of incidents being attributed to human error. Jemma explains how addressing this disconnect creates stronger security cultures and reduces vulnerabilities.Accessibility as a Security ImperativeDiscover how CultureGem's accessible learning approach removes barriers to understanding security concepts. Jemma demonstrates why making security comprehensible to everyone isn't just inclusive - it's fundamental to effective protection.The Evolving InfoSec CommunityGain perspective on industry dynamics from "cyberlebrities" to challenges faced by professionals from non-traditional backgrounds. This discussion gives valuable context for navigating the InfoSec community."If 10% of an IT budget is spent on cyber, which is there or thereabouts, less than 1% is spent on human side of cyber. Yet 97% of incidents are put down to, rightly or wrongly, human error."- Jemma, Founder of CultureGemListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Overcoming Adversity: Learn how navigating difficult circumstances can build transferable skills for an InfoSec career&nbsp;Budget Realignment: Discover why redistributing your security budget towards human factors can address the root cause of 97% of incidents&nbsp;Inclusive Security: Explore how removing barriers to learning strengthens your organisation's overall security posture&nbsp;Employee Engagement: Find out how to move beyond compliance to create genuine security motivation amongst your staff&nbsp;Community Dynamics: Navigate the changing InfoSec landscape and its impact on collaboration and knowledge sharing&nbsp;Diverse Recruitment: Understand the value of hiring security professionals with unconventional backgrounds and experiences&nbsp;Translating Complexity: Learn techniques for explaining security concepts in ways that resonate with non-technical audiences&nbsp;Solution Assessment: Gain insights into evaluating security vendors and avoiding "ambulance chasing" during incidents&nbsp;Combating Bias: Recognise and address behaviours that create barriers for underrepresented groups in security teamsResources MentionedCultureGem - Empowering Small Businesses, Enterprises, and Security Professionals with Adaptive Learning SolutionsThe Cyber Sentinels Handbook – by James Rees&nbsp;OWASP - (Open Web Application Security Project)&nbsp;WannaCry - The 2017 ransomware attack that inspired Jemma's move into cybersecurityOther episodes you'll enjoyMental Health, Organisational Culture &amp; The Human Side of Cybersecurity&nbsp;YouTube: https://youtu.be/k_VVu_bQZXg&nbsp;Spotify: https://open.spotify.com/episode/1h88WI6RlKjF0BQ3ylbnfH?si=1Zqi4lrNSzO-klDQleyEhw&nbsp;Cybersecurity Burnout &amp; Organisational CultureYouTube: https://youtu.be/naUT5jBQE_s&nbsp;Spotify: https://open.spotify.com/episode/2xaF8hTnFR7MfQ0ob9wBu3&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYouTube: Razorthorn SecurityTwitter:&nbsp; @RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

In this latest episode of Razorwire, I sit down with the brilliant Stefania Chaplin to explore the often overlooked yet crucial skill of effective communication in information security.Throughout our conversation, we discuss why communication matters so much in our field, especially during critical moments when tensions run high. Stefania brings her trademark enthusiasm and wealth of experience to highlight approaches that work across different contexts, cultures and situations.As our profession has evolved, and particularly when working with colleagues remotely, our approach to communication needs to adapt accordingly. Whether you're just starting out or have been in the trenches for decades, I guarantee you'll take away some valuable insights on a skill that I've found to be just as important as technical expertise throughout my career.3 Key Talking Points:Managing Communication During IncidentsDiscover practical strategies for effective communication during high stress security incidents. Learn how to establish clear communication channels, manage stakeholder expectations and create space for your team to resolve issues without constant interruptions. Stefania shares techniques from her experience, including the importance of creating transparent incident documentation and using mindfulness to maintain clear thinking under pressure.Cross-Cultural Communication in Global TeamsGain insights into navigating the complexities of multicultural teams in information security. With remote work connecting professionals across different time zones and cultural backgrounds, understanding how communication styles vary globally has never been more crucial. Learn how different cultures approach feedback, instructions and hierarchy, drawing from Stefania’s multicultural background and experiences working as a digital nomad.Adapting Your Message to Different Audiences&nbsp;Master the art of tailoring your security communication for different stakeholders. Whether you're speaking with developers who need technical details or executives who need the headlines, find out how to switch hats effectively. This practical knowledge will help you build credibility with technical teams whilst ensuring leadership understands the key security messages they need for decision-making."What happens when you have a cybersecurity incident and you're working in a global organisation with employees from all different countries and cultures in a very high stress environment? In those moments, communication really matters." Stefania ChaplinListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Incident Clarity - Transform your incident response with effective communication strategies for high stress scenariosGlobal Trust - Build trust across global teams by understanding cultural communication differencesStakeholder Speak - Tailor your security messaging for maximum impact with different stakeholdersFocus Shield - Protect your technical team from distractions during critical incidentsPre-Crisis Planning – Advice on creating communication plans before incidents occur to reduce chaos when they happenMental Control – Learn breathing techniques to maintain clarity during high pressure security eventsRemote Mastery - Navigate the complexities of remote teams across different time zonesImage Repair – How to break the "security is the bad guy" stereotype through better communicationTechnical Translation – How to adapt your technical language for different audiences without losing credibilityPractice Pressure - Learn from war-gaming exercises to improve your team's communication under pressureToxicity Management – How to recognise and handle toxic communication patterns in the workplaceFeedback Loop - Implement feedback mechanisms to continuously improve your communication styleResources MentionedEffective Communication in Tech - Stefania's project focused on communication skills for technical professionals (effectivecommunicationintech.com)DevStefOps - Stefania's personal websiteThe Culture Map – by Erin Meyer, on multicultural communication in business settingsNever Split the Difference - by Chris Voss, on negotiation techniquesBox Breathing Technique - a stress management tool to use during incidentsGitLab's Incident Response Guide - an example of transparent incident communicationThe Cyber Sentinels Handbook – by James Rees&nbsp;Neuro-Linguistic Programming - a communication frameworkMyers-Briggs Type Indicator - a personality assessment toolMeet our guestStefania ChaplinStefania’s (aka DevStefOps) experience as a Solutions Architect within DevSecOps, Security Awareness and Software Supply Chain Management means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting and automating processes and creating integrations. She is a member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants.Other episodes you'll enjoyMental Health, Organisational Culture &amp; The Human Side of Cybersecurity YouTube: https://youtu.be/k_VVu_bQZXg&nbsp;Spotify: https://open.spotify.com/episode/1h88WI6RlKjF0BQ3ylbnfH?si=1Zqi4lrNSzO-klDQleyEhw&nbsp;The Art of Cyber Deception: How To Get Inside The Mind of A Hacker YouTube: https://youtu.be/r_n275AsK8c&nbsp;Spotify: https://open.spotify.com/episode/3GMSIXpbexPBqH2Rb92PNi?si=TCCxuTo-QeeMALLyHomwtg&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYouTube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite:...

