Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 4d ago
Added three years ago
Content provided by Razorthorn Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Razorthorn Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Razorwire Cyber Security
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
T
The Final Flight of Captain Forrester
1 The Final Flight of Captain Forrester | 1. The Mystery of Tiny 05 38:05
38:05 
Play Later 
Play Later 
Lists 
Like 
Liked38:05
Play Later
Play Later
Lists
Like
LikedIn late 1972, U.S. Marine Captain Ron Forrester disappeared on a bombing run into North Vietnam. Back home in Texas, his family could only wait and hope. Audio subscribers to Texas Monthly can get early access to episodes of the series, plus exclusive interviews and audio. Visit texasmonthly.com/audio to join. Go to HelloFresh.com/FLIGHT10FM to get 10 Free Meals with a Free Item For Life.…
Top Cybersecurity Priorities for 2024
Manage episode 432965706 series 3372765
Content provided by Razorthorn Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Razorthorn Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion.
From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams.
Key Talking Points
1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies.
2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions.
3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments.
Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024.
The Future of Cybersecurity:
"I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything."
Oliver Rochford
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry.
- Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention.
- Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present.
- Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging.
- Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions.
- AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges.
- Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets.
- Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys.
- Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies.
- Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations.
Resources Mentioned
Events:
Companies:
Products/Technologies:
- EDR (Endpoint Detection and Response)
- SIEM (Security Information and Event Management)
- XDR (Extended Detection and Response)
- API security
- SOAR (Security Orchestration, Automation, and Response)
Other episodes you'll enjoy
Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter
The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Loved this episode? Leave us a review and rating here
All rights reserved. © Razorthorn Security LTD 2025
71 episodes
ShareManage episode 432965706 series 3372765
Content provided by Razorthorn Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Razorthorn Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion.
From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams.
Key Talking Points
1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies.
2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions.
3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments.
Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024.
The Future of Cybersecurity:
"I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything."
Oliver Rochford
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry.
- Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention.
- Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present.
- Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging.
- Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions.
- AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges.
- Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets.
- Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys.
- Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies.
- Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations.
Resources Mentioned
Events:
Companies:
Products/Technologies:
- EDR (Endpoint Detection and Response)
- SIEM (Security Information and Event Management)
- XDR (Extended Detection and Response)
- API security
- SOAR (Security Orchestration, Automation, and Response)
Other episodes you'll enjoy
Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter
The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Loved this episode? Leave us a review and rating here
All rights reserved. © Razorthorn Security LTD 2025
71 episodes
All episodes
×
R
Razorwire Cyber Security
1 Security Gone Mad: The Fine Art of Overdoing It 41:41
41:41 Play Later Play Later Lists Like Liked41:41
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality. In this brilliantly unfiltered episode, we're joined by security professionals Iain Pye and Chris Dawson for a no-holds-barred discussion about security measures that cross the line from prudent to preposterous. From biometric authentication dilemmas to the maddening theatre of airport security, our experts dissect the fine balance between protecting assets and actually getting things done. Listen as Chris and Iain lock horns on what constitutes "reasonable" security, with Chris arguing for Fort Knox-level protection while Iain advocates for practicality, whilst your host Jim attempts to referee. Their real-world examples of security absurdity, including trapping thieves in revolving doors and putting warning signs in car parks, will have you nodding in recognition or shaking your head in disbelief. Whether you're a battle-scarred security professional or maybe just someone who's stood impatiently in endless security queues wondering why your belt buckle is suddenly a threat to national security, this conversation offers both genuine insight and proper laughs about the sometimes bizarre world of overzealous security controls. Tune in for a refreshingly honest chat that feels like overhearing three security experts having a pint down the pub whilst debating the madness that sometimes defines our industry. 3 Key Talking Points: The Security vs Practicality Tightrope Listen as our experts dissect the eternal balancing act between locked-down security and business functionality. When Chris boldly claims he'd implement "seven layers of security" for critical infrastructure while Iain argues for practicality, you'll gain valuable perspective on finding that sweet spot where protection doesn't become paralysis. The Psychology Behind Security Resistance Discover why people willingly hand over biometric data to tech giants yet baulk at the same requests from employers. Our conversation uncovers the fascinating psychological disconnect between consumer and corporate security acceptance, offering insights you can apply immediately to your own security implementation strategies. Beyond Bureaucracy: When Risk Management Goes Wrong Experience the painful yet hilarious reality of security bureaucracy gone mad, from needless warning signs in car parks to the absurdity of airport security theatre. You'll leave with a clearer understanding of how to champion meaningful security measures while avoiding the trap of controls that exist merely to tick compliance boxes. "Information security professionals the world over, in various different cultures and various different parts of the world have had the words echoing through the halls: ‘Isn't that a bit much?’" - James Rees, Razorthorn Security Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Finding the Balance : Discover how to navigate the tension between robust security measures and practical business operations without alienating your colleagues Biometric Backlash : Understand why people readily surrender their biometrics to tech giants but resist providing the same data to employers Security Theatre : Learn to identify when security measures serve more as performance than protection, particularly in public spaces like airports Risk Management Revelations : Gain insights into creating meaningful risk assessments that protect assets without drowning in needless bureaucracy Human Behaviour : Recognise how "laziness" and resistance to security controls might actually signal poorly designed systems rather than difficult users Security Culture : Explore how organisational risk culture directly impacts the effectiveness and acceptance of security measures Physical vs Digital Controls : Compare approaches to security across both physical spaces (like data centres) and digital environments Proportionate Response : Develop strategies for implementing security controls that match the actual threat level without overengineering solutions Compliance vs Security : Distinguish between controls that genuinely protect your organisation and those that merely tick regulatory boxes Security Stakeholder Management : Master the art of communicating security needs to business leaders without being dismissed as "overzealous" Other episodes you'll enjoy Security vs Privacy: The Ethics of Data Collection YouTube: https://youtu.be/iIRv0qVXmWM Spotify: https://open.spotify.com/episode/0wbWKF9zyxkHMY5kKMZyx5 The Business of Biometrics: Data Protection and Ethical Standards in Cyber Security YouTube: https://youtu.be/eWfRalOk0E8 Spotify: https://open.spotify.com/episode/1QJPHcVRkKIIht3zsJWqWq Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Unconventional Paths to Cybersecurity (AKA keeping your Nan Safe From Hackers) 41:25
41:25 Play Later Play Later Lists Like Liked41:25
Play Later Play Later Lists Like LikedHow can overcoming personal adversity lead to a successful career in cybersecurity? Welcome to Razorwire, the podcast that delves into the world of cybersecurity by sharing the journeys of its most inspiring figures. Join us for a truly heartwarming episode as we welcome Jemma, the brilliant mind behind CultureGem and a passionate champion for security behaviour and culture. Jemma's incredible journey - from surviving homelessness to becoming a respected voice in InfoSec - reminds us how our different paths can bring richness and depth to our industry. Jemma shares her powerful story and gives fresh perspectives on the human side of cybersecurity, why accessibility matters in learning and the reason technical solutions alone will never be enough. We discuss the changing face of InfoSec culture, the eyebrow-raising phenomenon of "cyberlebrities", and how we might better spend our security budgets to protect the people who matter most. Whether you're a seasoned professional or just starting your InfoSec journey, you'll find wisdom in Jemma's approach to making security concepts meaningful for everyone - from corporate executives to her beloved nan. Tune in for a conversation that, for me, genuinely felt like catching up with a friend at the pub, whilst challenging us all to think differently about creating a more inclusive approach to security. 3 Key Talking Points: The Human Element of Cybersecurity Learn why organisations allocate less than 1% of security budgets to human factors despite 97% of incidents being attributed to human error. Jemma explains how addressing this disconnect creates stronger security cultures and reduces vulnerabilities. Accessibility as a Security Imperative Discover how CultureGem's accessible learning approach removes barriers to understanding security concepts. Jemma demonstrates why making security comprehensible to everyone isn't just inclusive - it's fundamental to effective protection. The Evolving InfoSec Community Gain perspective on industry dynamics from "cyberlebrities" to challenges faced by professionals from non-traditional backgrounds. This discussion gives valuable context for navigating the InfoSec community. "If 10% of an IT budget is spent on cyber, which is there or thereabouts, less than 1% is spent on human side of cyber. Yet 97% of incidents are put down to, rightly or wrongly, human error." - Jemma, Founder of CultureGem Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Overcoming Adversity: Learn how navigating difficult circumstances can build transferable skills for an InfoSec career Budget Realignment: Discover why redistributing your security budget towards human factors can address the root cause of 97% of incidents Inclusive Security: Explore how removing barriers to learning strengthens your organisation's overall security posture Employee Engagement: Find out how to move beyond compliance to create genuine security motivation amongst your staff Community Dynamics: Navigate the changing InfoSec landscape and its impact on collaboration and knowledge sharing Diverse Recruitment: Understand the value of hiring security professionals with unconventional backgrounds and experiences Translating Complexity: Learn techniques for explaining security concepts in ways that resonate with non-technical audiences Solution Assessment: Gain insights into evaluating security vendors and avoiding "ambulance chasing" during incidents Combating Bias: Recognise and address behaviours that create barriers for underrepresented groups in security teams Resources Mentioned CultureGem - Empowering Small Businesses, Enterprises, and Security Professionals with Adaptive Learning Solutions The Cyber Sentinels Handbook – by James Rees OWASP - (Open Web Application Security Project) WannaCry - The 2017 ransomware attack that inspired Jemma's move into cybersecurity Other episodes you'll enjoy Mental Health, Organisational Culture & The Human Side of Cybersecurity YouTube: https://youtu.be/k_VVu_bQZXg Spotify: https://open.spotify.com/episode/1h88WI6RlKjF0BQ3ylbnfH?si=1Zqi4lrNSzO-klDQleyEhw Cybersecurity Burnout & Organisational Culture YouTube: https://youtu.be/naUT5jBQE_s Spotify: https://open.spotify.com/episode/2xaF8hTnFR7MfQ0ob9wBu3 Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Mastering the Art of Communication in InfoSec 42:59
42:59 Play Later Play Later Lists Like Liked42:59
Play Later Play Later Lists Like LikedIn this latest episode of Razorwire, I sit down with the brilliant Stefania Chaplin to explore the often overlooked yet crucial skill of effective communication in information security. Throughout our conversation, we discuss why communication matters so much in our field, especially during critical moments when tensions run high. Stefania brings her trademark enthusiasm and wealth of experience to highlight approaches that work across different contexts, cultures and situations. As our profession has evolved, and particularly when working with colleagues remotely, our approach to communication needs to adapt accordingly. Whether you're just starting out or have been in the trenches for decades, I guarantee you'll take away some valuable insights on a skill that I've found to be just as important as technical expertise throughout my career. 3 Key Talking Points: Managing Communication During Incidents Discover practical strategies for effective communication during high stress security incidents. Learn how to establish clear communication channels, manage stakeholder expectations and create space for your team to resolve issues without constant interruptions. Stefania shares techniques from her experience, including the importance of creating transparent incident documentation and using mindfulness to maintain clear thinking under pressure. Cross-Cultural Communication in Global Teams Gain insights into navigating the complexities of multicultural teams in information security. With remote work connecting professionals across different time zones and cultural backgrounds, understanding how communication styles vary globally has never been more crucial. Learn how different cultures approach feedback, instructions and hierarchy, drawing from Stefania’s multicultural background and experiences working as a digital nomad. Adapting Your Message to Different Audiences Master the art of tailoring your security communication for different stakeholders. Whether you're speaking with developers who need technical details or executives who need the headlines, find out how to switch hats effectively. This practical knowledge will help you build credibility with technical teams whilst ensuring leadership understands the key security messages they need for decision-making. "What happens when you have a cybersecurity incident and you're working in a global organisation with employees from all different countries and cultures in a very high stress environment? In those moments, communication really matters." Stefania Chaplin Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Incident Clarity - Transform your incident response with effective communication strategies for high stress scenarios Global Trust - Build trust across global teams by understanding cultural communication differences Stakeholder Speak - Tailor your security messaging for maximum impact with different stakeholders Focus Shield - Protect your technical team from distractions during critical incidents Pre-Crisis Planning – Advice on creating communication plans before incidents occur to reduce chaos when they happen Mental Control – Learn breathing techniques to maintain clarity during high pressure security events Remote Mastery - Navigate the complexities of remote teams across different time zones Image Repair – How to break the "security is the bad guy" stereotype through better communication Technical Translation – How to adapt your technical language for different audiences without losing credibility Practice Pressure - Learn from war-gaming exercises to improve your team's communication under pressure Toxicity Management – How to recognise and handle toxic communication patterns in the workplace Feedback Loop - Implement feedback mechanisms to continuously improve your communication style Resources Mentioned Effective Communication in Tech - Stefania's project focused on communication skills for technical professionals (effectivecommunicationintech.com) DevStefOps - Stefania's personal website The Culture Map – by Erin Meyer, on multicultural communication in business settings Never Split the Difference - by Chris Voss, on negotiation techniques Box Breathing Technique - a stress management tool to use during incidents GitLab's Incident Response Guide - an example of transparent incident communication The Cyber Sentinels Handbook – by James Rees Neuro-Linguistic Programming - a communication framework Myers-Briggs Type Indicator - a personality assessment tool Meet our guest Stefania Chaplin Stefania’s (aka DevStefOps) experience as a Solutions Architect within DevSecOps, Security Awareness and Software Supply Chain Management means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting and automating processes and creating integrations. She is a member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants. Other episodes you'll enjoy Mental Health, Organisational Culture & The Human Side of Cybersecurity YouTube: https://youtu.be/k_VVu_bQZXg Spotify: https://open.spotify.com/episode/1h88WI6RlKjF0BQ3ylbnfH?si=1Zqi4lrNSzO-klDQleyEhw The Art of Cyber Deception: How To Get Inside The Mind of A Hacker YouTube: https://youtu.be/r_n275AsK8c Spotify: https://open.spotify.com/episode/3GMSIXpbexPBqH2Rb92PNi?si=TCCxuTo-QeeMALLyHomwtg Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Spotlight on Technology: Mastering Attack Surface Management 48:45
48:45 Play Later Play Later Lists Like Liked48:45
Play Later Play Later Lists Like LikedIn our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks. We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams. Nick shares eye-opening real-world examples that illustrate the hidden vulnerabilities present in even seemingly secure environments. We cover how organisations can gain continuous visibility of their assets, extend security monitoring to third party suppliers and build a security culture that protects customer data effectively. A must-listen for security professionals seeking practical advice on protecting against modern cyber threats. Key Talking Points: Attack Surface Velocity : Learn how attackers can discover vulnerabilities within just hours instead of weeks, and how Censys's daily internet scanning helps organisations keep pace with this alarming speed. Nick talks about the mechanics behind this acceleration and what it means for your security strategy. Supply Chain Security : Discover the hidden risks in your vendor ecosystem through Nick's shocking real-world example of compromised medical equipment. This is a key example on why monitoring your suppliers' security posture is just as crucial as your own. Beyond Compliance : Understand why building a genuine security culture trumps mere regulatory compliance. Nick and I discuss practical approaches to embedding security consciousness throughout your organisation, from the C-suite to frontline staff. Gain practical insights that will help you better defend your organisation. This conversation goes beyond theoretical concepts to deliver actionable security wisdom you can implement immediately. "If you are looking at your external attack surface any less than daily, you're missing a trick. It has to be scanned at least daily, preferably in real time." - Nick Palmer, Censys In this episode, we covered the following topics: ● Attack Surface Management: Learn how to identify and manage your organisation's vulnerabilities to prevent cyber attacks. ● Evolution of IT and Security: Gain historical perspective on how security challenges have evolved to better prepare for future threats. ● Supply Chain Security: Discover techniques to protect your business from vulnerabilities introduced by third-party suppliers. ● Legislation and Compliance: Understand how to navigate new regulations like DORA to avoid penalties and legal consequences. ● Phishing Defence: Master strategies to protect your organisation from increasingly sophisticated social engineering attacks. ● Rapid Response: Learn why and how to accelerate your security monitoring to match attackers' discovery capabilities. ● Cloud Security: Acquire practical approaches to securing cloud and virtual environments against emerging threats. ● Building Security Culture: Develop effective methods to embed security awareness throughout your organisation. ● Continuous Monitoring: Implement cost-effective techniques for ongoing attack surface visibility to catch vulnerabilities before attackers do. ● Security Tooling: Explore the latest technological innovations that can strengthen your security posture and response capabilities. Resources Mentioned Censys Black Hat Cyber Sentinels Handbook ZMap Chainalysis SWIFT network DigitalOcean Heroku Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 AI Data Harvesting - Who Really Owns Your Digital Footprint? 49:46