In our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks.We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams. Nick shares eye-opening real-world examples that illustrate the hidden vulnerabilities present in even seemingly secure environments.We cover how organisations can gain continuous visibility of their assets, extend security monitoring to third party suppliers and build a security culture that protects customer data effectively.A must-listen for security professionals seeking practical advice on protecting against modern cyber threats.Key Talking Points:Attack Surface Velocity: Learn how attackers can discover vulnerabilities within just hours instead of weeks, and how Censys's daily internet scanning helps organisations keep pace with this alarming speed. Nick talks about the mechanics behind this acceleration and what it means for your security strategy.Supply Chain Security: Discover the hidden risks in your vendor ecosystem through Nick's shocking real-world example of compromised medical equipment. This is a key example on why monitoring your suppliers' security posture is just as crucial as your own.Beyond Compliance: Understand why building a genuine security culture trumps mere regulatory compliance. Nick and I discuss practical approaches to embedding security consciousness throughout your organisation, from the C-suite to frontline staff.Gain practical insights that will help you better defend your organisation. This conversation goes beyond theoretical concepts to deliver actionable security wisdom you can implement immediately."If you are looking at your external attack surface any less than daily, you're missing a trick. It has to be scanned at least daily, preferably in real time."&nbsp;-Nick Palmer, CensysIn this episode, we covered the following topics:● &nbsp; &nbsp; Attack Surface Management: Learn how to identify and manage your organisation's vulnerabilities to prevent cyber attacks.● &nbsp; &nbsp; Evolution of IT and Security: Gain historical perspective on how security challenges have evolved to better prepare for future threats.● &nbsp; &nbsp; Supply Chain Security: Discover techniques to protect your business from vulnerabilities introduced by third-party suppliers.● &nbsp; &nbsp; Legislation and Compliance: Understand how to navigate new regulations like DORA to avoid penalties and legal consequences.● &nbsp; &nbsp; Phishing Defence: Master strategies to protect your organisation from increasingly sophisticated social engineering attacks.● &nbsp; &nbsp; Rapid Response: Learn why and how to accelerate your security monitoring to match attackers' discovery capabilities.● &nbsp; &nbsp; Cloud Security: Acquire practical approaches to securing cloud and virtual environments against emerging threats.● &nbsp; &nbsp; Building Security Culture: Develop effective methods to embed security awareness throughout your organisation.● &nbsp; &nbsp; Continuous Monitoring: Implement cost-effective techniques for ongoing attack surface visibility to catch vulnerabilities before attackers do.● &nbsp; &nbsp; Security Tooling: Explore the latest technological innovations that can strengthen your security posture and response capabilities.Resources MentionedCensysBlack HatCyber Sentinels HandbookZMapChainalysisSWIFT networkDigitalOceanHerokuConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYouTube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

In this episode of Razorwire, we’re looking into the contentious realm of AI and data privacy. This week, I’m joined by Amy Stokes Waters, CEO of The Cyber Escape Room Company, and Ryan Mangan, a chartered IT professional and Microsoft MVP, to explore the ethical implications of feeding our personal data into AI systems.Join our discussion on recent controversies, including Adobe's T&amp;C changes and Clearview's facial recognition technology, while questioning who truly benefits from AI data collection. We debate the balance between technological advancement and personal privacy rights, highlighting the disparities in how different organisations handle consent and transparency.From medical research to creative rights, this episode addresses how AI development is outpacing both regulatory frameworks and organisational policies. As businesses increasingly rely on AI-powered tools, what safeguards should we demand, and how much of our digital footprint are we willing to sacrifice?3 Key Talking Points:The Opt-Out Illusion: Discover how major tech companies are quietly changing their terms of service to automatically opt users into AI training programmes using your data. We reveal the hidden challenges of truly removing your information once it's been absorbed into AI systems and what this means for your digital privacy.&nbsp;Policy vs. Protection Gap: Learn why most organisations lack proper AI usage policies, leaving customer data vulnerable. Our experts discuss how even well-intentioned employees are likely uploading confidential information to ChatGPT without realising the risks and what safeguards businesses should implement immediately.&nbsp;The Jurisdictional Minefield: Understand the complex legal landscape where regulations like GDPR and HIPAA struggle to keep pace with AI development. Our conversation explores the dangerous territory of international data jurisdiction and how conflicting regulations create loopholes that affect your privacy rights."I think it's really positive that actually these things are coming out and that there are court cases and legal action being taken against companies who are using data without consent." Amy Stokes WatersListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Spot stealth data collection – Identify how companies like Adobe and LinkedIn are changing their terms of service to automatically opt you into AI training programmesProtect your creative work - Understand the risks to your intellectual property when uploading content to cloud services with AI featuresNavigate consent manipulation - Recognise the tactics used to hide opt-out options and how to find themSafeguard sensitive information - Prevent employees from inadvertently exposing confidential data through ChatGPT and similar toolsUnderstand data sanitisation - Learn what proper data anonymisation actually means and why it matters for your privacyBalance innovation with privacy - Discover how organisations can ethically use AI for advancements in healthcare while protecting personal dataCreate effective AI policies - Develop clear guidelines for your business on appropriate AI usage before data breaches occurRecognise AI's limitations - Identify when AI might present biased or false information, particularly in specialised fields like lawPrepare for international data conflicts - Navigate the complex landscape of competing regulatory frameworks affecting your data (GDPR, HIPAA, etc.)Anticipate future privacy challenges - Get ahead of emerging concerns as AI technology continues outpacing regulatory frameworksResources MentionedThe Cyber Escape Room Co - A business led by Amy Stokes Waters that creates cybersecurity-focused escape roomEther Assist - Ryan Mangan's AI platform designed specifically for IT professionals and security teams, providing technical assistance and support.OFFS Events - A conference series organised by Amy that hosts cybersecurity events in South Africa and the UK.The Cyber Sentinels Handbook – written by James Rees and described as "a primer for information security professionals", aimed at practitioners at all career stages, from beginners to experienced professionals.CoStar - A framework for creating effective AI prompts that helps users structure their queries with context, style, and other parameters to get better results from AI systems.Adobe's Terms of Service AI Training ControversyClearview AI Dutch Data Protection FineMicrosoft Graph Security InformationLinkedIn AI Training Suspension After ICO ConcernsSlack's AI Features and Data CollectionModel Autophagy Disorder (MAD) in AICreating Effective AI Usage PoliciesMeet our guestsAmy Stoke-WatersAmy has a decade of experience in sales and marketing and now acts as CEO at The Cyber Escape Room Co and CCO at Yellowstone Security. She is a founding member of RINA's Maritime Cyber Security Task Force and an active advocate for gender diversity in the industry. As a regular guest on podcasts and panels, Amy talks on a variety of topics including security culture and awareness, personal branding, and women in tech.Ryan ManganRyan Mangan is the CEO of EfficientEther Ltd, a Microsoft Startup focused on AI-driven IT solutions and cloud cost management. With a strong background in managed services, Ryan previously founded and led Systech IT Solutions, building successful technology businesses focused on Managed Services. A Microsoft MVP and Chartered Fellow of the British Computer Society (FBCS CITP), he is a recognised industry expert, author, and public speaker. Ryan is also an Editorial Advisory Board member for TechTarget, contributing to thought leadership in enterprise IT. His work has been featured in publications such as Computer Weekly, TechTarget, and BCS IT Now, and he regularly speaks at industry events, sharing insights on AI, cloud, and other IT topics.Other episodes you'll enjoyHumans vs AI: Building a Security Culture That Actually WorksYouTube: https://youtu.be/SNcpKrsWniYSpotify: https://open.spotify.com/episode/53PxszWM34ZrpA9EnSHuJf&nbsp;Hacking Cybersecurity Training: Escape Rooms &amp; Entrepreneurial Thinking with Amy Stokes-WatersYouTube: https://youtu.be/dpn8N4xfojA Spotify: https://open.spotify.com/episode/5TWqagRzQdKZDQIxRjDOaP&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their...

Our latest episode brings in security expert Iain Pye, who shares military tales with me, your host James Rees, about what really happens when everything goes wrong. We get stuck into the nitty-gritty of incident response - the sleepless nights, the pressure from executives, and how to keep your team going when they're running on fumes.&nbsp;From ransomware attacks to system meltdowns, we chat about war games and escape room scenarios, exploring how organisations can build proper resilience rather than just ticking compliance boxes. We dig into why most incident response plans gather dust in drawers and what happens when you actually need to use them. Ian brings a refreshing military perspective to corporate incident management, showing how battlefield experience translates surprisingly well to handling information security crises.&nbsp;Whether you're dealing with compromised systems or insider threats, this episode packs practical wisdom for those moments when everything falls apart.3 Key Talking Points and Reasons to Listen:Building Resilience Through War Games: Discover why military-style drills and wargaming are crucial for effective incident response. Iain and I explore how regular team exercises - from realistic ransomware scenarios to creative "zombie apocalypse" simulations - help build the muscle memory and team dynamics needed when real crises hit. We share practical examples of how to run these exercises effectively.Managing Team Stress in a Crisis: Learn the critical importance of managing your team during long running incidents. We break down the practical aspects often overlooked in incident response plans - from implementing proper shift patterns to ensuring your team stays fed, rested and functional during multi day crises. Find out why pushing your team to exhaustion is a recipe for disaster.Turning Incidents into Improvements: Understand why post-incident analysis is where the real value lies. We discuss how to turn incident learnings into actionable improvements, including how to leverage serious incidents to secure necessary budget improvements. Learn why the "five whys" methodology is essential for preventing future incidents and strengthening your security posture.On building muscle memory through repeated training:&nbsp;"It's drills essentially. It’s doing the same thing over and over again and having that natural reaction. So you train your body - your mind, essentially - so if the proverbial poo does hit the fan,&nbsp; you can react in the right way and in accordance with what your SOPs [Standard Operating Procedures] might be."Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Military Training for Incident Response: Learn how military-style drills can transform your team's ability to handle high-pressure security incidents with confidence and precision.Importance of Incident Response in Infosec:&nbsp;Master the essential skill of incident response and protect your organisation from data breaches and ransomware attacks effectively.Human Reactions to Emergencies:&nbsp;Discover practical techniques to keep your team calm and focused when emergencies strike, avoiding costly panic-driven mistakes.Role of Team Trust: Build unshakeable team trust that enables swift, coordinated responses during critical incidents.Communication During Incidents: Develop clear communication strategies that keep stakeholders informed and confident during crisis situations.War Games for Preparation: Create engaging war games and scenarios that prepare your team for real world incidents while building stronger team dynamics.Impact of Incident Stress on Teams: Protect your team from burnout during long-running incidents with proven strategies for managing stress and fatigue.Lessons Learned Post-Incident: Turn every incident into an opportunity for improvement by conducting effective post-incident reviews that actually strengthen your security.Importance of Documentation and Reporting: Create documentation and reports that drive real change and secure essential resources for your security programme.Scenario Planning for Various Risks: Build comprehensive scenario plans that prepare your organisation for any crisis, from common incidents to worst case scenarios.Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025

Welcome back to Razorwire! I'm your host, Jim, and in this second part of our CISO Dilemmas series, we welcome back security experts Oliver Rochford and Richard Cassidy. Moving beyond the challenges covered in part one, this episode explores the rewarding aspects of the role while taking a frank look at the ethical issues security leaders regularly face. The guests share personal experiences and practical actions for transitioning from technical expertise to strategic leadership, building effective teams and managing relationships across the business.&nbsp;As regulations tighten and cyber threats evolve, we talk about how the CISO position has grown far beyond its IT roots to become a complex executive role requiring business knowledge, political savvy and strong moral judgement.&nbsp;This conversation offers a valuable perspective on where the role is heading and what it takes to succeed. Stay til the end for our predictions about how the CISO position will transform over the next five years as organisations grapple with AI, automation and increasing regulatory scrutiny.We’re talking about:The CISO Role Beyond TechnologyLearn how modern security leaders are shifting from pure technical expertise to become strategic business enablers. Richard and Oliver share some great insights about balancing technical knowledge with leadership skills, and explain why successful CISOs need to master communication, relationship-building and business strategy alongside their security expertise.Navigating Ethical ChallengesGet an insider's perspective on the ethical decisions that CISOs face, from breach disclosures to managing surveillance requests. Using some real world examples from Oliver and Richard, we talk about how security leaders can maintain their integrity while balancing business interests, regulatory requirements and moral obligations.Building Future-Ready Security TeamsDiscover practical approaches to developing high performing security teams in an era of rapid change. The conversation offers actionable guidance on mentoring new talent, improving resilience and creating a positive security culture - essential knowledge for both current leaders and those aspiring to senior&nbsp;This episode is packed with practical advice and forward-looking perspectives that every cybersecurity professional can benefit from.&nbsp;"CISOs often face ethical dilemmas... 52% of CISOs reported that they've faced situations where they felt pressured to compromise ethical standards for business interests. In cybersecurity, the hardest decisions aren't technical - they're ethical."&nbsp;Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Role Definition of the CISO: Learn how to navigate different stakeholder expectations and position yourself effectively as a CISO.Transformational Changes: Gain insights on transitioning from technical expert to strategic business leader.Key Skills for CISOs: Master the essential skills that make modern CISOs successful—from boardroom communication to risk management.Ethical Dilemmas: Handle ethical challenges confidently with real-world strategies from experienced security leaders.Regulatory and Legal Knowledge: Build your knowledge of global security regulations and protect yourself from personal liability.Leadership Impact: Develop leadership techniques that inspire and retain top security talent.Collaboration and Communication: Improve your influence across the organisation through proven communication approaches.Future of CISO Role: Prepare for the future of security leadership and upcoming industry changes.Incident Response and Crisis Management: Build effective incident response capabilities and crisis management skills.Positive Aspects of Being a CISO: Discover what makes the CISO role uniquely rewarding and how to find personal satisfaction in security leadership.Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity—from seasoned professionals with years of experience, triumphs and lessons learnt under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Surviving and Thriving in the 2025 Cybersecurity Landscape: Predictions and StrategiesWelcome back to Razorwire! Join me, Jim, as we forecast the major trends and changes for 2025 that are set to reshape the cybersecurity industry. Joining me are cyber veterans and regular guests Oliver Rochford and Richard Cassidy.As cybersecurity becomes increasingly complex and critical to business operations, understanding what lies ahead can provide an invaluable edge. In this episode, Richard, Oliver and I break down our predictions for 2025, focusing on market consolidation, the evolution of AI in security and the ever-tightening grip of global regulations. From the rising costs of consultancy services to the rapid proliferation of security technologies, we've got you covered. We'll also take a look into the potential rise of AI-powered hacktivism and what it means for organisations worldwide.&nbsp;Key Takeaways:Strategic Investment Planning for 2025&nbsp;- Get expert insights on why vendor consolidation may not be the answer and learn practical approaches to evaluating emerging security technologies against established solutions while managing rising costs.Practical Regulatory Compliance Tactics&nbsp;- Discover how organisations are using AI to efficiently manage overlapping regulations, with actionable strategies for meeting multiple regulatory requirements without duplicating effort.Future-Proofing Your Security Strategy&nbsp;- Learn how the threat landscape is evolving with politically motivated insiders, how organisations are using behavioural analysis in security and what AI can realistically do for security operations in 2025.From understanding emerging markets to decoding regulatory complexities, this episode offers critical insights to arm you for the future. Don’t miss out on these expert predictions and actionable advice!Consolidation of Regulation:&nbsp;"A group of CISOs wrote to the G20 summit, the OECD member states, writing a letter crying out for some level of sanity on regulatory releases because it's just getting to the point where businesses are struggling."Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we’re talking about:● Consolidation of the Cyber Security Market Learn how to evaluate whether vendor consolidation makes sense for your organisation and identify which emerging technologies could add value to your security programme.● AI in Security Operations Understand the practical applications of AI in security versus future possibilities, helping you make informed decisions about AI investment and implementation.● Regulation Complexity Discover strategies for efficiently managing overlapping regulations and learn how other organisations are successfully navigating complex compliance requirements.● Quantum Encryption Learn about forthcoming quantum encryption products and how to start preparing your organisation's encryption infrastructure for quantum resilience.● AI Enabled Activism Understand how autonomous AI systems could be used in cyber campaigns and what defensive measures you should consider implementing.● Increased Costs and Market Changes Get practical advice on managing rising security costs and maintaining effective security despite budget pressures.● Vendor Pricing and Economic Pressures Learn negotiation strategies for vendor relationships and how to evaluate the true value of security investments in today's economic climate.● Insider Threat Intelligence Explore new approaches to behavioural analysis and risk profiling that can enhance your insider threat programme while maintaining privacy considerations.● Future Threat Landscape Understand emerging threat actor motivations and behaviours to better prepare your organisation's defensive strategy.● Technology for Regulatory Compliance Learn how to leverage AI and automation to streamline regulatory compliance while improving operational efficiency.Resources MentionedDORAGartnerOECDNIS 2PCI DSSHIPAACyber EssentialsISOPIPLCCPAGDPRThree Mile IslandJournal of Psychological Research in CyberspaceJournal of Strategic SecurityTaylor and Francis OnlinePopular MechanicsNeuralinkRubrikCrowdStrikePalo AltoFortinetOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating here<p...