49:46 Play Later Play Later Lists Like Liked49:46
Play Later Play Later Lists Like LikedIn this episode of Razorwire, we’re looking into the contentious realm of AI and data privacy. This week, I’m joined by Amy Stokes Waters, CEO of The Cyber Escape Room Company, and Ryan Mangan, a chartered IT professional and Microsoft MVP, to explore the ethical implications of feeding our personal data into AI systems. Join our discussion on recent controversies, including Adobe's T&C changes and Clearview's facial recognition technology, while questioning who truly benefits from AI data collection. We debate the balance between technological advancement and personal privacy rights, highlighting the disparities in how different organisations handle consent and transparency. From medical research to creative rights, this episode addresses how AI development is outpacing both regulatory frameworks and organisational policies. As businesses increasingly rely on AI-powered tools, what safeguards should we demand, and how much of our digital footprint are we willing to sacrifice? 3 Key Talking Points: The Opt-Out Illusion: Discover how major tech companies are quietly changing their terms of service to automatically opt users into AI training programmes using your data. We reveal the hidden challenges of truly removing your information once it's been absorbed into AI systems and what this means for your digital privacy. Policy vs. Protection Gap: Learn why most organisations lack proper AI usage policies, leaving customer data vulnerable. Our experts discuss how even well-intentioned employees are likely uploading confidential information to ChatGPT without realising the risks and what safeguards businesses should implement immediately. The Jurisdictional Minefield: Understand the complex legal landscape where regulations like GDPR and HIPAA struggle to keep pace with AI development. Our conversation explores the dangerous territory of international data jurisdiction and how conflicting regulations create loopholes that affect your privacy rights. "I think it's really positive that actually these things are coming out and that there are court cases and legal action being taken against companies who are using data without consent." Amy Stokes Waters Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Spot stealth data collection – Identify how companies like Adobe and LinkedIn are changing their terms of service to automatically opt you into AI training programmes Protect your creative work - Understand the risks to your intellectual property when uploading content to cloud services with AI features Navigate consent manipulation - Recognise the tactics used to hide opt-out options and how to find them Safeguard sensitive information - Prevent employees from inadvertently exposing confidential data through ChatGPT and similar tools Understand data sanitisation - Learn what proper data anonymisation actually means and why it matters for your privacy Balance innovation with privacy - Discover how organisations can ethically use AI for advancements in healthcare while protecting personal data Create effective AI policies - Develop clear guidelines for your business on appropriate AI usage before data breaches occur Recognise AI's limitations - Identify when AI might present biased or false information, particularly in specialised fields like law Prepare for international data conflicts - Navigate the complex landscape of competing regulatory frameworks affecting your data (GDPR, HIPAA, etc.) Anticipate future privacy challenges - Get ahead of emerging concerns as AI technology continues outpacing regulatory frameworks Resources Mentioned The Cyber Escape Room Co - A business led by Amy Stokes Waters that creates cybersecurity-focused escape room Ether Assist - Ryan Mangan's AI platform designed specifically for IT professionals and security teams, providing technical assistance and support. OFFS Events - A conference series organised by Amy that hosts cybersecurity events in South Africa and the UK. The Cyber Sentinels Handbook – written by James Rees and described as "a primer for information security professionals", aimed at practitioners at all career stages, from beginners to experienced professionals. CoStar - A framework for creating effective AI prompts that helps users structure their queries with context, style, and other parameters to get better results from AI systems. Adobe's Terms of Service AI Training Controversy Clearview AI Dutch Data Protection Fine Microsoft Graph Security Information LinkedIn AI Training Suspension After ICO Concerns Slack's AI Features and Data Collection Model Autophagy Disorder (MAD) in AI Creating Effective AI Usage Policies Meet our guests Amy Stoke-Waters Amy has a decade of experience in sales and marketing and now acts as CEO at The Cyber Escape Room Co and CCO at Yellowstone Security. She is a founding member of RINA's Maritime Cyber Security Task Force and an active advocate for gender diversity in the industry. As a regular guest on podcasts and panels, Amy talks on a variety of topics including security culture and awareness, personal branding, and women in tech. Ryan Mangan Ryan Mangan is the CEO of EfficientEther Ltd, a Microsoft Startup focused on AI-driven IT solutions and cloud cost management. With a strong background in managed services, Ryan previously founded and led Systech IT Solutions, building successful technology businesses focused on Managed Services. A Microsoft MVP and Chartered Fellow of the British Computer Society (FBCS CITP), he is a recognised industry expert, author, and public speaker. Ryan is also an Editorial Advisory Board member for TechTarget, contributing to thought leadership in enterprise IT. His work has been featured in publications such as Computer Weekly, TechTarget, and BCS IT Now, and he regularly speaks at industry events, sharing insights on AI, cloud, and other IT topics. Other episodes you'll enjoy Humans vs AI: Building a Security Culture That Actually Works YouTube: https://youtu.be/SNcpKrsWniY Spotify: https://open.spotify.com/episode/53PxszWM34ZrpA9EnSHuJf Hacking Cybersecurity Training: Escape Rooms & Entrepreneurial Thinking with Amy Stokes-Waters YouTube: https://youtu.be/dpn8N4xfojA Spotify: https://open.spotify.com/episode/5TWqagRzQdKZDQIxRjDOaP Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Inside Incident Response: Turning Chaos into Cohesive Teamwork 47:29
47:29 Play Later Play Later Lists Like Liked47:29
Play Later Play Later Lists Like LikedOur latest episode brings in security expert Iain Pye, who shares military tales with me, your host James Rees, about what really happens when everything goes wrong. We get stuck into the nitty-gritty of incident response - the sleepless nights, the pressure from executives, and how to keep your team going when they're running on fumes. From ransomware attacks to system meltdowns, we chat about war games and escape room scenarios, exploring how organisations can build proper resilience rather than just ticking compliance boxes. We dig into why most incident response plans gather dust in drawers and what happens when you actually need to use them. Ian brings a refreshing military perspective to corporate incident management, showing how battlefield experience translates surprisingly well to handling information security crises. Whether you're dealing with compromised systems or insider threats, this episode packs practical wisdom for those moments when everything falls apart. 3 Key Talking Points and Reasons to Listen: Building Resilience Through War Games: Discover why military-style drills and wargaming are crucial for effective incident response. Iain and I explore how regular team exercises - from realistic ransomware scenarios to creative "zombie apocalypse" simulations - help build the muscle memory and team dynamics needed when real crises hit. We share practical examples of how to run these exercises effectively. Managing Team Stress in a Crisis: Learn the critical importance of managing your team during long running incidents. We break down the practical aspects often overlooked in incident response plans - from implementing proper shift patterns to ensuring your team stays fed, rested and functional during multi day crises. Find out why pushing your team to exhaustion is a recipe for disaster. Turning Incidents into Improvements: Understand why post-incident analysis is where the real value lies. We discuss how to turn incident learnings into actionable improvements, including how to leverage serious incidents to secure necessary budget improvements. Learn why the "five whys" methodology is essential for preventing future incidents and strengthening your security posture. On building muscle memory through repeated training: "It's drills essentially. It’s doing the same thing over and over again and having that natural reaction. So you train your body - your mind, essentially - so if the proverbial poo does hit the fan, you can react in the right way and in accordance with what your SOPs [Standard Operating Procedures] might be." Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Military Training for Incident Response: Learn how military-style drills can transform your team's ability to handle high-pressure security incidents with confidence and precision. Importance of Incident Response in Infosec: Master the essential skill of incident response and protect your organisation from data breaches and ransomware attacks effectively. Human Reactions to Emergencies: Discover practical techniques to keep your team calm and focused when emergencies strike, avoiding costly panic-driven mistakes. Role of Team Trust: Build unshakeable team trust that enables swift, coordinated responses during critical incidents. Communication During Incidents: Develop clear communication strategies that keep stakeholders informed and confident during crisis situations. War Games for Preparation: Create engaging war games and scenarios that prepare your team for real world incidents while building stronger team dynamics. Impact of Incident Stress on Teams: Protect your team from burnout during long-running incidents with proven strategies for managing stress and fatigue. Lessons Learned Post-Incident: Turn every incident into an opportunity for improvement by conducting effective post-incident reviews that actually strengthen your security. Importance of Documentation and Reporting: Create documentation and reports that drive real change and secure essential resources for your security programme. Scenario Planning for Various Risks: Build comprehensive scenario plans that prepare your organisation for any crisis, from common incidents to worst case scenarios. Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Cost of Being a CISO Part 2: Ethics, Leadership and Strategic Impact 50:28
50:28 Play Later Play Later Lists Like Liked50:28
Play Later Play Later Lists Like LikedWelcome back to Razorwire! I'm your host, Jim, and in this second part of our CISO Dilemmas series, we welcome back security experts Oliver Rochford and Richard Cassidy. Moving beyond the challenges covered in part one, this episode explores the rewarding aspects of the role while taking a frank look at the ethical issues security leaders regularly face. The guests share personal experiences and practical actions for transitioning from technical expertise to strategic leadership, building effective teams and managing relationships across the business. As regulations tighten and cyber threats evolve, we talk about how the CISO position has grown far beyond its IT roots to become a complex executive role requiring business knowledge, political savvy and strong moral judgement. This conversation offers a valuable perspective on where the role is heading and what it takes to succeed. Stay til the end for our predictions about how the CISO position will transform over the next five years as organisations grapple with AI, automation and increasing regulatory scrutiny. We’re talking about: The CISO Role Beyond Technology Learn how modern security leaders are shifting from pure technical expertise to become strategic business enablers. Richard and Oliver share some great insights about balancing technical knowledge with leadership skills, and explain why successful CISOs need to master communication, relationship-building and business strategy alongside their security expertise. Navigating Ethical Challenges Get an insider's perspective on the ethical decisions that CISOs face, from breach disclosures to managing surveillance requests. Using some real world examples from Oliver and Richard, we talk about how security leaders can maintain their integrity while balancing business interests, regulatory requirements and moral obligations. Building Future-Ready Security Teams Discover practical approaches to developing high performing security teams in an era of rapid change. The conversation offers actionable guidance on mentoring new talent, improving resilience and creating a positive security culture - essential knowledge for both current leaders and those aspiring to senior This episode is packed with practical advice and forward-looking perspectives that every cybersecurity professional can benefit from. "CISOs often face ethical dilemmas... 52% of CISOs reported that they've faced situations where they felt pressured to compromise ethical standards for business interests. In cybersecurity, the hardest decisions aren't technical - they're ethical." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Role Definition of the CISO: Learn how to navigate different stakeholder expectations and position yourself effectively as a CISO. Transformational Changes: Gain insights on transitioning from technical expert to strategic business leader. Key Skills for CISOs: Master the essential skills that make modern CISOs successful—from boardroom communication to risk management. Ethical Dilemmas: Handle ethical challenges confidently with real-world strategies from experienced security leaders. Regulatory and Legal Knowledge: Build your knowledge of global security regulations and protect yourself from personal liability. Leadership Impact: Develop leadership techniques that inspire and retain top security talent. Collaboration and Communication: Improve your influence across the organisation through proven communication approaches. Future of CISO Role: Prepare for the future of security leadership and upcoming industry changes. Incident Response and Crisis Management: Build effective incident response capabilities and crisis management skills. Positive Aspects of Being a CISO: Discover what makes the CISO role uniquely rewarding and how to find personal satisfaction in security leadership. Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity—from seasoned professionals with years of experience, triumphs and lessons learnt under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Cybersecurity 2025 – Predictions from the Experts 47:40
47:40 Play Later Play Later Lists Like Liked47:40
Play Later Play Later Lists Like LikedSurviving and Thriving in the 2025 Cybersecurity Landscape: Predictions and Strategies Welcome back to Razorwire! Join me, Jim, as we forecast the major trends and changes for 2025 that are set to reshape the cybersecurity industry. Joining me are cyber veterans and regular guests Oliver Rochford and Richard Cassidy. As cybersecurity becomes increasingly complex and critical to business operations, understanding what lies ahead can provide an invaluable edge. In this episode, Richard, Oliver and I break down our predictions for 2025, focusing on market consolidation, the evolution of AI in security and the ever-tightening grip of global regulations. From the rising costs of consultancy services to the rapid proliferation of security technologies, we've got you covered. We'll also take a look into the potential rise of AI-powered hacktivism and what it means for organisations worldwide. Key Takeaways: Strategic Investment Planning for 2025 - Get expert insights on why vendor consolidation may not be the answer and learn practical approaches to evaluating emerging security technologies against established solutions while managing rising costs. Practical Regulatory Compliance Tactics - Discover how organisations are using AI to efficiently manage overlapping regulations, with actionable strategies for meeting multiple regulatory requirements without duplicating effort. Future-Proofing Your Security Strategy - Learn how the threat landscape is evolving with politically motivated insiders, how organisations are using behavioural analysis in security and what AI can realistically do for security operations in 2025. From understanding emerging markets to decoding regulatory complexities, this episode offers critical insights to arm you for the future. Don’t miss out on these expert predictions and actionable advice! Consolidation of Regulation: "A group of CISOs wrote to the G20 summit, the OECD member states, writing a letter crying out for some level of sanity on regulatory releases because it's just getting to the point where businesses are struggling." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we’re talking about: ● Consolidation of the Cyber Security Market Learn how to evaluate whether vendor consolidation makes sense for your organisation and identify which emerging technologies could add value to your security programme. ● AI in Security Operations Understand the practical applications of AI in security versus future possibilities, helping you make informed decisions about AI investment and implementation. ● Regulation Complexity Discover strategies for efficiently managing overlapping regulations and learn how other organisations are successfully navigating complex compliance requirements. ● Quantum Encryption Learn about forthcoming quantum encryption products and how to start preparing your organisation's encryption infrastructure for quantum resilience. ● AI Enabled Activism Understand how autonomous AI systems could be used in cyber campaigns and what defensive measures you should consider implementing. ● Increased Costs and Market Changes Get practical advice on managing rising security costs and maintaining effective security despite budget pressures. ● Vendor Pricing and Economic Pressures Learn negotiation strategies for vendor relationships and how to evaluate the true value of security investments in today's economic climate. ● Insider Threat Intelligence Explore new approaches to behavioural analysis and risk profiling that can enhance your insider threat programme while maintaining privacy considerations. ● Future Threat Landscape Understand emerging threat actor motivations and behaviours to better prepare your organisation's defensive strategy. ● Technology for Regulatory Compliance Learn how to leverage AI and automation to streamline regulatory compliance while improving operational efficiency. Resources Mentioned DORA Gartner OECD NIS 2 PCI DSS HIPAA Cyber Essentials ISO PIPL CCPA GDPR Three Mile Island Journal of Psychological Research in Cyberspace Journal of Strategic Security Taylor and Francis Online Popular Mechanics Neuralink Rubrik CrowdStrike Palo Alto Fortinet Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Supercharge Your Security Budget in 2025: Smarter Investments, Stronger Defence 48:39
48:39 Play Later Play Later Lists Like Liked48:39
Play Later Play Later Lists Like LikedEver wonder how to get the most out of your cybersecurity budget without leaving your company vulnerable? Hey there, it’s Jim from Razorwire! In this episode, I sit down with cybersecurity pros Chris Dawson and Iain Pye to chat about smart spending when it comes to your cybersecurity budget. Whether you’re a big enterprise with a hefty budget or a small business wanting maximum impact on a small budget, we’ve got some actionable insights for you. In this episode, we tackle one of the industry's most pressing challenges—how organisations allocate and manage their cybersecurity spending. Together with Chris and Iain, we examine the complex relationship between IT departments and security teams competing for resources, exploring perspectives from startups making their first security investments through to enterprises managing substantial security budgets. Drawing on our collective experience, we challenge conventional wisdom about security investment and explore whether current approaches truly serve organisations effectively. Through real-world examples and hard-earned lessons, we examine why traditional approaches often fall short and propose fresh perspectives on security strategy. Our debate around tools versus talent—and occasional heated disagreements—gives you multiple battle-tested perspectives to help shape your own security investment strategy, whether you're just starting out or running an enterprise security programme. Key Talking Points Get More Bang for Your Security Buck - Learn how successful organisations are stretching their security budgets by intelligently balancing people, tools and training - so you can stop wasting money on solutions that don't deliver Build Security That Sticks - Discover how to create a security programme that works for your whole business, not just IT, with proven approaches that align security spending to genuine business risks Smart Security on a Budget - Get practical insights on maximising security with minimal spend, from leveraging free tools effectively to knowing when (and how) to bring in expert help Tune in to Razorwire for these tips and more, and start making your cybersecurity budget work harder for you, not the other way around! Decentralised Security Budgeting: "Security doesn't need to be expensive. It just needs to be effective, and there's a million different ways to handle security in a million different organisations." Jim Rees Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, learn how to: ● Scale Security for Your Company Size: Implement the right cybersecurity strategy whether you're running a small business or large corporation. ● Balance Your Security Investment: Make informed decisions between hiring security personnel or investing in software tools when working with limited resources. ● Measure Security ROI: Effectively demonstrate and track the business value of your cybersecurity investments. ● Choose Security Partners: Select and evaluate third party security providers that match your organisation's needs and budget. ● Implement Continuous Security Testing: Set up a continuous penetration testing programme using global resources to maintain strong security. ● Build a Security-Aware Culture: Create and run effective security awareness programmes that actually reduce organisational risk. ● Structure Your Security Budget: Establish and manage a dedicated security budget separate from IT spending. ● Unify Physical and Digital Security: Create a cohesive security strategy that bridges physical and IT security measures. ● Access Expert Security Guidance: Leverage consulting services to get CISO-level expertise without the full time cost. ● Optimise Security Tools: Combine open source and paid security solutions to maximise protection on a limited budget. Resources Mentioned The Cyber Sentinel's Handbook: A Primer for Information and Security Professionals by James Rees ISO 27001/27002 PCI DSS GDPR DORA HIPAA EU Cybersecurity Certification Scheme OpenVAS Greenbone Connect with your host. James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity—from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Cost of Being A CISO Part 1: Personal, Professional & Organisational Challenges 58:38
58:38 Play Later Play Later Lists Like Liked58:38
Play Later Play Later Lists Like LikedJoin us for part one of our two-part series examining the world of Chief Information Security Officers. This episode welcomes back Richard Cassidy, Field CISO at Rubrik, and Oliver Rochford, former Gartner analyst and founder of Cyberfuturist. This episode offers insights that will give you insight into what makes security leadership successful - and what can lead to failure. Through real world experiences and practical examples, we explore where CISOs best fit in modern organisations, proven approaches for communicating risk to boards and how to handle increasing personal accountability under new regulations. Our guests share hard won lessons from building security programmes across different business cultures, revealing what works and what doesn't. We also examine why CISO tenures average just 18-24 months, and identify the changes needed to make the role sustainable. As cybersecurity becomes a pivotal aspect of business operations, the significance of CISO roles continues to grow - and so do the challenges. From justifying cybersecurity budgets to handling personal accountability for breaches, we take a look at the complexities and evolving duties of today's CISOs. For security professionals, this discussion will help you prepare for senior leadership. For current CISOs, you'll gain strategies for navigating common challenges. And for business leaders, you'll learn how to better support and work with your security teams to protect your organisation effectively. Key Talking Points : The role and responsibilities of modern CISOs - understand how the Chief Information Security Officer position has transformed from a technical IT role into a complex business leadership position that spans multiple organisational functions Reporting structures and organisational challenges - discover how different reporting relationships (to CEO, CIO, CFO, etc.) impact a CISO's effectiveness and ability to implement security programmes across the business The personal and professional costs of being a CISO - learn about the realities and challenges that CISOs face, from stress and burnout to reputation management and legal liability, providing valuable insights for those considering or currently in the role Don't miss out on this deep dive into the cost, both personal and professional, of being a Chief Information Security Officer. Evolving Role of the CISO: “A CISO today is essentially a senior executive that is responsible for designing, implementing, and overseeing any organisation's cybersecurity strategy... But it has significantly evolved from what used to be the old IT security director from simply managing technical security operations to actually acting as a key business partner... balancing risk and compliance and security whilst, and this is the hard part, aligning with organisational goals.” Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Learn proven approaches for justifying security investments - Discover how to effectively demonstrate the value of preventative security measures and build compelling business cases for cybersecurity budgets Master the language of business risk - Learn how to translate complex cyber risks into clear financial, operational, reputational and regulatory impacts that resonate with senior leaders Navigate the new regulatory landscape - Understand how recent regulations like the SEC Cybersecurity Disclosure Rule affect your accountability and what this means for your role Secure board-level investment - Learn strategies for overcoming common challenges when seeking security funding and how to build persuasive investment cases Manage professional pressures effectively - Gain practical insights into handling accountability demands whilst avoiding burnout in high pressure security leadership roles Balance competing demands successfully - Learn from experienced CISOs about managing the 24/7 nature of the role whilst maintaining personal wellbeing Communicate security risks effectively - Master techniques for explaining complex security concepts in ways business stakeholders truly understand and act upon Adapt your approach for different organisations - Learn how security attitudes and approaches vary across small, medium and large businesses, and how to adjust your strategy accordingly Navigate organisational politics successfully - Understand how reporting structures and internal dynamics affect security programmes and learn how to operate effectively within them Prepare for future challenges - Get ahead of how AI and evolving regulations will reshape the CISO role and what this means for your career development Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Humans vs AI: Building a Security Culture That Actually Works with Noora Ahmed-Moshe 49:14
49:14 Play Later Play Later Lists Like Liked49:14
Play Later Play Later Lists Like LikedAs AI reshapes cybersecurity threats, understanding how scams are evolving has never been more critical. Welcome to Razorwire. I'm Jim, and today I'm talking with Noora Ahmed-Moshe, VP of Strategy and Operations at Hoxhunt. We'll explore how AI is transforming cybersecurity threats and what that means for protecting ourselves and our organisations. We discuss how traditional scams have changed with AI technology and look at why phishing remains a persistent problem, along with practical ways to make security training more effective. Noora explains her approach to combining smart technology with human awareness and why building a supportive security culture works better than focusing on mistakes. Join us to gain insights into today's cyber threats and take away actionable tips for how organisations can better prepare their teams. 3 Key Talking Points : AI-Enhanced Phishing Techniques : Discover how AI, including tools like ChatGPT, has drastically increased the volume and sophistication of phishing emails, making them harder to detect and more culturally nuanced. Positive Reinforcement in Training : Learn why a supportive, non-punitive approach to security awareness training—using gamification and rewards—can lead to better internalisation of security practices among employees. Deepfake Challenges : Understand the emerging threats posed by deepfake technology, particularly in a remote work environment, and how organisations can adapt their security measures to validate identities effectively. Tune in to this vital discussion to stay ahead of cyber threats and foster a culture of security within your organisation. Motivating Through Gamification: "It is about motivating people and how you do that. And that's why at Hoxhunt, when we do our training, for example, in terms of social engineering attacks, we reward people anytime they report something. Then they're on a leaderboard, and it's all gamified. So it gives people this real sense of engagement, and that makes it positive." Noora Ahmed-Moshe Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Power up your security training : Learn how to structure effective security training programmes that actually prevent data breaches, based on real-world examples of what works and what doesn't. Master the scammer’s playbook : Understand why "too good to be true" scams continue to succeed by exploring their evolution from the Love Bug virus to modern day frauds, helping you spot timeless patterns in social engineering. Outsmart AI-powered threats : Discover how AI is transforming phishing attempts with sophisticated language and cultural awareness and learn what makes these new attacks so challenging for staff to detect. Stay ahead of QR code attacks : Get ahead of emerging threats by understanding how criminals are exploiting QR codes in innovative ways and learn how to spot these often-overlooked security risks. Unlock human security potential : Understand why human behaviour is at the heart of most security breaches and learn practical ways to address these vulnerabilities in your organisation. Build a confident security culture : Discover why leading organisations are moving away from fear-based security cultures and learn how to create an environment where staff feel confident reporting potential incidents. Harness the power of psychology : Learn how behavioural science principles can transform your security awareness programme, with practical insights into how to offer positive reinforcement. Maximise security engagement : Explore successful examples of how organisations are using gamification and rewards to motivate staff, with practical tips you can apply to your own security programme. Tackle the deepfake challenge : Prepare for the future by understanding how deepfake technology is creating new authentication challenges, particularly for remote teams, and learn how organisations are adapting. Future-proof your training : Gain insights into creating adaptable security training that evolves with technology while meeting diverse employee needs, helping you build a more resilient security culture. Resources Mentioned Security Threats and Tools Hoxhunt’s Security Awareness Training Love Bug virus (early 2000s) Y2K preparedness systems Antivirus software and firewalls (early countermeasures) Statistics and Data 4,151% rise in malicious emails since ChatGPT launch 68% of breaches start with a human element 80-90% of human-related breaches begin with phishing Average cost of a breach was approximately $4.76 million USD last year 69% of people deliberately bypass their company's security guidance Attack Methods QR code scams, particularly in parking spots and car charging stations Package delivery scams Ransomware-as-a-service available on dark web Social engineering attacks targeting healthcare companies Training Tools Hoxhunt's gamified security training platform with leaderboards and reward systems Traditional CBT (Computer Based Training) systems Phishing simulations Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Mental Health, Organisational Culture & The Human Side of Cybersecurity 40:32
40:32 Play Later Play Later Lists Like Liked40:32
Play Later Play Later Lists Like LikedAre layoffs increasing your cybersecurity risk and driving your team to burnout? This episode looks into the psychological underpinnings of infosec to navigate turbulent times at work. Welcome to Razorwire, the podcast that cuts through the complexities of information security with sharp insights and expert discussions. In this episode, I’m joined by Lisa Ventura (MBE), founder of Cybersecurity Unity, and Bec McKeown, a psychologist specialising in high-risk environments. Together, we explore the hidden psychological factors that shape cybersecurity practices and discuss essential strategies to safeguard your organisation. Join us as we discuss the impact of economic layoffs on cybersecurity, the efficacy and ethical concerns surrounding psychological profiling, and the sophisticated tactics employed by malicious actors in today's digital arena. Lisa, Bec, and I also unpack the importance of organisational culture in mitigating human error, the role of mental health in cybersecurity, and how to implement targeted security measures without overwhelming your team. This episode is a must-listen for professionals seeking to understand the human dynamics behind infosec challenges and cultivate a supportive, resilient security culture. 3 Key Takeaways: Protect Your Organisation Without Crossing Privacy Lines. Want to strengthen your security approach without relying on controversial psychological profiling? Discover practical, ethical alternatives as Bec McKeown walks you through smarter ways to assess and mitigate insider risks whilst preserving employee trust and privacy. Prevent Data Theft During Company Transitions. Is your organisation facing changes? Learn how to protect your critical assets during turbulent times. Lisa Ventura reveals proven strategies to identify and secure your most valuable data, particularly when your company is experiencing workforce changes or economic pressure. Build a Stronger, More Resilient Security Team. Ready to boost both your security effectiveness AND team morale? Get hands-on techniques from Bec McKeown to create an environment where your security professionals thrive. Walk away with practical steps to reduce burnout, increase psychological safety and build a high-performing team that stays sharp and engaged. Tune in to Razorwire for actionable advice and expert perspectives to fortify your cybersecurity strategy amid challenging times. On Psychological Safety & Blame Culture: "If people are constantly told off for not doing things in the right way, whether that's cybersecurity training or otherwise, they're never gonna fess up to it... if you haven't got that psychological safety within the culture, then these things are probably more likely to happen because it's not in the person's best interest to hold their hand up." Bec McKeown Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Understanding Layoff Security Risks: Explore why workforce changes increase data theft risks and why organisations need heightened awareness during these transitions. Beyond Psychological Profiling: Learn more effective and ethical ways to assess security risks without compromising employee privacy - practical alternatives you can implement today. High-Value Target Protection: Understanding why certain roles face increased targeting and need additional security considerations. Maximise Security Training Impact: Transform your training approach with engaging methods that stick - discover how to boost participation while strengthening your security posture. Navigating Return-to-Office Security: Insights into balancing necessary monitoring with employee trust, and why two-way dialogue matters in implementing security measures. Strengthen Your Team's Mental Resilience: Tap into valuable resources from the Mental Health and Cyber Security Foundation and build a supportive environment that keeps your security team performing at their best. Enhance Human Expertise: Balance automation with human insight - learn practical ways to maintain sharp situational awareness whilst leveraging technology effectively. Understanding Security Regulations: Explore how legislation like DORA and certifications like Cyber Essentials are pushing organisations to take security more seriously. Prevent Security Team Burnout: Implement proven strategies to support your infosec professionals and maintain peak team performance through challenging times. The Importance of Security Culture: Why organisational support for security teams matters and how leadership attitudes impact security effectiveness. Resources Mentioned Cybersecurity Unity : Founded by Lisa Ventura, focusing on cybersecurity awareness and culture change. Mind Science : Founded by Bec McKeown, bringing psychological insights into high-risk industries, including cybersecurity. Mental Health in Cybersecurity Foundation : An organisation addressing burnout and mental health issues in cybersecurity professionals. Cyber Essentials : A certification program for businesses to ensure basic cybersecurity standards. Companies House : A UK government agency that could potentially integrate cybersecurity standards into its registration processes. The FAIR Institute : Although not directly mentioned in this podcast, it is referenced in the context of discussing risk management methodologies in cybersecurity. The FAIR Methodology : Not directly mentioned but relevant to the broader discussion of risk management in cybersecurity. DORA : A regulatory framework that could impact cybersecurity practices in financial institutions and their suppliers in Europe. Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Insider Threats & Third Party Risk: How to Manage Security Threats 44:58
44:58 Play Later Play Later Lists Like Liked44:58
Play Later Play Later Lists Like LikedEvery vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire! Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all. My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures. We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols. Key takeaways: Strengthen Your Third Party Risk Management Implement contractual audit rights early in vendor relationships Develop resilience plans for vendor service failures Understand the risks of supply chain dependencies (third parties of third parties) Plan for scenarios where key service providers might fail or be compromised Understand and Mitigate Insider Threats Identify different types of insider threats (accidental, disgruntled employees, corporate espionage) Monitor for behavioural changes and suspicious activity patterns Implement ongoing background checks and security clearance reviews Balance monitoring with employee privacy and company culture considerations Address Modern Security Challenges Evaluate the cost-benefit trade-offs between in-house and outsourced services Implement monitoring solutions that correlate data from multiple sources Develop security strategies that account for both human and technical factors Create comprehensive risk assessments that include both internal and external threats Join us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences. On the inevitability and scale of third-party breaches: "It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach." Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we discuss: ● Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins. ● Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities. ● Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls. ● Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them. ● Managing Employee-Related Risks: Develop strategies to identify and address employee dissatisfaction before it becomes a security threat. ● Controlling Access Privileges: Implement strict access management protocols to prevent credential misuse and unauthorised access sales. ● Managing Supply Chain Security: Build resilience into your supply chain by mapping dependencies and establishing clear liability frameworks. ● Implementing Comprehensive Behavioural Monitoring: Deploy systems that analyse multiple data sources (login patterns, email access, data transfers) to identify suspicious user behaviour patterns. ● Protecting Against Espionage: Apply updated legal frameworks like the UK National Secrets Act to safeguard intellectual property and sensitive information. ● Deploying Dynamic Security Monitoring: Establish continuous monitoring systems for both employees and third parties to detect threats early. Resources Mentioned "The Cyber Sentinel's Handbook" by Jim AWS (Amazon Web Services) Azure GCP (Google Cloud Platform) CrowdStrike UK National Secrets Act (updated 2024) Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
How to Optimise Your GRC Tools Improving Value, Efficiency & True Risk Management Are your GRC tools really managing risk, or just creating noise? Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity world to deliver actionable insights. I'm your host, Jim, and in this episode, we're discussing the multifaceted challenges and opportunities surrounding Governance, Risk and Compliance (GRC) tools with none other than Jack Jones, creator of the FAIR risk model and a seasoned security professional with nearly 40 years’ experience. In our conversation, Jack and I explore the intricate landscape of GRC tools, questioning their effectiveness in truly managing risk. We talk about the difference between controlling efficiencies and understanding genuine risks, shedding light on the often misleading contents of risk registers. In this episode, you'll learn invaluable insights that could transform how you approach risk management and compliance. From navigating price range vs efficiency, to the idea of developing a more effective and affordable GRC solution, this episode offers a treasure trove of useful takeaways for anyone in the cybersecurity field. Key takeaways The Real Cost of GRC Tools : Jack and I discuss the hidden expenses and renewal price hikes associated with existing GRC tools. If you're feeling the financial strain of your current GRC solutions, this segment is a must-listen to understand the true cost and value proposition of these tools. Redefining Risk Management : We talk about the importance of differentiating between real risks and mere efficiencies and how many organisations can get this wrong. Learn how to avoid the ‘noise’ in your risk register to focus on genuine risk scenarios that matter to your business. The Path to Better GRC Solutions : Tune in to hear our thoughts on the pressing need for innovation in GRC tool design. If you're looking for practical, cost effective solutions tailored to meet your risk management needs, you'll want to hear our insights and future plans. Don't miss this conversation that could reshape your perspective on GRC tools and risk management. "If I thought the [GRC tool] technology is actually provided anywhere near the value of their potential… if the GRC products and their implementations were actually doing the job they're intended to do, they should cost a lot of money because they would be providing a ton of value." - Jack Jones Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Cybersecurity Responsibilities Debate: We debate whether cybersecurity should fall under IT or infosec departments. Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it. GRC Tool Costs: Maximising GRC Tool ROI: Gain insights on how to assess and optimise your GRC tool's value proposition through regular utilisation and cost reviews. Identifying GRC Tool Shortcomings: Understand the common pitfalls of popular GRC tools in addressing real world risks, enabling better tool selection and implementation. Proper Risk Register Management: Learn to distinguish between genuine risks and audit deficiencies for more accurate and useful risk registers. Third-Party Risk Management: Learn strategies for effectively managing the challenges posed by third party risks in modern business environments. Effective Risk Communication: Master the art of framing risk discussions around loss event scenarios, for better communication with executives. The Potential of GRC Tools': Recognising the potential of GRC tools to manage complex IT environments and consolidate security data effectively. Ineffective GRC Tools: Exposing how security budgets are heavily consumed by expensive and often inefficient GRC tools, limiting additional security measures. Balancing Security Budgets: Learn to critically evaluate GRC tool costs and effectiveness to ensure balanced allocation of security resources. Resources Mentioned The FAIR model ISO 27001 PCI compliance Book: "The Cyber Sentinels Handbook" GRC Tools Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: https://www.razorthorn.com/ Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Navigating Mental Health, Narcissism & Burnout in Cybersecurity with Lisa Ventura MBE 40:52