Ever wonder how to get the most out of your cybersecurity budget without leaving your company vulnerable?Hey there, it’s Jim from Razorwire! In this episode, I sit down with cybersecurity pros Chris Dawson and Iain Pye to chat about smart spending when it comes to your cybersecurity budget. Whether you’re a big enterprise with a hefty budget or a small business wanting maximum impact on a small budget, we’ve got some actionable insights for you.In this episode, we tackle one of the industry's most pressing challenges—how organisations allocate and manage their cybersecurity spending. Together with Chris and Iain, we examine the complex relationship between IT departments and security teams competing for resources, exploring perspectives from startups making their first security investments through to enterprises managing substantial security budgets.Drawing on our collective experience, we challenge conventional wisdom about security investment and explore whether current approaches truly serve organisations effectively. Through real-world examples and hard-earned lessons, we examine why traditional approaches often fall short and propose fresh perspectives on security strategy. Our debate around tools versus talent—and occasional heated disagreements—gives you multiple battle-tested perspectives to help shape your own security investment strategy, whether you're just starting out or running an enterprise security programme.Key Talking Points&nbsp;Get More Bang for Your Security Buck - Learn how successful organisations are stretching their security budgets by intelligently balancing people, tools and training - so you can stop wasting money on solutions that don't deliverBuild Security That Sticks - Discover how to create a security programme that works for your whole business, not just IT, with proven approaches that align security spending to genuine business risksSmart Security on a Budget - Get practical insights on maximising security with minimal spend, from leveraging free tools effectively to knowing when (and how) to bring in expert helpTune in to Razorwire for these tips and more, and start making your cybersecurity budget work harder for you, not the other way around!Decentralised Security Budgeting:&nbsp;"Security doesn't need to be expensive. It just needs to be effective, and there's a million different ways to handle security in a million different organisations."Jim ReesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, learn how to:●&nbsp; &nbsp; &nbsp; Scale Security for Your Company Size: Implement the right cybersecurity strategy whether you're running a small business or large corporation.●&nbsp; &nbsp; &nbsp; Balance Your Security Investment: Make informed decisions between hiring security personnel or investing in software tools when working with limited resources.●&nbsp; &nbsp; &nbsp; Measure Security ROI: Effectively demonstrate and track the business value of your cybersecurity investments.●&nbsp; &nbsp; &nbsp; Choose Security Partners: Select and evaluate third party security providers that match your organisation's needs and budget.●&nbsp; &nbsp; &nbsp; Implement Continuous Security Testing: Set up a continuous penetration testing programme using global resources to maintain strong security.●&nbsp; &nbsp; &nbsp; Build a Security-Aware Culture: Create and run effective security awareness programmes that actually reduce organisational risk.●&nbsp; &nbsp; &nbsp; Structure Your Security Budget: Establish and manage a dedicated security budget separate from IT spending.●&nbsp; &nbsp; &nbsp; Unify Physical and Digital Security: Create a cohesive security strategy that bridges physical and IT security measures.●&nbsp; &nbsp; &nbsp; Access Expert Security Guidance: Leverage consulting services to get CISO-level expertise without the full time cost.●&nbsp; &nbsp; &nbsp; Optimise Security Tools: Combine open source and paid security solutions to maximise protection on a limited budget.Resources MentionedThe Cyber Sentinel's Handbook: A Primer for Information and Security Professionals by James ReesISO 27001/27002PCI DSSGDPRDORAHIPAAEU Cybersecurity Certification SchemeOpenVASGreenboneConnect with your host. James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity—from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Join us for part one of our two-part series examining the world of Chief Information Security Officers. This episode welcomes back Richard Cassidy, Field CISO at Rubrik, and Oliver Rochford, former Gartner analyst and founder of Cyberfuturist. This episode offers insights that will give you insight into what makes security leadership successful - and what can lead to failure.Through real world experiences and practical examples, we explore where CISOs best fit in modern organisations, proven approaches for communicating risk to boards and how to handle increasing personal accountability under new regulations. Our guests share hard won lessons from building security programmes across different business cultures, revealing what works and what doesn't. We also examine why CISO tenures average just 18-24 months, and identify the changes needed to make the role sustainable.As cybersecurity becomes a pivotal aspect of business operations, the significance of CISO roles continues to grow - and so do the challenges. From justifying cybersecurity budgets to handling personal accountability for breaches, we take a look at the complexities and evolving duties of today's CISOs.&nbsp;For security professionals, this discussion will help you prepare for senior leadership. For current CISOs, you'll gain strategies for navigating common challenges. And for business leaders, you'll learn how to better support and work with your security teams to protect your organisation effectively.Key Talking Points:The role and responsibilities of modern CISOs - understand how the Chief Information Security Officer position has transformed from a technical IT role into a complex business leadership position that spans multiple organisational functions&nbsp;Reporting structures and organisational challenges - discover how different reporting relationships (to CEO, CIO, CFO, etc.) impact a CISO's effectiveness and ability to implement security programmes across the business&nbsp;The personal and professional costs of being a CISO - learn about the realities and challenges that CISOs face, from stress and burnout to reputation management and legal liability, providing valuable insights for those considering or currently in the roleDon't miss out on this deep dive into the cost, both personal and professional, of being a Chief Information Security Officer.Evolving Role of the CISO:&nbsp;“A CISO today is essentially a senior executive that is responsible for designing, implementing, and overseeing any organisation's cybersecurity strategy... But it has significantly evolved from what used to be the old IT security director from simply managing technical security operations to actually acting as a key business partner... balancing risk and compliance and security whilst, and this is the hard part, aligning with organisational goals.”Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Learn proven approaches for justifying security investments - Discover how to effectively demonstrate the value of preventative security measures and build compelling business cases for cybersecurity budgets&nbsp;Master the language of business risk - Learn how to translate complex cyber risks into clear financial, operational, reputational and regulatory impacts that resonate with senior leaders&nbsp;Navigate the new regulatory landscape - Understand how recent regulations like the SEC Cybersecurity Disclosure Rule affect your accountability and what this means for your role&nbsp;Secure board-level investment - Learn strategies for overcoming common challenges when seeking security funding and how to build persuasive investment cases&nbsp;Manage professional pressures effectively - Gain practical insights into handling accountability demands whilst avoiding burnout in high pressure security leadership roles&nbsp;Balance competing demands successfully - Learn from experienced CISOs about managing the 24/7 nature of the role whilst maintaining personal wellbeing&nbsp;Communicate security risks effectively - Master techniques for explaining complex security concepts in ways business stakeholders truly understand and act upon&nbsp;Adapt your approach for different organisations - Learn how security attitudes and approaches vary across small, medium and large businesses, and how to adjust your strategy accordingly&nbsp;Navigate organisational politics successfully - Understand how reporting structures and internal dynamics affect security programmes and learn how to operate effectively within them&nbsp;Prepare for future challenges - Get ahead of how AI and evolving regulations will reshape the CISO role and what this means for your career developmentConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

As AI reshapes cybersecurity threats, understanding how scams are evolving has never been more critical.Welcome to Razorwire. I'm Jim, and today I'm talking with Noora Ahmed-Moshe, VP of Strategy and Operations at Hoxhunt. We'll explore how AI is transforming cybersecurity threats and what that means for protecting ourselves and our organisations.We discuss how traditional scams have changed with AI technology and look at why phishing remains a persistent problem, along with practical ways to make security training more effective. Noora explains her approach to combining smart technology with human awareness and why building a supportive security culture works better than focusing on mistakes. Join us to gain insights into today's cyber threats and take away actionable tips for how organisations can better prepare their teams.3 Key Talking Points:AI-Enhanced Phishing Techniques: Discover how AI, including tools like ChatGPT, has drastically increased the volume and sophistication of phishing emails, making them harder to detect and more culturally nuanced.Positive Reinforcement in Training: Learn why a supportive, non-punitive approach to security awareness training—using gamification and rewards—can lead to better internalisation of security practices among employees.Deepfake Challenges: Understand the emerging threats posed by deepfake technology, particularly in a remote work environment, and how organisations can adapt their security measures to validate identities effectively.Tune in to this vital discussion to stay ahead of cyber threats and foster a culture of security within your organisation.Motivating Through Gamification:&nbsp;"It is about motivating people and how you do that. And that's why at Hoxhunt, when we do our training, for example, in terms of social engineering attacks, we reward people anytime they report something. Then they're on a leaderboard, and it's all gamified. So it gives people this real sense of engagement, and that makes it positive."Noora Ahmed-MosheListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Power up your security training: Learn how to structure effective security training programmes that actually prevent data breaches, based on real-world examples of what works and what doesn't.Master the scammer’s playbook: Understand why "too good to be true" scams continue to succeed by exploring their evolution from the Love Bug virus to modern day frauds, helping you spot timeless patterns in social engineering.Outsmart AI-powered threats: Discover how AI is transforming phishing attempts with sophisticated language and cultural awareness and learn what makes these new attacks so challenging for staff to detect.Stay ahead of QR code attacks: Get ahead of emerging threats by understanding how criminals are exploiting QR codes in innovative ways and learn how to spot these often-overlooked security risks.Unlock human security potential: Understand why human behaviour is at the heart of most security breaches and learn practical ways to address these vulnerabilities in your organisation.Build a confident security culture: Discover why leading organisations are moving away from fear-based security cultures and learn how to create an environment where staff feel confident reporting potential incidents.Harness the power of psychology: Learn how behavioural science principles can transform your security awareness programme, with practical insights into how to offer positive reinforcement.Maximise security engagement: Explore successful examples of how organisations are using gamification and rewards to motivate staff, with practical tips you can apply to your own security programme.Tackle the deepfake challenge: Prepare for the future by understanding how deepfake technology is creating new authentication challenges, particularly for remote teams, and learn how organisations are adapting.Future-proof your training: Gain insights into creating adaptable security training that evolves with technology while meeting diverse employee needs, helping you build a more resilient security culture.Resources MentionedSecurity Threats and ToolsHoxhunt’s Security Awareness TrainingLove Bug virus (early 2000s)Y2K preparedness systemsAntivirus software and firewalls (early countermeasures)Statistics and Data4,151% rise in malicious emails since ChatGPT launch68% of breaches start with a human element80-90% of human-related breaches begin with phishingAverage cost of a breach was approximately $4.76 million USD last year69% of people deliberately bypass their company's security guidanceAttack MethodsQR code scams, particularly in parking spots and car charging stationsPackage delivery scamsRansomware-as-a-service available on dark webSocial engineering attacks targeting healthcare companiesTraining ToolsHoxhunt's gamified security training platform with leaderboards and reward systemsTraditional CBT (Computer Based Training) systemsPhishing simulationsOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For...