40:52 Play Later Play Later Lists Like Liked40:52
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast where I, James Rees, cover the cybersecurity topics that matter with expert guests from across the industry. We aim to help cybersecurity professionals enhance their skills, improve their work performance, and boost their overall quality of life in this demanding field. The illustrious Lisa Ventura, MBE, award winning cyber security specialist and the founder of Cyber Security Unity, joins me in this episode. We talk about the pressing issues that cybersecurity professionals face on a daily basis, from mental health struggles to dealing with industry narcissists. Lisa shares her insights on current industry developments and uses her personal experiences to offer practical advice and knowledge for cybersecurity professionals at all career stages. Join us as we talk about: 1. Burnout and Mental Health in Cybersecurity: We talk about the root causes of burnout and mental health issues among cybersecurity professionals, and share practical strategies to protect your wellbeing in a high stress environment. 2. Navigating Industry Narcissism: Gain insights on how to identify and handle narcissistic behaviours in the workplace, and work towards a healthier and more supportive professional atmosphere. 3. Cyber Skills Gap and Industry Trends: Lisa's shares her thoughts on the role of AI and VC money, and the ongoing challenge of closing the cyber skills gap, especially in smaller organisations. Tune in to Razorwire and empower yourself with the knowledge and resilience essential for thriving in the cybersecurity arena. Lisa on handling narcissists in the workplace: "If it gets too much, I have only one bit of advice. And it's not a good bit of advice to say, and that is to find something new as soon as you possibly can and leave because those individuals will never change." Lisa Ventura, MBE Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Burnout and Mental Health: Discover strategies for managing burnout and maintaining mental health in cybersecurity. Cyber Skills Gap : Learn about the factors contributing to the cyber skills gap and how this can be addressed. Responsibility and Fear : Understand the psychological impact of responsibility and blame in security roles. Budget Reductions and Layoffs : Find out how budget cuts and layoffs are affecting the industry post-pandemic. Handling Narcissistic Individuals : Get practical advice on dealing with narcissistic individuals in the workplace. Infosec Industry Trends: Explore current and future trends in information security, including AI misuse. Legislation and C-Suite Attention : Learn how new legislation is increasing executive-level focus on cybersecurity. Experiences in Infosec : Hear firsthand accounts of dealing with negative behaviours in the industry. Targeting and Narcissism Among Women : Uncover insights on targeting and hypocrisy, even among diversity advocates. Challenges for Young Professionals : Find out how mentorship can help newcomers overcome challenges and impostor syndrome. Resources Mentioned Cyber Sentinels Handbook Who Wants to Be a Millionaire? Cyber Security Unity UK Cyber Security Association Titania Limited Nipper Studio Malvern cyber cluster Midland Cyber BT Pinson Mason Boost Technology Group Qualitest Autism awareness day Imposter syndrome awareness day Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 ChatGPT vs Cyber Threats: The REAL Role of AI in Cybersecurity 56:56
56:56 Play Later Play Later Lists Like Liked56:56
Play Later Play Later Lists Like LikedUnlock the truth about using Large Language Models (LLMs) in cybersecurity - are they the next big thing or just another trend? In this episode of Razorwire, your host, James Rees, brings together cybersecurity expert Richard Cassidy and data scientist Josh Neil to talk about the use of AI and large language models (LLMs) in cybersecurity and their role in threat detection and security. Join us for a discussion on the capabilities and limitations of these technologies, sparked by a controversial LinkedIn post. We bring you expert insights into AI in security applications and a frank discussion on always being open to learning and correcting misconceptions. Hear about real world examples and practical advice on how to integrate AI tools effectively without falling into common traps. This episode delivers a balanced, in depth look at an often misunderstood but crucial topic in modern cybersecurity. 3 Key Takeaways: Anomaly Detection Challenges: We break down why traditional time series models are still king when it comes to anomaly detection, highlighting the limitations of LLMs. Learn why these models are better suited for identifying real threats without drowning in false positives. Role of Critical Thinking in Cybersecurity: Richard Cassidy emphasises the irreplaceable value of human expertise in threat detection. Discover why relying too heavily on AI could stifle critical thinking and skill development, especially for junior analysts, potentially weakening your security team in the long run. Practical Applications and Misconceptions: Hear a candid conversation about the real strengths and weaknesses of LLMs in cybersecurity. Both guests share practical advice on how LLMs can augment, but not replace, human-driven methods to ensure stronger, more reliable security measures. Tune in to Razorwire for an episode that cuts through the hype and delivers actionable insights for cybersecurity professionals navigating the evolving landscape of AI in security. The Downside of AI in the Workplace: "My concern with AI assistants or co-pilots with quick and easy answers, the junior analysts aren't learning the critical thinking required to become senior analysts, and therefore we're losing our bench. And we're going to end up with unskilled senior analysts that don't know when the LLM doesn't know what to do. Neither does the human." Josh Neil Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: ● Anomaly Detection Challenges : Find out how experts approach the complex task of identifying unusual patterns in cybersecurity data. ● LLMs vs. Traditional Methods : We explore different approaches to anomaly detection, comparing cutting-edge AI with established statistical techniques. ● Organisational Understanding : Listen to insights on the importance of deep knowledge about critical systems for effective threat detection. ● Surgical vs. Brute Force Approaches : Discover the debate surrounding different methodologies in cybersecurity, and the role of human expertise. ● Training and Critical Thinking : We examine how the increasing use of AI tools might impact skill development in the cybersecurity workforce. ● Evolution of Threat Detection : Take the journey from manual processes to advanced automated systems, and learn how to take on the new challenges that have emerged. ● LLMs' Role in Cybersecurity : Find out how we can integrate LLMs within existing security frameworks. ● Misconceptions About LLMs : We explore common misunderstandings about AI capabilities in cybersecurity and their potential consequences. ● AI's Impact on Security Practices : Get recommendations on how organisations can responsibly incorporate AI tools into their security strategies. Resources Mentioned Los Alamos National Laboratory Ernst and Young Microsoft Securonix Alpha Level Rubrik "The Cyber Sentinel's Handbook" Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 DORA & NIS2: The Cybersecurity Regulation Revolution 50:43
50:43 Play Later Play Later Lists Like Liked50:43
Play Later Play Later Lists Like LikedAre you ready for DORA and NIS2? Discover how these regulations could transform your security strategy! Welcome back to another episode of Razorwire! Today we unpack the DORA and NIS2 regulations with esteemed cybersecurity expert Richard Cassidy. I’m your host, Jim Rees, and I’ll be guiding the conversation for anyone navigating the evolving landscape of digital security in the financial sector. In this information-packed episode: Discover why organisations are dangerously behind in DORA and NIS2 preparation Learn how these EU regulations could impact global operations, including US companies Explore the potential for hefty fines and personal liability for executives Understand the critical role of third party providers in compliance Get practical advice on assessing your organisation's readiness Uncover the challenges of implementing cross border information sharing Gain insights on budget planning and vendor alignment for compliance Whether you're a CISO, IT professional or business leader, this episode offers crucial information to help you stay ahead of regulatory changes. Don't miss Richard's expert analysis and insider tips on preparing effectively for compliance. This episode is packed with invaluable insights you won't want to miss. " Don't be looking at this, head in your hands and worry that you haven't got the stack. You most likely do have the capabilities. Now you've just got to understand how you go about aligning to DORA." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Regulatory Gap Analysis: Why organisations should start by analysing gaps between current performance and DORA and NIS2 regulations. Vendor Involvement: Why it’s essential to involve vendors and ensure they align with new regulations. Global Impact: Learn how DORA and NIS2 will impact organisations worldwide, especially those within the EU financial industry. Budget Implications: Advice on beginning regulatory analysis before budget renewal, for better allocation of resources. Contract Renegotiation: How to navigate the lengthy process and challenges of renegotiating contracts for compliance with new regulations. Third Party Security: Why we need to include audit rights and fine clauses in contracts with third party service providers. C-suite Accountability: Learn about the personal responsibility of the c-suite under DORA, including potential legal consequences. CISO Role Evolution: Find out how the CISO role is likely to gain more prominence and may replace the CIO in the future. Information Sharing Challenges: We discuss the difficulties organisations might face in sharing cybersecurity information. Implementation Recommendations: How to implement a simplified approach to aligning with DORA by assessing maturity and targeting domain-level improvements. Resources Mentioned DORA (Digital Operational Resilience Act) NIS2 (Network and Information Systems 2) PRA (Prudential Regulation Authority) PCI DSS (Payment Card Industry Data Security Standard) ISO 27001 (International Organisation for Standardisation 27001) Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Contextual Security and Beyond: The Future of Cybersecurity 47:45
47:45 Play Later Play Later Lists Like Liked47:45
Play Later Play Later Lists Like LikedWelcome back to Razorwire! I'm Jim, your host, and joining me today are cybersecurity experts Richard Cassidy and Oliver Rochford. Following on from our last episode of Razorwire, where Oliver and I discussed the key issues that cyber professionals need to focus on in 2024, this episode centres on key takeaways from recent security conferences, particularly RSA and Infosecurity Europe, and explores the shift towards contextual security as highlighted in Byron Acohido's recent report. The conversation covers several critical topics: The potential transformation of long term cybersecurity planning Emerging trends in integration and standardisation among security solutions Fresh perspectives on supply chain risk management The debate over vendor accountability for security vulnerabilities Innovative approaches to security budgeting and prioritisation We discuss the necessity of proactive security approaches, the value of contextual information in threat detection and response, and the importance of considering customer impact when assessing security risks. They also touch on the potential implications of AI advancements for cybersecurity strategies. We give you an overview of current industry trends, challenges and potential future directions. We challenge conventional ways of thinking and offer insights that may help reshape how listeners approach cybersecurity strategies so you come away with actionable insights and strategies. The Overwhelming Complexity of Choice at Tech Events "It's just unbelievable that at every stand you go to [the vendor says] “we're the best in application security.” “We are the best in UEBA.” And I try to put the customer hat on when I go to these events and go, oh my goodness, how does anybody make a decision in the midst of all of this complexity?" Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Data Growth Management : Addressing the growing need for truly effective data management to secure the projected increase in data volume in the coming years. Communication Challenges : The difficulties in communicating long term infosec plans to the C-suite, who focus on shorter term financial goals. Cultural Shift : How the infosec industry has been impacted by post-lockdown advancements in technology as well as cultural changes. Cybercrime Costs : The predicted increase in the financial cost of cyber attacks is likely to be a more significant financial threat than physical crimes by 2025. Financial Challenges : Current investments in cybersecurity are not keeping pace with the evolving threat landscape. New Strategies : Why we need to move from rules-based to contextual-based security. Integration : How interoperability and synergy between vendors can help address evolving threats. Cyber Senescence : Why we need a longer-term approach to cybersecurity planning. C-Suite Communication : Why infosec professionals need to communicate risk and the importance of security investment to the c-suite effectively. Vendor Relations : The challenges of vendor lock-in, tool obsolescence and the importance of stable, reliable vendor partnerships. Resources Mentioned The Byron Report The Last Watchdog RSA Conference Infosecurity Europe XDR Alliance Situational Awareness: The Decade Ahead Leopold Aschenbrenner, June 2024 Gartner Exabeam Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion. From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams. Key Talking Points 1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies. 2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions. 3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments. Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024. The Future of Cybersecurity: "I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything." Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry. - Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention. - Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present. - Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging. - Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions. - AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges. - Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets. - Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys. - Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies. - Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations. Resources Mentioned Events: Infosec conference RSA conference Companies: CrowdStrike Palo Alto Zscaler Snowflake Pure Storage Databricks ClickHouse Splunk Products/Technologies: EDR (Endpoint Detection and Response) SIEM (Security Information and Event Management) XDR (Extended Detection and Response) API security SOAR (Security Orchestration, Automation, and Response) Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 DORA is Coming: Is Your Financial Institution Ready for the Digital Resilience Revolution? 55:57
55:57 Play Later Play Later Lists Like Liked55:57
Play Later Play Later Lists Like LikedThe deadline for financial entities is looming – get actionable information and advice on DORA compliance with industry expert Paul Dwyer! Welcome to Razorwire, your go-to podcast for cutting edge insights and expert analysis in the world of information security. I'm your host, Jim, and in today's episode, we have the privilege of speaking with Paul Dwyer, returning Razorwire guest and veteran in cybersecurity risk and compliance, with over 30 years of experience and the head of the International Cyber Threat Task Force (ICTTF). In this episode, Paul and I discuss the operational resilience required by DORA legislation, touching upon substantial fines for compliance failures and the shift towards personal accountability at the business and boardroom levels. We cover the nuances of DORA and its intersections with NIS2, and talk about the importance of better communication within organisations and the growing responsibility of governing bodies and the c-suite. Paul shares invaluable insights on the risk-based approach that's overtaking traditional compliance methods, the business opportunities awaiting smaller players in the DORA compliance space, and the essential need for thorough and continuous training programmes. Key Takeaways 1. Discover compelling real world examples of how compliance failures have led to significant fines for large organisations and why personal accountability at the boardroom level is becoming crucial. 2. Learn how DORA and NIS2 regulations are evolving to include a risk based approach and are pushing for proportionality in implementing controls, shifting the focus from mere compliance to a truly risk-centric perspective. 3. Find out about the new business opportunities that DORA presents for small and midsize players in the market, including offering compliance services and challenging large cloud providers. The Era of Accountability in Management: "Anybody can fill out a little compliance spreadsheet, oh, there we go tick, tick, tick, we're doing all that, it goes through. But those days are gone because you need to trust, verify everything, you need to get the evidence." Paul Dwyer Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Operational Resilience: Find out about fines and individual accountability for compliance failures under DORA and NIS2. - Governance Focus: We talk about increased attention on cybersecurity from governing bodies and the c-suite. - Risk Based Approach: Why the regulations’ emphasis is on proportional, risk centric controls over mere compliance. - Business Opportunities: Identifying opportunities for small and midsize players in offering compliance services against large cloud providers. - Regulatory Adaptability: Why we need DORA regulations to be adaptable to various organisational risks. - Training and Awareness: Addressing the crucial need for thorough DORA awareness programmes for all levels of staff, especially non-tech leaders. - Compliance Tools: Introducing tools like CyberPrism and AI-based solutions for assisting organisations in DORA compliance. - Information Sharing: Discussing the importance of peer-to-peer intelligence sharing and distinguishing it from mere information sharing. - Leadership Evolution: Emphasising the need for CISOs and other leaders to possess hybrid skills tying cybersecurity with business strategy and legal frameworks. Resources Mentioned ICTTF DORA NIST 2.0 ISO PCI EU DORA Summit EU Cyber Summit (November 7-8 in Dublin) DORA community group CyberPrism GPT AI tool for DORA compliance DORA compliance specialist course Navigating DORA (book by Paul Dwyer) The Cyber Sentinels Handbook (book by Jim) TSB Service Failure Other episodes you'll enjoy Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/ The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Secrets of a Cyber CEO: The Truth About Running a Cybersecurity Business 49:49
49:49 Play Later Play Later Lists Like Liked49:49
Play Later Play Later Lists Like LikedUnlock the secrets to successfully navigating the cybersecurity business landscape with insights from industry legend Jane Frankland on this episode of Razorwire. Welcome to Razorwire, I'm your host, Jim and in today’s episode, we have the privilege of discussing the intricacies of running a successful cybersecurity business with none other than Jane Frankland. With over 26 years in the industry, Jane has built and sold businesses, influenced trends and mentored the next generation of cybersecurity professionals. In this episode, I chat with Jane Frankland about the challenges and most rewarding experiences of running a cybersecurity business. Jane tells us about her journey from the early days of cybersecurity in the 90s to becoming a prominent influencer and entrepreneur. We explore topics like managing growth, the shift towards freelance work and the importance of humility and mentorship in the industry. 3 Key Talking Points: 1. Managing Business Growth: Jane shares her strategies for managing growth through the use of associates and outsourcing non-core functions. Learn how to scale your business efficiently while keeping your core operations robust. 2. Navigating Industry Trends: We talk about the increasing amount of freelance work in information security, the importance of a reliable pool of pentesters and the risks of crowdsourced pentesting companies. Gain insight on how to adapt your business model to include evolving industry practices. 3. The Role of Mentorship and Humility: Jane and I discuss why mentorship for young professionals is so important and the significance of humility in leadership. Discover why ditching egos and maintaining an approachable demeanour is crucial for building a successful cybersecurity business. Don't miss out on these pearls of wisdom from one of cybersecurity's most respected voices. The Reality of Running a Business: "You are literally flying by the seats in your pants and navigating your company, at the helm, which is very, very stressful. Very stressful. And yet it is exciting and it is fun." Jane Frankland Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Business Growth Strategies: Discussing the challenges and careful expansion required to grow a cybersecurity business. - Outsourcing and Associates: Managing growth by outsourcing non-core functions like marketing and accountancy and using associates. - Pentesting Workforce: The shift towards freelance pentesters and the challenges of maintaining a reliable pool of talent. - Revenue Diversification: The importance of diversifying revenue streams and adapting business focus to market changes. - Industry Egos: Addressing the rise of egos in the information security industry and the importance of humility. - Emotional and Mental Challenges: Exploring the emotional rollercoaster and loneliness experienced by business owners. - Mentorship and Support: Highlighting the importance of mentors and coaches for guidance, especially during the early stages of business. - Client Acquisition and Recruitment: The complexities of recruiting staff, especially pentesters and salespeople and the challenges of client acquisition. - Financial Management: The critical importance of managing finances accurately and the common pitfalls at the tax level. - Encouraging Young Talent: The significance of mentoring young professionals and actively supporting their entrance and growth in the cybersecurity industry. Other episodes you'll enjoy Preventing Burnout in Cyber Security https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/ SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Redefining Cyber Insurance to Meet Today’s Cybersecurity Challenges 47:17
47:17 Play Later Play Later Lists Like Liked47:17
Play Later Play Later Lists Like LikedIn a landscape where cyber attacks are constantly evolving, is your business insurance keeping pace? Welcome to another episode of Razorwire! I'm your host, Jim, and today we dive deep into the dynamic world of cyber insurance. Neil Hare-Brown and Matt Clark, two industry experts, are with us to share their wealth of knowledge and insights on how cyber insurance has changed to address today's security challenges. In this episode, we cover the critical role of cyber insurance in modern security strategies, from mitigating the financial impact of cyber incidents to navigating the details of underwriting and premium setting. We also discuss the increasing trend of third party attacks and why companies must prioritise reviewing their vendors and suppliers. By the end of this episode, you'll have a clearer understanding of why cyber insurance is no longer a luxury but a necessity, and how you can leverage it to bolster your organisation's cyber resilience. Key Talking Points: 1. Rising Costs and Frequent Threats: Neil explains why cyber insurance is crucial for mitigating significant financial impact of cyber crime. 2. Underwriting and Premiums: Matt tells us how insurers use data and tools like ransomware calculators to set premiums and how businesses can proactively improve their cybersecurity posture. 3. Vetting Third Party Vendors: We discuss why we must thoroughly assess third party providers, with insights into new insurance services and facilities aimed at helping businesses manage and recover from cyber incidents more effectively. Tune in to discover how cyber insurance can be an integral part of your organisation's defence strategy and ensure you're prepared for whatever comes your way. Cyber Risk Management: "I think there is still quite a long way for businesses to go, for boards to appreciate that cyber risk management is not an operational problem." Neil Hare-Brown Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Impact of Cyber Incidents: How to accurately estimate the financial repercussions of cyber attacks. - Ransomware and Business Email Compromise: We discuss the current trend for ransomware and business email compromise, and how to protect your organisation from the increased frequency and severity of the attacks. - Double Extortion and Data Breaches: The evolution of cyber threats which includes tactics like double extortion and significant reputational harm. - Using Data to Inform Insurance: How data from insured cyber events helps give risk insights for setting premiums. - Proactive Cyber Risk Management: Why it’s essential to have a cyber champion on the board. - Third Party Risks and Cyber Insurance: Third party attacks can severely impact businesses, highlighting the need for comprehensive cyber insurance. - Evolving Insurance Facilities: New offerings such as breach response services are becoming more accessible and affordable. - Post-Incident Actions: Breach experiences often lead companies to enhance cybersecurity measures and seek appropriate insurance coverage. - SMEs and Cybersecurity: Smaller enterprises struggle with maintaining effective cybersecurity processes and benefit greatly from cyber insurance. - Continuous Learning in Cybersecurity: Why we must continue to learn and evolve for effective cybersecurity strategies. Resources Mentioned The Cyber Sentinels Handbook ISO 27001 certification Cybercare Breach response service Multifactor Authentication (MFA) Cyber essentials certification Other episodes you'll enjoy Cyber Insurance: Is It Fit For Purpose? https://www.razorthorn.com/cyber-insurance-is-it-fit-for-purpose-razorwire-podcast/ SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
Unmask the reality of the information security world in this week's episode of Razorwire! Join me, Jim, and my guests, Chris Dawson and Iain Pye, as we talk about our daily frustrations working in infosec and the pressing issues facing cybersecurity professionals. We dissect the gripes, pet peeves and laughable clichés that saturate our industry. From the hype of award ceremonies to the absurdity of exaggerated credentials on LinkedIn, this conversation is packed with insights and anecdotes that will resonate with every cybersecurity professional. Stay tuned and subscribe for this candid look at the ups and downs of our industry. Key Talking Points: 1. Real Talk on Compliance and Regulations: Discussing the hype around compliance requirements like GDPR and DORA, we break down the importance of understanding and managing these regulations without falling for marketing gimmicks. 2. Vendor Exaggerations vs. Reality: Discussing the overblown claims around GDPR and DORA compliance and the serious implications for cybersecurity. 3. Grandstanding Egos: The rise of self-proclaimed thought leaders and influencers and their role in fuelling fear, uncertainty and doubt within the infosec community. Tune in for a frank and entertaining discussion on the gritty realities of information security! The Struggles of Simplicity: "Your average user will go out their way to circumnavigate the controls that you've put in place." Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Annoying Infosec Practices: This satirical podcast dives into some of the most irritating practices in the infosec industry. - Auditor Issues: The frustrations of dealing with auditors. Enough said. - Integrity at Work: We talk about significance of acting professionally in workplace settings. - Infosec Vendor Marketing: The creative license taken by vendor marketing departments and how to stay wise to exaggerations. - Risk Management Complexity: We talk about the overwhelming abundance of acronyms, and the importance of clear communication and documentation. - Compliance and Regulations: We look into the implications of compliance requirements such as GDPR and the upcoming DORA. - Exaggerated Professional Profiles: We lament the trend of elaborate and often exaggerated LinkedIn profile titles and qualifications. Resources Mentioned - The Cyber Sentinel’s Handbook - GDPR (General Data Protection Regulation) - DORA (Digital Operational Resilience Act) - LinkedIn - Chat GPT Other episodes you'll enjoy Preventing Burnout in Cyber Security https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/ SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025 gdcr3sq9…
R
Razorwire Cyber Security
1 The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black 47:45
47:45 Play Later Play Later Lists Like Liked47:45
Play Later Play Later Lists Like LikedIn this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network. In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices. Key Talking Points: 1. Deception Tools and Strategy - Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions. 2. Psychological Influence on Threat Actors - Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors. 3. Real World Case Studies - We discuss impactful examples, including the NSA's deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts. Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity. Deception 2.0: Envisioning the Future of Cybersecurity "So attackers believe the systems they're using because they've got no reason to believe the computer won't lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don't know what to trust and what not to trust?" Robert Black Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats. - Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers' speed and decision making. - Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies. - Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy. - A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy. - Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs. - Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence. - Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments. - Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers' behaviour. Guest Bios Robert Black Rob left the UK government in 2014 after over a decade supporting the development capabilities for British and allied military and cyber operations. Since then, Rob has been a lecturer in Information Activities at Cranfield University, part of the UK Defence Academy and teaches on the UK MoD’s Cyberspace Operations MSc. From 2020 to 2024, Rob was the Director of the UK Cyber 9/12 Strategy Challenge leading on the development of the next generation of cybersecurity leaders. He was also Deputy Director of the UK National Cyber Deception Laboratory since its inception in 2019 to 2022, where he encouraged the development of a proactive approach to cyber defence through the use of deception techniques and other novel measures to confuse and disrupt cyber attackers. He remains involved in shaping policy dialogue on issues such as national security, cyber and intelligence through his role as an Associate Programme Director at Wilton Park, part of the UK Foreign Commonwealth and Development Office, and also acts as a senior adviser to the International Information Integrity Institute (i-4), owned by KPMG. Resources Mentioned - Pimlico Plumbers - NSA's study on deception - Stuxnet cyber attack - LinkedIn (Robert Black's profile) - Cyber Sentinels Handbook Other episodes you'll enjoy The Human Psychology Behind Cybersecurity With Bec McKeown https://www.razorthorn.com/the-human-psychology-behind-cybersecurity-with-bec-mckeown/ Criminal Minds: How the Cyber Crime World Works https://www.razorthorn.com/criminal-minds-how-the-cyber-crime-world-works/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Trust vs Control – Is Zero Trust Inevitable? 44:37
44:37 Play Later Play Later Lists Like Liked44:37
Play Later Play Later Lists Like LikedWelcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice. We discuss: 1. Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity. 2. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean. 3. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy. Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines. “We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense." David Higgins Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control. - Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust. - Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations. - Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments. - Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries. - Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively. - Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors. - The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response. - Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics. - Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures. GUEST BIO David Higgins David is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with privileged escalation, lateral movement and credential theft and discusses best practices and driving innovation around privileged management processes. Resources Mentioned - ISO certification - SOC certification - SaaS (Software as a Service) - GDPR (General Data Protection Regulation) - BlackKite - CyberArk Software Other episodes you'll enjoy Security vs Privacy: The Ethics of Data Collection https://www.razorthorn.com/security-vs-privacy-the-ethics-of-data-collection/ The Use Of AI In Cybersecurity – Consultants Roundtable https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/ Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Hacking Cybersecurity Training: Escape Rooms & Entrepreneurial Thinking with Amy Stokes-Waters 36:41
36:41 Play Later Play Later Lists Like Liked36:41
Play Later Play Later Lists Like LikedOn this week's edition of the Razorwire podcast, Jim sits down with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy brings her unique entrepreneurial perspective from a non-traditional background, transitioning into cybersecurity. The conversation provides valuable insights for security leaders as Amy candidly discusses her innovative approach to security awareness training through immersive, gamified escape room experiences. She shares her views on critical issues facing the industry today, such as combating AI-enabled disinformation campaigns, addressing the cybersecurity workforce shortage driven by unrealistic job requirements and improving strategic communication between security teams and business executives. Amy's experiences building her company and developing engaging training programmes make for a compelling discussion. Security professionals will gain new insights into creative methods for better educating end users and elevating cybersecurity's importance across the organisation. Her frank opinions and fresh mindset provide a thought provoking perspective for security leaders navigating the evolving threat landscape. Key Talking Points 1. Innovative Security Training: Discover how Amy's company uses escape room experiences to teach important cybersecurity concepts, from phishing to insider threats, making learning engaging and memorable. 2. Changing Threat Landscapes: Hear about the impact of ransomware on businesses big and small, the evolution of insider risks and how AI is shaping the future of information security. 3. The Human Element in Cybersecurity: Gain insight into the importance of strategic leadership in cybersecurity roles and how businesses can navigate the challenges of educating teams and customers about the growing complexity of threats. Tune in for a fascinating discussion that sheds light on new methods of strengthening cybersecurity awareness and the vital role human factors play in protecting our digital worlds. "I don't know many people that proactively undertake security awareness training, you know, sitting watching videos and animations and all that kind of thing. I genuinely don't know anyone that does that as a hobby, but I think it's something that's super important." Amy Stokes-Waters Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Cybersecurity Awareness via Escape Rooms: How immersive escape room experiences can be more beneficial than traditional methods utilised in cybersecurity education. - Insider Risk Management: Overcoming the challenges businesses face from internal threats and the risks of employees being exploited by ransomware attackers. - Impact of Cloud Migration on Security: How the shift to cloud computing during the lockdown affected the security of supply chains. - Artificial Intelligence and Disinformation: The dangers of AI in creating and spreading disinformation in geopolitical contexts and its potential risks in cybersecurity. - Cybersecurity in Small Businesses: We discuss the vulnerability of small businesses as integral parts of larger supply chains and the specific security challenges they face. - Career Reflections and Advice: Insights on personal growth in the cybersecurity field and the importance of reflecting on one’s mistakes and learning from them. - Evolving Role of CISOs: How the role of Chief Information Security Officers is changing. - Legal and Regulatory Aspects in Cybersecurity: Discussion on the emergence of cyber law, the importance of effective communication during security breaches and the evolving landscape of cybersecurity regulations. - Challenges in Cybersecurity Hiring Practices: We talk about the issues with unrealistic job descriptions and the unethical behaviours of recruiters in the cybersecurity job market. - Future of AI in Cybersecurity: A sceptical perspective on relying solely on AI for cybersecurity, stressing the essential need for human supervision and interpretation of AI-generated outputs. Guest Bios Amy Stokes-Waters CEO, Esc - The Cyber Escape Room Co Amy has a decade of experience in sales and marketing and now acts as CEO at The Cyber Escape Room Co and CCO at Yellowstone Security. She is a founding member of RINA's Maritime Cyber Security Task Force and an active advocate for gender diversity in the industry. As a regular guest on podcasts and panels, Amy talks on a variety of topics, including security culture and awareness, personal branding and women in tech. Resources Mentioned - Cyber Escape Room company - Microsoft security stack - LinkedIn - Cyber Sentinels Handbook Other episodes you'll enjoy Preventing Burnout in Cyber Security https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/ SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter 1:15:57
1:15:57 Play Later Play Later Lists Like Liked1:15:57
Play Later Play Later Lists Like LikedWelcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion. Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. Key Talking Points Personal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation. Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate. -Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout. Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people. Embracing Failure for Cybersecurity Improvement: "We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’" Yanya Viskovich Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises. - Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers. - Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure. - Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation. - Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals. - Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic. - Power of Recognition: We discuss the role of recognition and appreciation in mitigating work-related stress and improving employee satisfaction. - Burnout and Operational Effectiveness: The use of the Critical Incident Technique as a framework for understanding work-related stressors and developing strategies to improve burnout and operational effectiveness. - Burnout Recovery and Resilience: How individuals can recover from burnout and leverage the experience to grow stronger and more resilient to future stressors. - Risk and Response to Burnout: Arguments are made for including professional burnout as a significant risk in organisational risk registers and developing multifaceted strategies to prevent and respond to it in the cybersecurity sector. Guest Bios Yanya Viskovich Yanya Viskovich is a cybersecurity expert specialising in the human factor. A TEDx and Fortune 500 keynote speaker and Senior Manager in Security Consulting at Accenture Switzerland, Yanya advises and presents to CISOs, C-Suites and Boards on how to reduce human security risk and enhance security cultures, and conducts executive cyber crisis simulations. Her March 2023 TEDx talk, "Why Burnout Culture is a Cyber Risk", has been instrumental in raising awareness about the impacts of stress and burnout on organisational cyber risk and resilience. She is a former cybercrime prosecutor, has advised the Australian Federal Privacy Commissioner, trained law enforcement agencies, and held diverse senior in-house roles in large multinationals and international organisations, including the United Nations, where she strategised and implemented crisis plans and data protection policies. Yanya also serves as Chair of Cyber Law & Governance at the Swiss Cyber Institute and as an expert ethics advisor to the European Commission. She regularly guest lectures at Swiss and European universities, and contributes to publications and professional standards on cybersecurity, AI, data protection, privacy, and data ethics. Yanya is an Australian Bar-admitted attorney and holds a Bachelor of Laws, a Bachelor of International Relations, and a Master of Laws from the Australian National University; a Data Protection Officer certification from the European Centre on Privacy and Cybersecurity at Maastricht University; executive certificates in cybersecurity management from MIT Sloan School and the Geneva Centre for Security Policy, and in applied computer science from EPFL. Eve Parmiter Eve works as a therapist, coach, and consultant. She focuses on power, potential, and performance, and the things that get in the way, like the misuse and abuse of power, and the wear and tear of what we choose to do, including workplace burnout. She runs a successful private practice, and has worked with the military, public, and private sectors, with new recruits to C-suite and founders, and with world-class performers in sports and the arts. Organisations and individuals work with Eve to make meaningful changes in their teams and lives. Improving performance, developing resilience, and building wellbeing all contribute to achieving high hard goals, rich connection, deep fulfilment, and have a positive impact on the bottom line. She graduated with a First Class BScEcon in International Relations, and a Master’s Distinction from LSE. She holds a Black Belt in Jeet Kune Do, has worked as a professional actor, and is a trained Cognitive Hypnotherapist, clinical traumatologist, and NLP Master Practitioner. Resources Mentioned - Accenture - United Nations - UN High Commissioner for Refugees - International Committee of the Red Cross - "The Cyber Sentinels Handbook, A Primer for Information Security Professionals" - World Health Organisation Other episodes you'll enjoy Preventing Burnout in Cyber Security https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/ SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Impact of FAIR on Risk Management with Jack Jones 41:06