Are layoffs increasing your cybersecurity risk and driving your team to burnout? This episode looks into the psychological underpinnings of infosec to navigate turbulent times at work.Welcome to Razorwire, the podcast that cuts through the complexities of information security with sharp insights and expert discussions. In this episode, I’m joined by Lisa Ventura (MBE), founder of Cybersecurity Unity, and Bec McKeown, a psychologist specialising in high-risk environments. Together, we explore the hidden psychological factors that shape cybersecurity practices and discuss essential strategies to safeguard your organisation.Join us as we discuss the impact of economic layoffs on cybersecurity, the efficacy and ethical concerns surrounding psychological profiling, and the sophisticated tactics employed by malicious actors in today's digital arena. Lisa, Bec, and I also unpack the importance of organisational culture in mitigating human error, the role of mental health in cybersecurity, and how to implement targeted security measures without overwhelming your team. This episode is a must-listen for professionals seeking to understand the human dynamics behind infosec challenges and cultivate a supportive, resilient security culture.3 Key Takeaways:Protect Your Organisation Without Crossing Privacy Lines. Want to strengthen your security approach without relying on controversial psychological profiling? Discover practical, ethical alternatives as Bec McKeown walks you through smarter ways to assess and mitigate insider risks whilst preserving employee trust and privacy.Prevent Data Theft During Company Transitions. Is your organisation facing changes? Learn how to protect your critical assets during turbulent times. Lisa Ventura reveals proven strategies to identify and secure your most valuable data, particularly when your company is experiencing workforce changes or economic pressure.Build a Stronger, More Resilient Security Team. Ready to boost both your security effectiveness AND team morale? Get hands-on techniques from Bec McKeown to create an environment where your security professionals thrive. Walk away with practical steps to reduce burnout, increase psychological safety and build a high-performing team that stays sharp and engaged.Tune in to Razorwire for actionable advice and expert perspectives to fortify your cybersecurity strategy amid challenging times.On Psychological Safety &amp; Blame Culture:"If people are constantly told off for not doing things in the right way, whether that's cybersecurity training or otherwise, they're never gonna fess up to it... if you haven't got that psychological safety within the culture, then these things are probably more likely to happen because it's not in the person's best interest to hold their hand up."Bec McKeown&nbsp;Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Layoff Security Risks: Explore why workforce changes increase data theft risks and why organisations need heightened awareness during these transitions.Beyond Psychological Profiling: Learn more effective and ethical ways to assess security risks without compromising employee privacy - practical alternatives you can implement today.High-Value Target Protection: Understanding why certain roles face increased targeting and need additional security considerations.Maximise Security Training Impact: Transform your training approach with engaging methods that stick - discover how to boost participation while strengthening your security posture.Navigating Return-to-Office Security: Insights into balancing necessary monitoring with employee trust, and why two-way dialogue matters in implementing security measures.Strengthen Your Team's Mental Resilience: Tap into valuable resources from the Mental Health and Cyber Security Foundation and build a supportive environment that keeps your security team performing at their best.Enhance Human Expertise: Balance automation with human insight - learn practical ways to maintain sharp situational awareness whilst leveraging technology effectively.Understanding Security Regulations: Explore how legislation like DORA and certifications like Cyber Essentials are pushing organisations to take security more seriously.Prevent Security Team Burnout: Implement proven strategies to support your infosec professionals and maintain peak team performance through challenging times.The Importance of Security Culture: Why organisational support for security teams matters and how leadership attitudes impact security effectiveness.Resources MentionedCybersecurity Unity: Founded by Lisa Ventura, focusing on cybersecurity awareness and culture change.Mind Science: Founded by Bec McKeown, bringing psychological insights into high-risk industries, including cybersecurity.Mental Health in Cybersecurity Foundation: An organisation addressing burnout and mental health issues in cybersecurity professionals.Cyber Essentials: A certification program for businesses to ensure basic cybersecurity standards.Companies House: A UK government agency that could potentially integrate cybersecurity standards into its registration processes.The FAIR Institute: Although not directly mentioned in this podcast, it is referenced in the context of discussing risk management methodologies in cybersecurity.The FAIR Methodology: Not directly mentioned but relevant to the broader discussion of risk management in cybersecurity.DORA: A regulatory framework that could impact cybersecurity practices in financial institutions and their suppliers in Europe.Other episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTD<a href="http://www.razorthorn.com" rel="noopener noreferrer"...

Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire!Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all.&nbsp;My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures.&nbsp;We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols.Key takeaways:Strengthen Your Third Party Risk ManagementImplement contractual audit rights early in vendor relationshipsDevelop resilience plans for vendor service failuresUnderstand the risks of supply chain dependencies (third parties of third parties)Plan for scenarios where key service providers might fail or be compromisedUnderstand and Mitigate Insider ThreatsIdentify different types of insider threats (accidental, disgruntled employees, corporate espionage)Monitor for behavioural changes and suspicious activity patternsImplement ongoing background checks and security clearance reviewsBalance monitoring with employee privacy and company culture considerationsAddress Modern Security ChallengesEvaluate the cost-benefit trade-offs between in-house and outsourced servicesImplement monitoring solutions that correlate data from multiple sourcesDevelop security strategies that account for both human and technical factorsCreate comprehensive risk assessments that include both internal and external threatsJoin us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences.On the inevitability and scale of third-party breaches:&nbsp;"It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach."&nbsp;Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we discuss:● Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins.● Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities.● Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls.● Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them.● Managing Employee-Related Risks: Develop strategies to identify and address employee dissatisfaction before it becomes a security threat.● Controlling Access Privileges: Implement strict access management protocols to prevent credential misuse and unauthorised access sales.● Managing Supply Chain Security: Build resilience into your supply chain by mapping dependencies and establishing clear liability frameworks.● Implementing Comprehensive Behavioural Monitoring: Deploy systems that analyse multiple data sources (login patterns, email access, data transfers) to identify suspicious user behaviour patterns.● Protecting Against Espionage: Apply updated legal frameworks like the UK National Secrets Act to safeguard intellectual property and sensitive information.● Deploying Dynamic Security Monitoring: Establish continuous monitoring systems for both employees and third parties to detect threats early.Resources Mentioned"The Cyber Sentinel's Handbook" by JimAWS (Amazon Web Services)AzureGCP (Google Cloud Platform)CrowdStrikeUK National Secrets Act (updated 2024)Other episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

How to Optimise Your GRC Tools Improving Value, Efficiency &amp; True Risk ManagementAre your GRC tools really managing risk, or just creating noise?Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity world to deliver actionable insights.&nbsp;I'm your host, Jim, and in this episode, we're discussing the multifaceted challenges and opportunities surrounding Governance, Risk and Compliance (GRC) tools with none other than Jack Jones, creator of the FAIR risk model and a seasoned security professional with nearly 40 years’ experience.In our conversation, Jack and I explore the intricate landscape of GRC tools, questioning their effectiveness in truly managing risk. We talk about the difference between controlling efficiencies and understanding genuine risks, shedding light on the often misleading contents of risk registers.&nbsp;In this episode, you'll learn invaluable insights that could transform how you approach risk management and compliance. From navigating price range vs efficiency, to the idea of developing a more effective and affordable GRC solution, this episode offers a treasure trove of useful takeaways for anyone in the cybersecurity field.&nbsp;Key takeawaysThe Real Cost of GRC Tools: Jack and I discuss the hidden expenses and renewal price hikes associated with existing GRC tools. If you're feeling the financial strain of your current GRC solutions, this segment is a must-listen to understand the true cost and value proposition of these tools.Redefining Risk Management: We talk about the importance of differentiating between real risks and mere efficiencies and how many organisations can get this wrong. Learn how to avoid the ‘noise’ in your risk register to focus on genuine risk scenarios that matter to your business.The Path to Better GRC Solutions: Tune in to hear our thoughts on the pressing need for innovation in GRC tool design. If you're looking for practical, cost effective solutions tailored to meet your risk management needs, you'll want to hear our insights and future plans.Don't miss this conversation that could reshape your perspective on GRC tools and risk management."If I thought the [GRC tool] technology is actually provided anywhere near the value of their potential… if the GRC products and their implementations were actually doing the job they're intended to do, they should cost a lot of money because they would be providing a ton of value." - Jack JonesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cybersecurity Responsibilities Debate: We debate whether cybersecurity should fall under IT or infosec departments.Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it.GRC Tool Costs: Maximising GRC Tool ROI: Gain insights on how to assess and optimise your GRC tool's value proposition through regular utilisation and cost reviews.Identifying GRC Tool Shortcomings: Understand the common pitfalls of popular GRC tools in addressing real world risks, enabling better tool selection and implementation.Proper Risk Register Management: Learn to distinguish between genuine risks and audit deficiencies for more accurate and useful risk registers.Third-Party Risk Management: Learn strategies for effectively managing the challenges posed by third party risks in modern business environments.Effective Risk Communication: Master the art of framing risk discussions around loss event scenarios, for better communication with executives.The Potential of GRC Tools': Recognising the potential of GRC tools to manage complex IT environments and consolidate security data effectively.Ineffective GRC Tools: Exposing how security budgets are heavily consumed by expensive and often inefficient GRC tools, limiting additional security measures.&nbsp;Balancing Security Budgets: Learn to critically evaluate GRC tool costs and effectiveness to ensure balanced allocation of security resources.Resources MentionedThe FAIR modelISO 27001PCI complianceBook: "The Cyber Sentinels Handbook"GRC ToolsOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: https://www.razorthorn.com/Loved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast where I, James Rees, cover the cybersecurity topics that matter with expert guests from across the industry. We aim to help cybersecurity professionals enhance their skills, improve their work performance, and boost their overall quality of life in this demanding field.The illustrious Lisa Ventura, MBE, award winning cyber security specialist and the founder of Cyber Security Unity, joins me in this episode. We talk about the pressing issues that cybersecurity professionals face on a daily basis, from mental health struggles to dealing with industry narcissists.Lisa shares her insights on current industry developments and uses her personal experiences to offer practical advice and knowledge for cybersecurity professionals at all career stages.Join us as we talk about:1. Burnout and Mental Health in Cybersecurity: We talk about the root causes of burnout and mental health issues among cybersecurity professionals, and share practical strategies to protect your wellbeing in a high stress environment.2. Navigating Industry Narcissism: Gain insights on how to identify and handle narcissistic behaviours in the workplace, and work towards a healthier and more supportive professional atmosphere.3. Cyber Skills Gap and Industry Trends: Lisa's shares her thoughts on the role of AI and VC money, and the ongoing challenge of closing the cyber skills gap, especially in smaller organisations.Tune in to Razorwire and empower yourself with the knowledge and resilience essential for thriving in the cybersecurity arena.Lisa on handling narcissists in the workplace:&nbsp;"If it gets too much, I have only one bit of advice. And it's not a good bit of advice to say, and that is to find something new as soon as you possibly can and leave because those individuals will never change."Lisa Ventura, MBEListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Burnout and Mental Health: Discover strategies for managing burnout and maintaining mental health in cybersecurity.Cyber Skills Gap: Learn about the factors contributing to the cyber skills gap and how this can be addressed.Responsibility and Fear: Understand the psychological impact of responsibility and blame in security roles.Budget Reductions and Layoffs: Find out how budget cuts and layoffs are affecting the industry post-pandemic.Handling Narcissistic Individuals: Get practical advice on dealing with narcissistic individuals in the workplace.Infosec Industry Trends: Explore current and future trends in information security, including AI misuse.Legislation and C-Suite Attention: Learn how new legislation is increasing executive-level focus on cybersecurity.Experiences in Infosec: Hear firsthand accounts of dealing with negative behaviours in the industry.Targeting and Narcissism Among Women: Uncover insights on targeting and hypocrisy, even among diversity advocates.Challenges for Young Professionals: Find out how mentorship can help newcomers overcome challenges and impostor syndrome.Resources MentionedCyber Sentinels HandbookWho Wants to Be a Millionaire?Cyber Security UnityUK Cyber Security AssociationTitania LimitedNipper StudioMalvern cyber clusterMidland CyberBTPinson MasonBoost Technology GroupQualitestAutism awareness dayImposter syndrome awareness dayOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Unlock the truth about using Large Language Models (LLMs) in cybersecurity - are they the next big thing or just another trend?In this episode of Razorwire, your host, James Rees, brings together cybersecurity expert Richard Cassidy and data scientist Josh Neil to talk about the use of AI and large language models (LLMs) in cybersecurity and their role in threat detection and security. Join us for a discussion on the capabilities and limitations of these technologies, sparked by a controversial LinkedIn post.&nbsp;We bring you expert insights into AI in security applications and a frank discussion on always being open to learning and correcting misconceptions. Hear about real world examples and practical advice on how to integrate AI tools effectively without falling into common traps. This episode delivers a balanced, in depth look at an often misunderstood but crucial topic in modern cybersecurity.3 Key Takeaways:Anomaly Detection Challenges: We break down why traditional time series models are still king when it comes to anomaly detection, highlighting the limitations of LLMs. Learn why these models are better suited for identifying real threats without drowning in false positives.Role of Critical Thinking in Cybersecurity: Richard Cassidy emphasises the irreplaceable value of human expertise in threat detection. Discover why relying too heavily on AI could stifle critical thinking and skill development, especially for junior analysts, potentially weakening your security team in the long run.Practical Applications and Misconceptions: Hear a candid conversation about the real strengths and weaknesses of LLMs in cybersecurity. Both guests share practical advice on how LLMs can augment, but not replace, human-driven methods to ensure stronger, more reliable security measures.Tune in to Razorwire for an episode that cuts through the hype and delivers actionable insights for cybersecurity professionals navigating the evolving landscape of AI in security.The Downside of AI in the Workplace:&nbsp;"My concern with AI assistants or co-pilots with quick and easy answers, the junior analysts aren't learning the critical thinking required to become senior analysts, and therefore we're losing our bench. And we're going to end up with unskilled senior analysts that don't know when the LLM doesn't know what to do. Neither does the human."Josh NeilListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:●&nbsp; &nbsp; &nbsp; Anomaly Detection Challenges: Find out how experts approach the complex task of identifying unusual patterns in cybersecurity data.●&nbsp; &nbsp; &nbsp; LLMs vs. Traditional Methods: We explore different approaches to anomaly detection, comparing cutting-edge AI with established statistical techniques.●&nbsp; &nbsp; &nbsp; Organisational Understanding: Listen to insights on the importance of deep knowledge about critical systems for effective threat detection.●&nbsp; &nbsp; &nbsp; Surgical vs. Brute Force Approaches: Discover the debate surrounding different methodologies in cybersecurity, and the role of human expertise.●&nbsp; &nbsp; &nbsp; Training and Critical Thinking: We examine how the increasing use of AI tools might impact skill development in the cybersecurity workforce.●&nbsp; &nbsp; &nbsp; Evolution of Threat Detection: Take the journey from manual processes to advanced automated systems, and learn how to take on the new challenges that have emerged.●&nbsp; &nbsp; &nbsp; LLMs' Role in Cybersecurity: Find out how we can integrate LLMs within existing security frameworks.●&nbsp; &nbsp; &nbsp; Misconceptions About LLMs: We explore common misunderstandings about AI capabilities in cybersecurity and their potential consequences.●&nbsp; &nbsp; &nbsp; AI's Impact on Security Practices: Get recommendations on how organisations can responsibly incorporate AI tools into their security strategies.Resources MentionedLos Alamos National LaboratoryErnst and YoungMicrosoftSecuronixAlpha LevelRubrik"The Cyber Sentinel's Handbook"Other episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Are you ready for DORA and NIS2? Discover how these regulations could transform your security strategy!Welcome back to another episode of Razorwire! Today we unpack the DORA and NIS2 regulations with esteemed cybersecurity expert Richard Cassidy. I’m your host, Jim Rees, and I’ll be guiding the conversation for anyone navigating the evolving landscape of digital security in the financial sector.In this information-packed episode:Discover why organisations are dangerously behind in DORA and NIS2 preparationLearn how these EU regulations could impact global operations, including US companiesExplore the potential for hefty fines and personal liability for executivesUnderstand the critical role of third party providers in complianceGet practical advice on assessing your organisation's readinessUncover the challenges of implementing cross border information sharingGain insights on budget planning and vendor alignment for complianceWhether you're a CISO, IT professional or business leader, this episode offers crucial information to help you stay ahead of regulatory changes. Don't miss Richard's expert analysis and insider tips on preparing effectively for compliance. This episode is packed with invaluable insights you won't want to miss." Don't be looking at this, head in your hands and worry that you haven't got the stack. You most likely do have the capabilities. Now you've just got to understand how you go about aligning to DORA."&nbsp;Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Regulatory Gap Analysis: Why organisations should start by analysing gaps between current performance and DORA and NIS2 regulations.Vendor Involvement: Why it’s essential to involve vendors and ensure they align with new regulations.Global Impact: Learn how DORA and NIS2 will impact organisations worldwide, especially those within the EU financial industry.Budget Implications: Advice on beginning regulatory analysis before budget renewal, for better allocation of resources.Contract Renegotiation: How to navigate the lengthy process and challenges of renegotiating contracts for compliance with new regulations.Third Party Security: Why we need to include audit rights and fine clauses in contracts with third party service providers.C-suite Accountability: Learn about the personal responsibility of the c-suite under DORA, including potential legal consequences.CISO Role Evolution: Find out how the CISO role is likely to gain more prominence and may replace the CIO in the future.Information Sharing Challenges: We discuss the difficulties organisations might face in sharing cybersecurity information.Implementation Recommendations: How to implement a simplified approach to aligning with DORA by assessing maturity and targeting domain-level improvements.Resources MentionedDORA (Digital Operational Resilience Act)NIS2 (Network and Information Systems 2)PRA (Prudential Regulation Authority)PCI DSS (Payment Card Industry Data Security Standard)ISO 27001 (International Organisation for Standardisation 27001)Other episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Welcome back to Razorwire! I'm Jim, your host, and joining me today are cybersecurity experts Richard Cassidy and Oliver Rochford.