41:06 Play Later Play Later Lists Like Liked41:06
Play Later Play Later Lists Like LikedWelcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model. In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed! Key Talking Points: 1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity. 2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard. 3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential. For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field. “I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” - Jack Jones Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy. - Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management. - Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally. - Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology. - Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the new materiality assessment. - Communication and Misunderstandings: The challenges faced in conveying the principles of FAIR, leading to some recommendations to alter the model and the need for clearer communication. - Widespread Adoption and Consistency: The pride in the widespread application of the FAIR methodology across different business domains and its consistent framework over time. - Future Expansions and Applications: The anticipation of new additions to the FAIR model and its application beyond security, including financial, operational and natural disaster risk assessments. - Automation in Risk Quantification: The evolving trend towards using technology such as AI to automate cyber risk quantification for timelier and mainstream industry applications. - Resources and Further Engagement: Information on resources for learning more about the FAIR methodology, upcoming publications and ways to connect with thought leaders in the field. Guest Bio Jack Jones Chairman Emeritus of the FAIR Institute Jack has worked in information security for over 35 years, 10 years of which as a CISO with three different companies, including a Fortune 100 company. His work was recognised in 2006 with the ISSA Excellence in the Field of Security Practices. Jack has received the CSO Compass award for risk management leadership and also had the privilege of participating in the ISACA task force that created the original RiskIT framework and led the development of ISACA’s CRISC certification programme. An adjunct instructor at Carnegie Mellon University, he teaches in the CISO executive programme. Jack also created the Factor Analysis of Information Risk (FAIR) and FAIR-CAM models which have been adopted as international standards for measuring risk. In 2015, he co-authored a book on FAIR entitled Measuring and Managing Information Risk, a FAIR Approach, which was inducted into the Cyber Security Canon in 2016. Resources Mentioned - FAIR risk methodology - Jim's recently released book, "The Cyber Sentinels Handbook" - Kindle Unlimited - RMI Solutions - FAIR Institute - FAIR controls analytics model (Faircam) Other episodes you'll enjoy Cybersecurity in 2024: Expert Predictions You Need to Know https://www.razorthorn.com/cybersecurity-in-2024-expert-predictions-you-need-to-know/ The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfare https://www.razorthorn.com/the-rise-of-cyber-mercenaries-governments-secret-weapons-in-cyber-warfare/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Real Impact of the Lockbit Ransomware Takedown 51:18
51:18 Play Later Play Later Lists Like Liked51:18
Play Later Play Later Lists Like LikedWelcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you. Key Talking Points: 1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts. 2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach. 3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board. Don’t miss out on this candid and informative discussion. "There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there." Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain. - Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions. - Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector. - Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals. - Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals - Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios. - Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness. - Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement. Resources Mentioned - Lockbit Ransomware Group - Cyber Volunteer Group (mentioned in relation to COVID-19) Other episodes you'll enjoy The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfare https://www.razorthorn.com/the-rise-of-cyber-mercenaries-governments-secret-weapons-in-cyber-warfare/ Cybersecurity in 2024: Expert Predictions You Need to Know https://www.razorthorn.com/cybersecurity-in-2024-expert-predictions-you-need-to-know/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Rise of Cyber Mercenaries: Governments' Secret Weapons in Cyber Warfare 45:06
45:06 Play Later Play Later Lists Like Liked45:06
Play Later Play Later Lists Like LikedIn this episode, we tackle some of the most pressing issues in the convergence of cyber warfare, information security and political strategy. Our guests, Iain and Chris, share their frontline insights on how the digital realm has become a playground for clandestine operations, where cyber mercenaries are the new knights, rooks and perhaps even the kings. We examine the repercussions and complexities of engaging third party cyber groups for state-sponsored operations, debate the seemingly lucrative appeal of cybercrime and look at real-world examples where the cyber realm has been militarised. Discussions range from the effect of bot networks on democracies, to the specific roles of organised criminal cyber divisions and the evolution of digital espionage. Talking Points: 1. The Intricate Web of Cyber Mercenaries: Discover the hidden connections between governments, political factions and cyber mercenaries. We unravel the complex tactics and consequences of outsourcing cyber warfare and the ethical lines that get blurred along the way. 2. The Business of Cyber Conflict: We talk about the paradoxical profitability of cybercrime versus the costs of robust defence. We discuss the art of balancing offensive strategies and cybersecurity defences, drawing comparisons between private sector incentives and government backed digital warfare. Professionals keen on risk assessment and cyber strategies will find this conversation particularly interesting. 3. Navigating Cybersecurity Governance: Dive into a crucial debate on managing the cyber mercenary phenomenon, filtration in intelligence gathering, and the quintessential role of governance in preventing operational downfall. As we explore the undeniable need for quality defence mechanisms, the insights shared here are invaluable for any professional aiming to stay ahead of cyber threats. Join us on Razorwire, your go-to podcast for cutting through the digital noise, as we delve into a world where cyber conflict is omnipresent and the concept of warfare is forever altered. This is one episode you'll want to replay, decrypt and safeguard in your mental arsenal. "It's not like a physical mercenary group where you can see them. They're not blowing anything up. Nothing's going to go bang so people actually notice. So unless a government gets hacked or something happens, unless they shut down the national grid, unless there’s collateral damage that comes with it - they can pretty much hide it away, can't they?" Chris Dawson Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Government and Media Control: Exploring the intersections of government ownership of media and its implications for information security and cyber warfare. Corporate Espionage and Cyber Warfare: Debating the ethical and strategic considerations of engaging in corporate espionage and cyber warfare. Cyber Mercenaries: Examining the rise of cyber mercenary groups willing to conduct cyber warfare operations for hire. Digital Infrastructure Security: Discussing the technical and strategic challenges associated with detecting and defending against compromises in digital infrastructures. Plausible Deniability and Cyber Attacks: Considering the strategy of plausible deniability and its potential to shield governments from the fallout of cyber operations. Monetisation of Cyber Crime: Analysing the profitability and incentives driving skilled cybercriminals and how crime pays in the cyber realm. Cyber Warfare and Political Influence: Delving into how cyber warfare can be a tool for political manipulation and influence, referencing historical and recent events. Mercenary Tactics in Cyberspace: Comparing the operations of traditional mercenary groups to digital equivalents and their impact on modern conflicts. Legal and Ethical Challenges of Cyber Warfare: Discussing the complex legal and ethical landscape of cyber warfare, including the difficulty in predicting outcomes and avoiding collateral damage. Defence and Upskilling in Cyber Mercenary Groups: Highlighting the importance of continuous training and developing trust to scale commercial cyber mercenary operations effectively. Resources Mentioned - Vulkan files - Colonial Pipeline attack - Dark Side - Hacking group - Wagner Group - Cambridge Analytica - Cozy Bear - APT 29 - NHS (National Health Service) Other episodes you'll enjoy The reality of cyber warfare https://www.razorthorn.com/the-reality-of-cyber-warfare/ The Impact of Compliance and Legislation https://www.razorthorn.com/strengthening-cyber-security-the-impact-of-compliance-and-legislation/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Trends in Identity and Access Management with Simon Moffatt 45:56
45:56 Play Later Play Later Lists Like Liked45:56
Play Later Play Later Lists Like LikedHello Razorwire listeners! It's your host Jim here, and in today's fascinating episode, we sit down with cybersecurity veteran Simon Moffatt. With two decades under his belt in the dynamic field of identity and access management, Simon unpacks the complexities of cyber protection in our modern age. From the evolution of technology to the murky waters of liability and insurance in cybersecurity, Simon's insights shed light on the challenges and trends we face. As the founder of The Cyber Hut, Simon taps into his experience with giants like Oracle and ForgeRock and his startup stints to guide organisations through the labyrinth of cybersecurity strategies. We talk about the seismic shifts in industry practices, highlighting the advent of cloud technologies and "as a service" models and the post pandemic rise of remote work. We explore the forefront of passwordless technology, the challenges of IoT security, and the critical nature of defence in depth strategies. You’ll hear about a significant legal battle that a sizable organisation won against its insurers, highlighting the larger uncertainties in cyber liability insurance. Find out about Simon's predictions for the industry's trajectory, combined with his first hand accounts of working in various sectors of the tech world, to provide a rare glimpse into the past, present and future of cybersecurity. Key Talking Points: 1. The Transformation of Cyber Liability Insurance: Discover why a major organisation's legal victory signals a critical juncture for cyber liability coverage and what this means for businesses navigating today's risk landscape. 2. Passwordless Futures and Biometric Booms: Tune in as Simon forecasts the rise of biometric authentication over the next few years, discussing how behaviour tracking could redefine threat detection and response. 3. Cloud Confusion and Shared Responsibilities: Uncover the intricacies of cloud service models and how shifting boundaries have resulted in complex challenges for CISOs and CIOs in pinpointing control and ownership amidst a virtual landscape. Ready for a deep dive into cybersecurity's evolving realm with Simon Moffatt? Join us on Razorwire to unravel the enigma of cyber protection in our interconnected world. “Cyber's a top priority, maybe even more so than it was 3 or 4 years ago. By that, I mean people are quite familiar with protecting their own identities, or PII protection. People are aware of hackers, you know, the bad guys, nation state threats." Simon Moffatt Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Concerns and challenges surrounding data protection liability The problems of uncertainty due to the constantly changing landscape of cyber liability insurance Incomplete picture of cybersecurity with third party intelligence companies The limitations of third party intelligence companies in the cybersecurity space Trends in identity and access management Introduction to The Cyber Hut, a business focused on tracking cyber trends and aiding organisations in navigating the cybersecurity landscape The shift towards cloud technology, remote work and changes in software delivery The blurred lines of responsibility in cloud services are explored, raising questions about data ownership and control The need for agility, modularity and preparedness in systems following the pandemic GUEST BIO Simon Moffatt Simon is a recognised expert in the fields of digital identity, access and information security who assists organisations in the venture capitalist, public, private and government sectors with the selection, use and design of products and strategies to help keep information assets secure. He is also the Founder of The Cyber Hut - a global cyber security industry analysis and advisory practice based out of the UK. With over 20 years’ experience in a broad array of security design and architecture domains, Simon has a deep specialism within identity and access management. Simon is a published author, contributor to standards at NIST and the IETF and is a regular keynote speaker. He holds several accolades including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and is a Fellow of the Chartered Institute of Information Security (F.CIIS). He also holds a Post Graduate Diploma from the GCHQ certified Information Security Group at Royal Holloway, University of London. Resources Mentioned Oracle ForgeRock The Cyber Hut Sun Microsystems Azure Google Cloud SaaS applications Vayu Sarbanes-Oxley (SOX) PCI DSS (Payment Card Industry Data Security Standard) IoT (Internet of Things) GDPR (General Data Protection Regulation) CCPA (California Consumer Privacy Act) Other episodes you'll enjoy Breaking Into Cybersecurity: Essential Tips for Newbies https://www.razorthorn.com/breaking-into-cybersecurity-essential-tips-for-newbies/ What To Do If You Are A Victim Cybercrime: The Anatomy Of High Profile Incident https://www.razorthorn.com/what-to-do-if-you-are-a-victim-cybercrime-the-anatomy-of-high-profile-incident/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security, from seasoned professionals with years of experience, triumphs, and lessons learned under their belt, to those in relatively early stages of their careers, offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals, providing insights, news, and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss, email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Adapting to Legislative Demands: Insights on Cyber Security Compliance in Critical Infrastructure 55:36
55:36 Play Later Play Later Lists Like Liked55:36
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I'm your host, Jim, and in today's episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos. In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications. Key Talking Points: 1. The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation. 2. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments. 3. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation. “We can't let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it's a distraction, I think, from real security." Steve Applegate - Dragos Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation. Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls. Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs. Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats. Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks. Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes. Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency. Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC. Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology. Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry. Resources Mentioned - Dragos - Sellafield - Azure Active Directory (AD) - Microsoft Active Directory Other episodes you'll enjoy DORA Compliance Made Clear: Essential Training for Safeguarding Financial Institutions w Paul Dwyer https://www.razorthorn.com/dora-compliance-made-clear-essential-training-for-safeguarding-financial-institutions-w-paul-dwyer/ Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Cybersecurity in 2024: Expert Predictions You Need to Know 58:39
58:39 Play Later Play Later Lists Like Liked58:39
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast for all things cybersecurity and information security. I'm your host, Jim, and today we have a thought-provoking discussion with industry experts Iain Pye and Chris Dawson about emerging cybersecurity threats and trends to watch out for in 2024. In this episode, we dive into three key talking points that are essential for cybersecurity professionals to listen in on: The accelerating risk of ransomware and data breaches, including the increasing need for continuous security testing and the challenges of balancing security tool costs with limited budgets and the speed required to adapt. The use, impact and potential threats of artificial intelligence on major global events including the elections coming up in 2024, in the context of societal and political manipulation, as well as the rising risks of identity theft, sophisticated disinformation and deep fake technology. The importance of operational resilience plans, the challenges of compliance and auditing processes, and the need for improved cybersecurity standards and training. Tune in to gain insights from leading experts in the field on how organisations can prepare for the cybersecurity challenges of 2024. "What's your operational resiliency plan? How is your organisation going to have to learn the hard truths? Take a really hard look at what you're doing and go: if that falls over or it gets breached, can we keep running our business?" Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Technology vs. training: security advancements outpacing public knowledge - Complex compliance: regulation challenges for smaller organisations - Cybersecurity testing shift: from annual to continuous - Offensive and defensive AI use anticipated to increase in 2024 - Reviewing technical security solutions and policies - Budget struggles: balancing security tools and costs - Call for government prioritisation in security training - Importance of basic security measures - Mistrust in mainstream media and information sources - Artificial intelligence: potential risks and benefits Resources Mentioned GDPR SEC AI Cyber Essentials CSFI Other episodes you'll enjoy The Use Of AI In Cybersecurity – Consultants Roundtable https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/ Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
Hey there, Razorwire listener! In this episode, we welcome back cybersecurity experts Richard Cassidy and Oliver Rochford to follow up on our AI podcast back in November. Join us for spirited debates on the current state of AI capabilities, their imminent impacts on society and business, and thought-provoking speculation on the future of AI and its existential promise and perils. We tackle AI topics ranging from innovations like large language models to the role of quantum computing, governance challenges and regulatory responses, workforce disruptions, and the potential for artificial general intelligence. You'll come away with an insider's perspective on AI progress and get beyond the hype to understand real-world limitations and applications. From actionable business advice to philosophical discussions on the human condition, the Razorwire podcast offers incredible insights from industry veterans Oliver and Richard. Learn about investments, cybersecurity issues, ethical considerations, the AI "arms race," and transhumanist ideals spanning neural implants to robot bodies. Whether you're making strategic decisions in your company, tracking public policy issues, or just want to sound informed on emerging tech, the Razorwire podcast delivers the context and perspectives needed to evaluate AI's present impact and future potential with wisdom. Tune in for enlightening analysis you won't get from sensationalised media reports. Every episode offers rare clarity to think smarter about technological forces shaping society. "I don’t believe we know humanity is not ready for AGI. We haven’t evolved in the way that we think, and as I said, our colloquial, war-minded economics today to actually even have AGI benefit the planet." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: AI Development Accessibility: The current challenges of the development of AI technology. The future of artificial general intelligence (AGI): The conversation delves into the future of AGI and its potential impact on society. Ethical and Existential Concerns: AI's potential implications for society, humanity, and the labour force raise ethical and existential concerns. Business Responsibility: Business leaders are responsible for managing AI technology and should view it as augmenting the workforce. AI for Global Solutions: AI technology has the potential to address serious global problems if used responsibly. Advancements in Human Health: Some advocate for the use of AI to develop new technologies to improve human health and capabilities. Lack of Global Legislation for AI: Concerns are raised about the lack of global legislation for AI and its potential implications for businesses. AI in Military and Autonomous Robots: We discuss the potential implications and ethical concerns of AI technology for building autonomous robots and weapons. AI Regulation and Consequences: We explore the fear of and potential consequences of regulating AI technology. Resources Mentioned Moore's Law Neuralink Fermi's Paradox GPT LLM-based products Other episodes you'll enjoy The Use Of AI In Cybersecurity: Consultants Roundtable https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/ Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Unleashing the Hidden World of Cybercriminals: The Growing Threat of Cybercrime-as-a-Service 47:18