&nbsp;&nbsp;Following on from our last episode of Razorwire, where Oliver and I discussed the key issues that cyber professionals need to focus on in 2024, this episode centres on key takeaways from recent security conferences, particularly RSA and Infosecurity Europe, and explores the shift towards contextual security as highlighted in Byron Acohido's recent report.&nbsp;The conversation covers several critical topics:&nbsp;The potential transformation of long term cybersecurity planning&nbsp;Emerging trends in integration and standardisation among security solutions&nbsp;Fresh perspectives on supply chain risk management&nbsp;The debate over vendor accountability for security vulnerabilities&nbsp;Innovative approaches to security budgeting and prioritisation&nbsp;We discuss the necessity of proactive security approaches, the value of contextual information in threat detection and response, and the importance of considering customer impact when assessing security risks. They also touch on the potential implications of AI advancements for cybersecurity strategies.&nbsp;We give you an overview of current industry trends, challenges and potential future directions. We challenge conventional ways of thinking and offer insights that may help reshape how listeners approach cybersecurity strategies so you come away with actionable insights and strategies.&nbsp;The Overwhelming Complexity of Choice at Tech Events&nbsp;"It's just unbelievable that at every stand you go to [the vendor says] “we're the best in application security.” “We are the best in UEBA.” And I try to put the customer hat on when I go to these events and go, oh my goodness, how does anybody make a decision in the midst of all of this complexity?"&nbsp;&nbsp;Richard Cassidy&nbsp;&nbsp;Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen&nbsp;&nbsp;In this episode, we covered the following topics:&nbsp;Data Growth Management: Addressing the growing need for truly effective data management to secure the projected increase in data volume in the coming years.&nbsp;Communication Challenges: The difficulties in communicating long term infosec plans to the C-suite, who focus on shorter term financial goals.&nbsp;Cultural Shift: How the infosec industry has been impacted by post-lockdown advancements in technology as well as cultural changes.&nbsp;Cybercrime Costs: The predicted increase in the financial cost of cyber attacks is likely to be a more significant financial threat than physical crimes by 2025.&nbsp;Financial Challenges: Current investments in cybersecurity are not keeping pace with the evolving threat landscape.&nbsp;New Strategies: Why we need to move from rules-based to contextual-based security.&nbsp;Integration: How interoperability and synergy between vendors can help address evolving threats.&nbsp;Cyber Senescence: Why we need a longer-term approach to cybersecurity planning.&nbsp;C-Suite Communication: Why infosec professionals need to communicate risk and the importance of security investment to the c-suite effectively.&nbsp;Vendor Relations: The challenges of vendor lock-in, tool obsolescence and the importance of stable, reliable vendor partnerships.&nbsp;Resources Mentioned&nbsp;The Byron Report&nbsp;&nbsp;The Last Watchdog&nbsp;&nbsp;RSA Conference&nbsp;Infosecurity Europe&nbsp;&nbsp;XDR Alliance&nbsp;Situational Awareness: The Decade Ahead Leopold Aschenbrenner, June 2024&nbsp;Gartner&nbsp;Exabeam&nbsp;&nbsp;&nbsp;Other episodes you'll enjoy&nbsp;&nbsp;Cybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiter&nbsp;https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/&nbsp;&nbsp;The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black&nbsp;https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/&nbsp;&nbsp;Connect with your host James Rees&nbsp;Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.&nbsp;Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.&nbsp;With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.&nbsp;For more information about us or if you have any questions you would like us to discuss email [email protected].&nbsp;If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.&nbsp;&nbsp;Linkedin: Razorthorn Security&nbsp;Youtube: Razorthorn Security&nbsp;Twitter:&nbsp; @RazorThornLTD&nbsp;Website: www.razorthorn.com&nbsp;&nbsp;Loved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion.From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams.Key Talking Points&nbsp;1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies.2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions.3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments.Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024.The Future of Cybersecurity:&nbsp;"I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything."Oliver RochfordListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry.- Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention.- Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present.- Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging.- Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions.- AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges.- Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets.- Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys.- Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies.- Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations.Resources MentionedEvents:Infosec conferenceRSA conferenceCompanies:CrowdStrikePalo AltoZscalerSnowflakePure StorageDatabricksClickHouseSplunkProducts/Technologies:EDR (Endpoint Detection and Response)SIEM (Security Information and Event Management)XDR (Extended Detection and Response)API securitySOAR (Security Orchestration, Automation, and Response)Other episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

The deadline for financial entities is looming – get actionable information and advice on DORA compliance with industry expert Paul Dwyer!Welcome to Razorwire, your go-to podcast for cutting edge insights and expert analysis in the world of information security. I'm your host, Jim, and in today's episode, we have the privilege of speaking with Paul Dwyer, returning Razorwire guest and veteran in cybersecurity risk and compliance, with over 30 years of experience and the head of the International Cyber Threat Task Force (ICTTF).&nbsp;In this episode, Paul and I discuss the operational resilience required by DORA legislation, touching upon substantial fines for compliance failures and the shift towards personal accountability at the business and boardroom levels. We cover the nuances of DORA and its intersections with NIS2, and talk about the importance of better communication within organisations and the growing responsibility of governing bodies and the c-suite.&nbsp;Paul shares invaluable insights on the risk-based approach that's overtaking traditional compliance methods, the business opportunities awaiting smaller players in the DORA compliance space, and the essential need for thorough and continuous training programmes.Key Takeaways1. Discover compelling real world examples of how compliance failures have led to significant fines for large organisations and why personal accountability at the boardroom level is becoming crucial.2. Learn how DORA and NIS2 regulations are evolving to include a risk based approach and are pushing for proportionality in implementing controls, shifting the focus from mere compliance to a truly risk-centric perspective.3. Find out about the new business opportunities that DORA presents for small and midsize players in the market, including offering compliance services and challenging large cloud providers.&nbsp;The Era of Accountability in Management:&nbsp;"Anybody can fill out a little compliance spreadsheet, oh, there we go tick, tick, tick, we're doing all that, it goes through. But those days are gone because you need to trust, verify everything, you need to get the evidence."&nbsp;Paul DwyerListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Operational Resilience: Find out about fines and individual accountability for compliance failures under DORA and NIS2.- Governance Focus: We talk about increased attention on cybersecurity from governing bodies and the c-suite.- Risk Based Approach: Why the regulations’ emphasis is on proportional, risk centric controls over mere compliance.- Business Opportunities: Identifying opportunities for small and midsize players in offering compliance services against large cloud providers.- Regulatory Adaptability: Why we need DORA regulations to be adaptable to various organisational risks.- Training and Awareness: Addressing the crucial need for thorough DORA awareness programmes for all levels of staff, especially non-tech leaders.- Compliance Tools: Introducing tools like CyberPrism and AI-based solutions for assisting organisations in DORA compliance.- Information Sharing: Discussing the importance of peer-to-peer intelligence sharing and distinguishing it from mere information sharing.- Leadership Evolution: Emphasising the need for CISOs and other leaders to possess hybrid skills tying cybersecurity with business strategy and legal frameworks.Resources MentionedICTTFDORANIST 2.0ISOPCIEU DORA SummitEU Cyber Summit (November 7-8 in Dublin)DORA community groupCyberPrismGPT AI tool for DORA complianceDORA compliance specialist courseNavigating DORA (book by Paul Dwyer)The Cyber Sentinels Handbook (book by Jim)TSB Service FailureOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich &amp; Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Unlock the secrets to successfully navigating the cybersecurity business landscape with insights from industry legend Jane Frankland on this episode of Razorwire.Welcome to Razorwire, I'm your host, Jim and in today’s episode, we have the privilege of discussing the intricacies of running a successful cybersecurity business with none other than Jane Frankland. With over 26 years in the industry, Jane has built and sold businesses, influenced trends and mentored the next generation of cybersecurity professionals.&nbsp;In this episode, I chat with Jane Frankland about the challenges and most rewarding experiences of running a cybersecurity business. Jane tells us about her journey from the early days of cybersecurity in the 90s to becoming a prominent influencer and entrepreneur. We explore topics like managing growth, the shift towards freelance work and the importance of humility and mentorship in the industry.&nbsp;3 Key Talking Points:1. Managing Business Growth: Jane shares her strategies for managing growth through the use of associates and outsourcing non-core functions. Learn how to scale your business efficiently while keeping your core operations robust.2. Navigating Industry Trends: We talk about the increasing amount of freelance work in information security, the importance of a reliable pool of pentesters and the risks of crowdsourced pentesting companies. Gain insight on how to adapt your business model to include evolving industry practices.3. The Role of Mentorship and Humility: Jane and I discuss why mentorship for young professionals is so important and the significance of humility in leadership. Discover why ditching egos and maintaining an approachable demeanour is crucial for building a successful cybersecurity business.Don't miss out on these pearls of wisdom from one of cybersecurity's most respected voices.