47:18 Play Later Play Later Lists Like Liked47:18
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast where we cut through the tangled web of cybersecurity to bring you the latest insights and expert analysis. Victor Acin and Oliver Rochford, two esteemed guests, are with me in today's episode. In this episode, we’re exploring the dangerous world of cybercrime as a service and its implications for individuals, organisations, and even nation-states. Join us this week as we unveil the dark side of cybercrime. Victor, the Head of Threat Intelligence at Outpost 24, shares his expertise on the rise of cybercrime as a service. Discover how cybercriminals have adapted their tactics, the motivations driving their actions, and the alarming ease with which they operate. Stay ahead of the game with insider knowledge from Oliver's research, where he discusses the striking similarities between cybercrime services and legitimate tech services. Learn about the techniques used by cybercriminals to infiltrate organisations and exploit their vulnerabilities. Whether you're a seasoned professional or just starting your cybersecurity journey, this episode offers some excellent, practical advice for strengthening your defences. We share some effective ways to protect against credential theft, insider threats, and targeted attacks. Hear about tried and trusted remedies recommended by our experts that can make a significant impact on securing your organisation. So, if you're a cybersecurity professional looking to expand your knowledge and sharpen your skills, join us on Razorwire as we unravel the intricate world of cybercrime as a service. Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following: The evolution of cybercrime into an as-a-service model, where specialised services and infrastructure are available to carry out different elements of cyberattacks The low barriers to entry for new cybercriminals of this business-like model The recent rise in credential theft through the use of simple malware toolkits, which allow even unskilled cybercriminals to distribute malware and steal credentials at scale Established cybercrime groups that offer ransomware and even entire cyberattack infrastructure in an as-a-service model. This comes complete with support services for affiliates conducting attacks The flexibility offered to cybercriminals from a modular services model, which offers mix-and-match attack components from different providers specialising in access, malware, ransomware, money laundering, etc. How cybercriminals choose or decide against their victims How the rise of untraceable cryptocurrencies has removed obstacles to monetising and laundering profits from cybercrime, fueling growth Whether or not having easy access to cybercrime services could facilitate corporate espionage and what examples we have The importance of threat intelligence—understanding the motives, tools and trends in cybercrime—is vital context for effectively securing against the evolving threat landscape GUEST BIOS Oliver Rochford Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner, Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing. Victor Acin Victor Acin has been working in threat intelligence since 2016 and is now leading the Kraken Labs unit at Outpost24, performing tasks related to the generation of threat intelligence (mainly reverse engineering of malicious samples and research of global actors) and the development of the department's internal products, such as the malware analysis sandbox. In addition, he has also worked as an ethical hacker, performing penetration tests against web applications, external and internal infrastructure, and mobile devices. Resources Mentioned Outpost 24 NSO ISO standard Amazon Microsoft Other episodes you'll enjoy Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Cyber Insurance: Does It Create More Problems than it Solves? https://www.razorthorn.com/cyber-insurance-does-it-create-more-problems-than-it-solves/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community 1:07:11
1:07:11 Play Later Play Later Lists Like Liked1:07:11
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast where we cut through the noise to bring you incisive discussions on all things cybersecurity. I'm your host, Jim, and in today's episode, we delve into the SEC charges against SolarWinds CISO, a case that has sent shockwaves through the infosec community. In this episode, our guests Iain Pye and Chris Dawson discuss the hype surrounding the trial, its impact on the infosec community, and the potential consequences for all Chief Information Security Officers (CISOs). We also explore the uncertainties surrounding the CISO's responsibilities and actions within the organisation regarding addressing security vulnerabilities, as well as the potential implications of the SEC ruling on CISOs' risk aversion and self-interest. Lastly, we talk about the dynamics of security compliance certifications and the potential manipulation involved in obtaining them. If you're a cybersecurity professional, join us as we dissect the complexities of CISO responsibilities, the SEC's pursuit of individuals over organisations, and the implications of legal actions on the infosec landscape. Tune in for an insightful discussion that will challenge your perspectives and keep you on the cutting-edge of cybersecurity issues. "Companies are now telling victimised organisations not to produce an incident response report or similar or any type of report. Any such report should be delivered verbally or kept off any electronic or paper documents as much as possible as they could be subpoenaed in future lawsuits and may reveal that the company to be at fault." Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we cover the following topics: - The aftermath of the SEC charges against SolarWinds CISO and the debate surrounding the implications for the infosec community - The challenges and potential issues surrounding auditors' understanding of risk management and cybersecurity processes - Discussion of internal messaging about cybersecurity vulnerabilities within SolarWinds and potential misrepresentation of cybersecurity practices - The impact of underfunding on information security departments and the challenges faced in training and securing environments - The potential for individuals to whistleblow on security vulnerabilities and the SEC's regulatory role to hold organisations accountable - The debate on the extent of the CISO's authority within the organisation and the support required from the board in addressing security vulnerabilities - The potential impact of the SEC ruling on CISO decision making and the resulting risk averse behaviour - The potential impact of pressure from insurance companies and the SEC's focus on shareholder rights and company ethics - Suspicions of misrepresentation and potential manipulation in obtaining security compliance certifications and ISO audits - The role of CEOs and senior management priorities in influencing cybersecurity practises and certifications Resources Mentioned - SolarWinds - SEC (U.S. Securities and Exchange Commission) - ISO 27,001 - Cybersecurity certifications - Ransomware - CISO (Chief Information Security Officer) - Compliance certifications - Incident response reports Other episodes you'll enjoy The Use Of AI In Cybersecurity – Consultants Roundtable https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/ Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Decoding Generative AI: Myths, Realities and Cybersecurity Insights 50:25
50:25 Play Later Play Later Lists Like Liked50:25
Play Later Play Later Lists Like LikedIn the latest episode of the Razorwire podcast, I am delighted to welcome back our esteemed cybersecurity professionals, Oliver Rochford and Richard Cassidy. Today, we delve into the fascinating realm of generative AI and its applications in the cybersecurity landscape. We kick the episode off with an overview of generative AI. We discuss how it works and its training on extensive datasets to infer statistical relationships between words and concepts. While major cybersecurity vendors such as Google, CrowdStrike, SentinelOne, and Microsoft have announced integrations with generative AI, Oliver issues a cautionary note, highlighting that its capabilities are often subject to overhype. We discuss the accuracy of generative AI's representation in the business community. Listen in to hear our consensus: Is it possible for generative AI to live up to the advanced AI depicted in science fiction? Delving into practical cybersecurity use cases and exploring risks associated with explainability, trustworthiness of outputs, and potential regulatory implications The aim of this episode is to give you valuable advice for venturing into the realm of generative AI. Tune in to the Razorwire podcast for an in-depth exploration of this evolving technology. Andrés Horowitz has said that 80% of all of the investment in the generative AI startup goes on compute costs. They worked out that one training run on GPT, I think, 3.5 costs somewhere between half a million to $3,800,000. Is it even affordable?" Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - Big Tech's control over the conversation and concerns about AI - Inconsistencies in the guidelines and censorship policies of platforms like Spotify, Apple, and YouTube limit what can be discussed and criticised. - The limitations and potential dangers of Artificial Generative Intelligence - The different opinions and viewpoints surrounding NFT technology and its impact and significance - Importance of not overhyping NFTs and allowing for experimentation and exploration of new use cases - Limitations of Gen AI tools, particularly in terms of explainability, interpretability, and trustworthiness of data - Advising caution when utilising AI tools for security purposes and the importance of trust and verification - How AI tools can help with paralysis and confusion in data analysis - Examining the high valuation of OpenAI and people's unrealistic expectations of AI due to Hollywood portrayals - Exploring the potential of AI-powered language models like Chat GPT, their integration into various products, and the need to avoid false information GUEST BIOS Oliver Rochford Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner, Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing. Richard Cassidy Richard Cassidy has been consulting to businesses on cyber security strategies and programs for more than two decades, working across highly regulated industries including finance, insurance, retail, manufacturing, government and military. During his career Richard has been heavily engaged in the design and implementation of infrastructure & cyber security solutions, helping organisations in evolving security, compliance, risk management, data assurance, automation, orchestration & breach response practices. Richard’s security operations experience includes managing CERT, breach response teams, threat intelligence & hunting teams, as well as educating the industry on how data and assets are targeted by cyber-criminal groups, which in return supports effective security practices and mitigation strategies. Richard has led major breach investigations across CNI (Critical National Infrastructure), Finance, Military and Educational institutions over the past decade, with a specific expertise in financial fraud investigations on SWIFT payment networks and OT Manufacturing environments, helping align technical investigation processes to business risk analysis to better serve breach response plans Combining hands on experience of the technologies and services that have evolved over the past two decades, with a detailed perspective on end user security risks, Richard focuses on delivering thought leadership tracks that help decision makers define practical security, compliance and data assurance strategies. He is well versed in showing organisations how to better navigate a highly complex and automated threat landscape, in tandem with achieving (and maintaining) regulatory, compliance and data assurance mandates that business leaders face in today’s technology landscape. Richard is an active industry contributor, regularly delivering speaker sessions at events including for SANS, BlackHat, IP Expo, InfoSec, FSISAC and security seminars EMEA wide, not least many article publications in the arena of cybersecurity, compliance, industrial control and emerging technology matters. Resources Mentioned RSA Google Sec PaLM Crowdstrike Charlotte AI Sentinel One Purple AI Microsoft Security CoPilot Jason Kierstead IBM Picus Security AI Test Chat GPT Open AI SQL Hitchhiker's Guide To The Galaxy Dall-e 2 Other episodes you'll enjoy ChatGPT Reveals Top 5 Cybersecurity Concerns for Businesses https://www.razorthorn.com/chatgpt-reveals-top-5-cybersecurity-concerns-for-businesses/ Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall 50:41
50:41 Play Later Play Later Lists Like Liked50:41
Play Later Play Later Lists Like LikedHello and welcome to Razorwire, the podcast where we delve into the world of cybersecurity with top experts and industry leaders. I'm your host, James Rees, and I can't wait to share this episode with you. As a PCI DSS QSA, I’m delighted to have PCI expert Jeff Hall as my guest today. This episode will give you a unique perspective on how security has evolved from early mainframe days to today's interconnected, risk-focused practises. Jeff tells us about his hard-won lessons and wisdom gathered over decades steering information security programmes, including the need for compliance to work alongside overall security and not hinder it, and why auditors should be viewed as allies, not adversaries. We give you some unique insights on the upcoming PCI DSS v4, the changes we can expect, and what we should be prepared for. We also talk about the issues that shortened CISO tenures create and how this can hinder long-term security progress. Learn why it’s important to focus on the big picture when it comes to security goals rather than getting distracted by minutiae. We cover a wide range of subjects throughout this episode, with some really useful takeaways. One of the key points, and I really must agree, is the importance of matching security priorities to business risk, not compliance checklists. Jeff gives us his advice on focusing on the appropriate controls for what you aim to protect. For CISOs, security leaders, and practitioners at all levels, you’ll gain insight into building effective programmes that deliver real protection. Tune in to level up your approach with advice from this industry luminary and compliance guru. So, if you're ready to up your cybersecurity game, join us on Razorwire. Stay informed, connected, and inspired. Together, we can build a safer digital world. Let's get started! Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: - The importance of cybersecurity in e-commerce - Identifying the main problems of managing website vulnerabilities - Discussing the need for implementing specific tools to comply with regulations - Exploring concerns about customer data security, effectively monitoring alerts and meeting requirements - How the increasing costs and complexity of audits could lead to organisations rejecting compliance requirements - How to streamline security programmes and focus on essentials - The challenges of security and deployment in cloud environments - How to prioritise the overall security programme and how not to get lost in minor details or problems - The lack of leadership in the information security industry and the short tenure of CISOs - The shortage of qualified infosec professionals and why we should be supporting mentorship and apprenticeship GUEST BIOS Jeff Hall Jeff Hall is a principal security consultant at Truvantis, Inc. Jeff has over 30 years of technology and compliance project experience. Jeff has done a significant amount of work in financial institutions, health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation. Jeff is part of the PCI Dream Team, a co-author of ‘The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management’ and the writer of the PCI Guru blog (http://pciguru.blog). Resources Mentioned Razorthorn’s PCI DSS Consulting Service The PCI DSS standard PCI Guru Blog PCI DSS Dream Team trustedsec.com GDPR Armor cards Novell Directory Sarbanes Oxley CICD Ansible Jenkins Jira Other episodes you'll enjoy Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst? https://www.razorthorn.com/critical-infrastructure/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Use Of AI In Cybersecurity - Consultants Roundtable 52:42
52:42 Play Later Play Later Lists Like Liked52:42
Play Later Play Later Lists Like LikedHello, and welcome to Razorwire. This week, I've had a great time discussing the fascinating topic of artificial intelligence (AI) and its potential impact on our industry, with my esteemed Razorthorn consultants, Tom, Jamie and Michael. We explore the different types of AI, including machine learning and chatbots, and discuss the challenges of achieving a low false positive rate and high general application. You'll gain valuable insights into the evolution of AI and why we MUST take seriously the very real potential for malicious actors to use it for nefarious purposes. We'll also be highlighting the significance of incorporating security measures into AI development and the need for responsible implementation. By the end of this episode, you'll have a comprehensive overview of AI and its potential risks and benefits in the future of cybersecurity. So join me as we explore this exciting and important topic, and take away key insights that will help you stay ahead in the ever-changing world of cybersecurity. "The reality of it is AI is a set of predefined algorithms for a compute standard to take in data, process that data, and then come out with a prediction, and that is impacted number one by the data that's being put into it but also the algorithms and controls that are set by the human factor programming that in." Tom Mills Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Overview of AI in Information Security Michael gives us an overview of different types of AI, including machine learning and chatbots, and how they are implemented in information security. Difference between True AI and Current State of AI We talk about difference between true AI and machine learning. Challenges of Achieving Low False Positive Rate and High General Application and how to improve accuracy. AI Implementation The consultants discuss ways of reducing risk and false positives in data discovery and leakage solutions. Evolution of AI The evolution of technology and the reality of whether AI will really replace jobs. AI and Malicious Actors The consultants discuss how AI has increased the pool of unsophisticated threat actors who can use AI engines to conduct successful attacks. Behavioural Analysis Tools Discussion on the use of behavioural analysis tools in detecting breaches and how they work. Chat GPT and its Limitations Discussion on the limitations of chat GPT and the potential for it to be used maliciously, as well as the potential for AI to develop biases based on the data it is trained on. Quality Data for AI The importance of quality data for AI and the process of stripping out unnecessary information to train AI models. Ethics and Limitations of AI The limitations of AI and the ethical considerations surrounding the data sets used to train AI models. Regulatory Compliance Standards for AI The lack of regulatory compliance standards for controlling AI and the potential consequences of malicious actors using AI for cyber attacks The need for a kill switch The importance of having a kill switch in AI to prevent it from going rogue and causing harm. The possibility of true AI The consultants talk about the possibility of achieving true AI, which is self-aware and can disable a kill switch. Advice on utilising and protecting from AI The consultants provide advice on how to best utilise AI and how to potentially best protect oneself from AI. Interview with Chat GPT Jim mentions his interview with Chat GPT about its views on information security. Resources Mentioned Behavioural analysis tools Machine learning and threat detection Scene products with behavioural analysis Limitations on chat GPT Ethics of AI system Chat GPT political bias Microsoft's AI becoming racist and sexist The Singularity is Near by Ray Kurzweil Elon Musk's chip for brain to computer interactivity Rules for AI development Three Rules of Robotics Tool for identifying SQL injection using AI Other episodes you'll enjoy ChatGPT Reveals Top 5 Cybersecurity Concerns for Businesses https://www.razorthorn.com/chatgpt-reveals-top-5-cybersecurity-concerns-for-businesses/ Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Cyber Insurance - Does it Create More Problems than it Solves? 55:13
55:13 Play Later Play Later Lists Like Liked55:13