&nbsp;The Reality of Running a Business:&nbsp;"You are literally flying by the seats in your pants and navigating your company, at the helm, which is very, very stressful. Very stressful. And yet it is exciting and it is fun."&nbsp;Jane FranklandListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Business Growth Strategies: Discussing the challenges and careful expansion required to grow a cybersecurity business.- Outsourcing and Associates: Managing growth by outsourcing non-core functions like marketing and accountancy and using associates.- Pentesting Workforce: The shift towards freelance pentesters and the challenges of maintaining a reliable pool of talent.- Revenue Diversification: The importance of diversifying revenue streams and adapting business focus to market changes.- Industry Egos: Addressing the rise of egos in the information security industry and the importance of humility.- Emotional and Mental Challenges: Exploring the emotional rollercoaster and loneliness experienced by business owners.- Mentorship and Support: Highlighting the importance of mentors and coaches for guidance, especially during the early stages of business.- Client Acquisition and Recruitment: The complexities of recruiting staff, especially pentesters and salespeople and the challenges of client acquisition.- Financial Management: The critical importance of managing finances accurately and the common pitfalls at the tax level.- Encouraging Young Talent: The significance of mentoring young professionals and actively supporting their entrance and growth in the cybersecurity industry.Other episodes you'll enjoyPreventing Burnout in Cyber Securityhttps://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Communityhttps://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

In a landscape where cyber attacks are constantly evolving, is your business insurance keeping pace?Welcome to another episode of Razorwire! I'm your host, Jim, and today we dive deep into the dynamic world of cyber insurance. Neil Hare-Brown and Matt Clark, two industry experts, are with us to share their wealth of knowledge and insights on how cyber insurance has changed to address today's security challenges.&nbsp;In this episode, we cover the critical role of cyber insurance in modern security strategies, from mitigating the financial impact of cyber incidents to navigating the details of underwriting and premium setting. We also discuss the increasing trend of third party attacks and why companies must prioritise reviewing their vendors and suppliers. By the end of this episode, you'll have a clearer understanding of why cyber insurance is no longer a luxury but a necessity, and how you can leverage it to bolster your organisation's cyber resilience.Key Talking Points:1. Rising Costs and Frequent Threats: Neil explains why cyber insurance is crucial for mitigating significant financial impact of cyber crime.2. Underwriting and Premiums: Matt tells us how insurers use data and tools like ransomware calculators to set premiums and how businesses can proactively improve their cybersecurity posture.3. Vetting Third Party Vendors: We discuss why we must thoroughly assess third party providers, with insights into new insurance services and facilities aimed at helping businesses manage and recover from cyber incidents more effectively.Tune in to discover how cyber insurance can be an integral part of your organisation's defence strategy and ensure you're prepared for whatever comes your way.Cyber Risk Management:&nbsp;"I think there is still quite a long way for businesses to go, for boards to appreciate that cyber risk management is not an operational problem."&nbsp;Neil Hare-BrownListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Impact of Cyber Incidents: How to accurately estimate the financial repercussions of cyber attacks.- Ransomware and Business Email Compromise: We discuss the current trend for ransomware and business email compromise, and how to protect your organisation from the increased frequency and severity of the attacks.&nbsp;- Double Extortion and Data Breaches: The evolution of cyber threats which includes tactics like double extortion and significant reputational harm.- Using Data to Inform Insurance: How data from insured cyber events helps give risk insights for setting premiums.- Proactive Cyber Risk Management: Why it’s essential to have a cyber champion on the board.- Third Party Risks and Cyber Insurance: Third party attacks can severely impact businesses, highlighting the need for comprehensive cyber insurance.- Evolving Insurance Facilities: New offerings such as breach response services are becoming more accessible and affordable.- Post-Incident Actions: Breach experiences often lead companies to enhance cybersecurity measures and seek appropriate insurance coverage.- SMEs and Cybersecurity: Smaller enterprises struggle with maintaining effective cybersecurity processes and benefit greatly from cyber insurance.- Continuous Learning in Cybersecurity: Why we must continue to learn and evolve for effective cybersecurity strategies.Resources MentionedThe Cyber Sentinels HandbookISO 27001 certificationCybercareBreach response serviceMultifactor Authentication (MFA)Cyber essentials certificationOther episodes you'll enjoyCyber Insurance: Is It Fit For Purpose?&nbsp;https://www.razorthorn.com/cyber-insurance-is-it-fit-for-purpose-razorwire-podcast/&nbsp;SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Communityhttps://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

Unmask the reality of the information security world in this week's episode of Razorwire! Join me, Jim, and my guests, Chris Dawson and Iain Pye, as we talk about our daily frustrations working in infosec and the pressing issues facing cybersecurity professionals. We dissect the gripes, pet peeves and laughable clichés that saturate our industry.From the hype of award ceremonies to the absurdity of exaggerated credentials on LinkedIn, this conversation is packed with insights and anecdotes that will resonate with every cybersecurity professional. Stay tuned and subscribe for this candid look at the ups and downs of our industry.Key Talking Points:1. Real Talk on Compliance and Regulations: Discussing the hype around compliance requirements like GDPR and DORA, we break down the importance of understanding and managing these regulations without falling for marketing gimmicks.2. Vendor Exaggerations vs. Reality: Discussing the overblown claims around GDPR and DORA compliance and the serious implications for cybersecurity.3. Grandstanding Egos: The rise of self-proclaimed thought leaders and influencers and their role in fuelling fear, uncertainty and doubt within the infosec community.Tune in for a frank and entertaining discussion on the gritty realities of information security!The Struggles of Simplicity:&nbsp;"Your average user will go out their way to circumnavigate the controls that you've put in place."Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Annoying Infosec Practices: This satirical podcast dives into some of the most irritating practices in the infosec industry.- Auditor Issues: The frustrations of dealing with auditors. Enough said.- Integrity at Work: We talk about significance of acting professionally in workplace settings.- Infosec Vendor Marketing: The creative license taken by vendor marketing departments and how to stay wise to exaggerations.- Risk Management Complexity: We talk about the overwhelming abundance of acronyms, and the importance of clear communication and documentation.- Compliance and Regulations: We look into the implications of compliance requirements such as GDPR and the upcoming DORA.- Exaggerated Professional Profiles: We lament the trend of elaborate and often exaggerated LinkedIn profile titles and qualifications.Resources Mentioned- The Cyber Sentinel’s Handbook- GDPR (General Data Protection Regulation)- DORA (Digital Operational Resilience Act)- LinkedIn- Chat GPTOther episodes you'll enjoyPreventing Burnout in Cyber Securityhttps://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Communityhttps://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025 gdcr3sq9

In this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network.In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices.Key Talking Points:1. Deception Tools and Strategy - Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions.2. Psychological Influence on Threat Actors - Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors.3. Real World Case Studies - We discuss impactful examples, including the NSA's deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts.Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity.&nbsp;Deception 2.0: Envisioning the Future of Cybersecurity"So attackers believe the systems they're using because they've got no reason to believe the computer won't lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don't know what to trust and what not to trust?" Robert BlackListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats.- Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers' speed and decision making.- Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies.- Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy.- A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy.- Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs.- Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence.- Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments.- Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers' behaviour.Guest BiosRobert BlackRob left the UK government in 2014 after over a decade supporting the development capabilities for British and allied military and cyber operations. Since then, Rob has been a lecturer in Information Activities at Cranfield University, part of the UK Defence Academy and teaches on the UK MoD’s Cyberspace Operations MSc. From 2020 to 2024, Rob was the Director of the UK Cyber 9/12 Strategy Challenge leading on the development of the next generation of cybersecurity leaders. He was also Deputy Director of the UK National Cyber Deception Laboratory since its inception in 2019 to 2022, where he encouraged the development of a proactive approach to cyber defence through the use of deception techniques and other novel measures to confuse and disrupt cyber attackers. He remains involved in shaping policy dialogue on issues such as national security, cyber and intelligence through his role as an Associate Programme Director at Wilton Park, part of the UK Foreign Commonwealth and Development Office, and also acts as a senior adviser to the International Information Integrity Institute (i-4), owned by KPMG.&nbsp;Resources Mentioned- Pimlico Plumbers- NSA's study on deception- Stuxnet cyber attack- LinkedIn (Robert Black's profile)- Cyber Sentinels HandbookOther episodes you'll enjoyThe Human Psychology Behind Cybersecurity With Bec McKeown https://www.razorthorn.com/the-human-psychology-behind-cybersecurity-with-bec-mckeown/Criminal Minds: How the Cyber Crime World Works https://www.razorthorn.com/criminal-minds-how-the-cyber-crime-world-works/&nbsp;Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTDWebsite: www.razorthorn.comLoved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025