Play Later Play Later Lists Like LikedWelcome to Razorwire, where we and our expert guests tackle the issues and opportunities in the world of cybersecurity. In this episode, we explore the challenges and issues faced by the cyber liability insurance industry. This podcast looks into the complex challenges surrounding cyber insurance, an increasingly crucial topic for security leaders and organisations. Join your host James Rees and cybersecurity specialists Chris and Iain, as they engage in an enlightening discussion about the problems with cyber insurance. Learn why the dynamic nature of cyber risk has left insurers playing catchup, leading to unfavourable policy terms, skyrocketing premiums and growing frustration for customers. Gain insights into the systemic impacts of ransomware attacks on insurers along with the immense stresses faced by CISOs navigating insurance responsibilities. Discover innovative ideas like continuous security ratings and improved regulations that could transform the broken cyber insurance model. Whether you're a business leader, security professional or just interested in staying informed, this podcast delivers an array of useful take aways to understand the cyber insurance quagmire. Expect an insightful and engaging discussion on this mission-critical topic. Tune in now to stay ahead of the game in the ever-evolving world of cybersecurity. And that’s why you’re better off insuring yourself! Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: The challenges insurance companies face in properly assessing and pricing cyber risk due to its constantly evolving nature. How restrictive policy terms around "acts of war" have made it difficult for companies to receive payouts after attacks. The lack of cybersecurity expertise and rigorous due diligence conducted by many insurance firms before issuing policies. The skyrocketing cost of cyber insurance premiums and difficulty obtaining comprehensive coverage. The problem of companies being unable to get insured after a breach has already occurred. How the increase in ransomware attacks creates systemic risk for insurers paying out multiple policies. The stress and burnout faced by CISOs and cybersecurity leaders related to insurance coverage responsibilities. The importance of cyber defence planning beyond just having an insurance policy. How continuous security assessment models could help provide better assurance to underwriters. The need for improved security regulations and standards for the insurance industry to base policies on. The benefits of self-insuring cyber risks versus relying solely on external insurance. GUEST BIOS Iain Pye Iain is a Cybersecurity, Data Protection and Risk Specialist with over 20 years of experience in the public and private sectors. Iain has worked in a range of industries from finance, legal, security and government. When Iain is not fighting fires or arguing personal data ethics, Iain likes exploring the world with his family and occasionally going for a run through the Fens with the dog. If the dog is up for it, which she is usually not. Chris Dawson Chris Dawson is a former Royal Marine of 11 years. He moved into the private security sector in 2012 taking up various roles across the globe, from hostile environments to the corporate world, advising and implementing security protocols in multiple sectors while gathering and learning as much as possible along the way. Resources Mentioned UK National Cybersecurity Centre Merck insurance payout Lloyds of London One Trust Georgia Cyber Attacks AON Razors Edge Continuous Pen Testing Vulcan Files Fair Risk Methodology Other episodes you'll enjoy Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst? https://www.razorthorn.com/critical-infrastructure/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Human Psychology Behind Cybersecurity With Bec McKeown 57:21
57:21 Play Later Play Later Lists Like Liked57:21
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast that explores the intricate world of cybersecurity. I'm Jim, your host, and on this episode, we have a fascinating guest joining us: Bec McKeown, a renowned expert in the psychology behind security. This episode is a must-listen for cybersecurity professionals for three key reasons: Firstly, Bec delves into the challenges of conducting investigations and spotting deception in the cybersecurity field. Her insights will equip you with the tools to identify suspicious behaviour, such as stealing or leaking sensitive information. Secondly, she addresses the crucial skill of effectively communicating risks to higher-level executives without instilling fear. Understanding the psychology behind this communication is vital for cybersecurity professionals seeking to navigate the boardroom and gain support for their security measures. Lastly, Bec sheds light on building trust within the cybersecurity community, dispelling fears of punishment for reporting mistakes or risks. Her expertise in psychological techniques and team building will give you valuable strategies for fostering an environment of collaboration and trust. So, cybersecurity professionals, get ready to dive into the fascinating world of the psychology behind security with Bec McKeown on this episode of Razorwire. “… for me, it's all part of this cognitive fitness thing that you have the agile thinking and the cognitive techniques to do decision making and that sort of thing. But there's also understanding yourself. Where are you as a person? What are your strengths, what are your weaknesses, development needs or the areas where you're not so great at things.” Bec McKeown Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: ● Complex cybersecurity and agile thinking skills ● Influence, language and understanding for effective communication ● Investigation challenges, spotting deception and overcoming fear ● Understanding different groups for effective collaboration ● Learning how to engage with different individuals ● The two ways in which the brain works: system one (fast, instinctive) and system two (rational) ● How cognitive narrowing during a cybersecurity crisis affects confidence ● Tips for managing and handling crises effectively ● Burnout risks and how to avoid them in high-stress infosec careers ● Building resilience: individual and organisational responsibilities ● The importance of recognising symptoms, empathy and self-awareness ● Teaching critical thinking and mentoring effectively ● How to use stories for knowledge application and understanding . GUEST BIO Bec McKeown Bec McKeown is a Chartered Psychologist with twenty years’ experience of researching and evaluating human performance in high-risk, high-stakes industries, including the UK Ministry of Defence. The knowledge and insights gained from this research have given Bec a unique perspective on the ways humans react in times of crisis, and she is an experienced speaker and thought leader on the psychology of human performance in cybersecurity. In 2019, Bec established Mind Science, an organisation dedicated to assisting companies at both operational and strategic levels. Her primary focus revolves around leveraging psychological principles to enhance situational awareness, decision-making, and problem-solving for teams operating in complex environments. With a proven track record, Bec continues to make significant contributions in shaping the landscape of human performance psychology. Resources Mentioned VUCA Prof Debi Ashenden - Adelaide University Daniel Kahneman - Thinking Fast & Slow British Psychological Society Burnout Culture is a Cyber Risk | Yanya Viskovich | TEDxZurich mindscienceltd.co.uk Other episodes you'll enjoy What To Do If You Are A Victim Cybercrime: The Anatomy Of High Profile Incident https://www.razorthorn.com/what-to-do-if-you-are-a-victim-cybercrime-the-anatomy-of-high-profile-incident/ Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.…
R
Razorwire Cyber Security
1 DORA Compliance Made Clear Essential Training for Safeguarding Financial Institutions w Paul Dwyer 43:37
43:37 Play Later Play Later Lists Like Liked43:37
Play Later Play Later Lists Like LikedWelcome to Razorwire, the podcast that cuts through the noise and delivers the sharpest insights in the industry. I'm your host, Jim, and I am thrilled to have you join us for another episode packed with cutting-edge information. Now, I know you're constantly bombarded with countless podcasts and resources vying for your attention, but let me give you three compelling reasons why Razorwire should be at the top of your playlist. Firstly, we have a very special guest today: Paul C Dwyer. Paul is a leading expert in the field and will be sharing his expertise on DORA, the Digital Operational Resilience Act. He'll be diving deep into the testing requirements outlined in DORA, for organisations of different sizes. This is crucial information for staying ahead of the game and ensuring your organisation is resilient in the face of cyber threats. Secondly, we will shed light on the presence of "snake oil" salespeople in the security industry and the importance of credible expertise. With the ever-increasing complexity of cybersecurity, it's essential to navigate through the noise and rely on trustworthy guidance to meet DORA requirements effectively. And last but not least, Paul tells us about his own academy called DORA Training EU, offering non-technical, business-led training courses aligned with EU strategy. He tells us about the highly popular DORA Certified Compliance Specialist course and the bonus module that will equip you with practical implementation knowledge using the NIST cybersecurity framework. This is a fantastic opportunity to enhance your skill set and gain a competitive edge in the industry. So there you have it, cybersecurity professionals! Join us on Razorwire as we delve into the world of DORA, unravel the complexities of compliance, and equip you with the knowledge and skills needed to protect your organisation from data breaches and attacks. Get ready for an enlightening episode filled with actionable insights. “There needs to be a mindset change when it comes to this digital society and digital economy that we operate in. Cybersecurity and cyber risk management is an investment, not a cost.” Paul C Dwyer Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: DORA testing requirements: Discussion on the testing requirements outlined in DORA for financial organisations. Differences for small organisations: How do the testing requirements differ for small organisations compared to larger ones? Importance of Resilience: Emphasis on the importance of resilience and the ability to identify and respond to data breaches and attacks. Opportunity for Improvement: What opportunities does DORA presents for the financial sector to improve and become more efficient? Beware of "Snake Oil" Salespeople: Warning about the presence of unreliable salespeople in the security industry and the need for credible expertise. Training Courses for DORA Compliance: Discussion on the training courses available, including the DORA Certified Compliance Specialist course. Online Delivery and Constant Updates: An explanation of how the training courses are delivered online and the importance of staying up to date. Leveraging the Cybersecurity Industry: Emphasising the importance of leveraging the expertise of the cybersecurity industry appropriately. Compliance is not Just Regulation: Discussion on how compliance is about protecting the business and its customers, not just meeting regulations. GUEST BIOS Paul C Dwyer Paul C Dwyer stands among the world’s leading cybersecurity, risk, and compliance authorities. As CEO of Cyber Risk International, he excels in corporate and enterprise security, crafting cyber defence programmes, and safeguarding business operations for clients. He also serves as the founder and President of the ICTTF International Cyber Threat Task Force, leading a community of over 30,000 professionals in their mission to combat cyber threats and promote industry diversity. Resources Mentioned DORA legislation Competent Authority Team Cyber - Secure Your Future DORAtraining.eu Eucyberacademy.com Cyberriskacademy.com ISO-2701 PCI DSS Cyber Risk International NIST Cyber Security Framework Other episodes you'll enjoy Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ A Snapshot in Time: Why Penetration Testing Is Critical for Cyber Security https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here…
R
Razorwire Cyber Security
1 Modern Cybersecurity: Post Pandemic Review Of Defence in Depth 43:12
43:12 Play Later Play Later Lists Like Liked43:12
Play Later Play Later Lists Like LikedWelcome to the Razorwire podcast, where we explore the latest trends and insights in the world of cybersecurity. In this episode, we delve into the topic of defence in the post pandemic world with our esteemed guests, Jonathan Care and Christopher Fielder. We talked about why it’s more important than ever for organisations to adequately adapt their cybersecurity capabilities to meet the requirements of remote working and why it’s essential to have multiple layers of security to detect and respond to threats before they reach critical endpoints. During our conversation, we discussed the importance of due diligence when considering a cloud-first approach or involving a detailed supply chain. We also highlighted the challenges faced by security teams and departments during the pandemic, as well as the rise of ransomware groups and the use of AI in cybersecurity. "The pandemic has really shown that we need to be more agile and more adaptable." Jonathan Care Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: The breakdown of the traditional network perimeter. Changes in management styles and the need for a radical reset. The impact of the pandemic on different sectors, such as retail and finance, and the dramatic shift in consumer behaviour. Transition to remote work [00:09:17] Discussion on the impact of the pandemic on the traditional network perimeter and the shift to remote work, including the subordinate relationship between security and IT teams. The focus on AI and machine learning to compensate for the lack of skilled infosec professionals. The impact of AI on defence in depth and the risks of implementing AI within an organisation without considering security. The flaws in relying solely on endpoint security How working from home has exposed flaws in security architectures and highlighted the rise of cyber threats. What is the traditional approach to defence in depth, and how has it been adapted to changes in technology and working environments. What are the difficulties organisations face when it comes to re-engineering defence in depth, such as budget, and how to overcome them. The importance of due diligence in cloud and supply chain security An example of a defence in depth breakdown. Asset-based security and the importance of 2FA. GUEST BIOS Jonathan Care Jonathan Care is a recognised expert in the field of cybersecurity & fraud detection. A former top-rated Gartner analyst, Care was responsible for defining the Fraud market, and leading Gartner’s Insider Threat and Risk research. He regularly advises cybersecurity industry leaders on strategic growth and has worked with key figures in industry and government across the globe. He is a lead contributor for Dark Reading, an industry-defining publication. He has testified in court as an expert witness and forensic investigator and is a Fellow of the British Computer Society. He also fuels his creative passion as a composer of film/TV music. Social media: @jonathanhcare & https://linkedin.com/in/computercrime Chris Fielder Christopher Fielder has been in the cybersecurity world for over 20 years, with experience in a range of military, government, and corporate environments. From this background, Christopher holds 18 industry certifications along with a Master's Degree in Information Security. While much of his career has involved traditional hands-on keyboard security roles that covered offensive, defensive, and analytics security positions, today he is the Field CTO for Arctic Wolf. This position allows him to research emerging security topics and remain at the forefront of highlighting the expertise of the entire Arctic Wolf team. Resources Mentioned Arctic Wolf Security Gartner LionFish Security Dark Reading Other episodes you'll enjoy Threat Intelligence & Collaboration https://www.razorthorn.com/threat-intelligence-why-awareness-is-critical-and-collaboration-is-essential-razorwire-podcast/ A Snapshot in Time: Why Penetration Testing Is Critical for Cybersecurity https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 The Effects On Cybersecurity & Infosec of Economic Downturns 38:06
38:06 Play Later Play Later Lists Like Liked38:06
Play Later Play Later Lists Like LikedWelcome to this episode of the Razorwire podcast, where my guest, renowned cyber security expert Oliver Rochford, and I explore the impact of economic downturns on the cybersecurity industry and how it affects professionals in the field. We discuss the current economic climate and the challenges it poses for the industry, with inflation on the rise and smaller banks struggling to keep up. We also examine the effects of previous economic downturns and how they impacted the industry, along with what we should have learned from them. We also discuss the trend of vendor consolidation in the industry, the shortage of cyber security professionals, and the emergence of financial operations, and how to turn these to your advantage. We also touch on the impact of COVID-19 on the industry and the importance of adapting to changing economic conditions. So, if you're a cybersecurity professional looking to stay ahead of the game, this episode is a must-listen. "We've had a long period of really cheap money. We've had really high exits, and that money needs to seek a return. If you've just made a hundred million dollars and you put it in the bank, you're basically going to get eaten up by inflation. So you need to invest it into something, right?" Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: The impact of economic downturns on the cybersecurity industry The effects of a downturn in spending on cloud-related security: why many organisations are looking to reduce cloud and SaaS licencing spend What we should have learned from past economic crises, including the dot-com bubble and the 2007-2008 credit crunch Why organisations are consolidating vendors in this economic downturn The financial challenges faced by mid-size companies looking for cybersecurity solutions The shortage of experienced infosec professionals and the impact of the great recession on the industry during economic turmoil The opportunities that technological advancements offer to refocus your career and why you need to get ahead of the curve Seizing the opportunity to start your own company The benefits of standardisation in the industry and the shift towards more sustainable business models Advice on efficient budget allocation in a time where budgets are being squeezed, including consolidation and being smarter with technology How to overcome the challenges of complying with security standards on a smaller budget Embracing automation in cybersecurity GUEST BIOS Oliver Rochford Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online, and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation, and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner, Tenable, and Securonix and is currently Chief Strategist at Tenzir, where he works on product strategy and marketing. Other episodes you'll enjoy Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ Trust and Culture as Cornerstones of Cyber Security with Paul Dwyer https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring experience and expertise from a range of disciplines and at different career stages. We give you various viewpoints for improving your cyber security, from seasoned professionals with years of experience, triumphs, and lessons learned under their belt to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals, providing insights, news, and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss, email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com . We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
R
Razorwire Cyber Security
1 Breaking Into Cybersecurity: Essential Tips for Newbies 40:01
40:01 Play Later Play Later Lists Like Liked40:01
Play Later Play Later Lists Like LikedWelcome to this episode of Razorwire, where my guest, Stefania Chaplin, and I jump into the topic of cybersecurity for newbies. Starting a new career in any industry can be a baptism of fire, but there are definitely certain things that can help you in cybersecurity. Today, we explore the key skills all good cyber recruits should be aware of as well as what constitutes a good security mindset. We highlight three key takeaways from the podcast that will be valuable for not only new recruits, but all cybersecurity professionals. We discuss the importance of effective communication with different audiences and how to gain buy-in from team members when implementing security policies. We also cover the changing landscape of work in the cybersecurity field, the importance of resilience and positivity in the face of rejection, and the potential consequences of losing credibility in the industry. We talk about the benefits of gaining experience and expertise in different areas of cybersecurity and the broad range of roles available beyond technical positions. Tune in to this episode to gain valuable insights and enhance your skills in the field of cybersecurity. I really struggled with it when I started out in my career as a young woman in IT. I was so hesitant and reluctant to make a mistake or to put myself out there because I'm like, but if I put myself out there and then I get it wrong, like my credibility is destroyed. Stefania Chaplin Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Tips for Security Newbies - Discussing tips for those new to the infosec space, including what to watch out for and what you need to know to progress. Stefania's Journey into Cybersecurity – Stefania tells us about how she fell into the cybersecurity field and how she knew it was for her. Importance of Communication Skills in Cybersecurity – How to improve your communication skills and use them effectively with different teams/levels within the organisation. Understanding Psychology - we discuss the importance of understanding psychology in cybersecurity, including personality types, power dynamics, and how to spot who has the power in a room. Baby Steps : Advice for those new to cybersecurity, including the benefits of taking baby steps, finding bug bounty programmes and learning from your colleagues. How important are certifications? We discuss the pros and cons of certifications vs personal skills, along with identifying your motivations for pursuing certifications, such as for a specific skill or knowledge. Dealing with rejection - we share some tips for dealing with rejection in the job search process. Using LinkedIn to Find a Job - Sharing experience of using LinkedIn to get jobs and build a network in cybersecurity, emphasising the importance of being professional and engaging with industry leaders. Engaging Developers and IT Professionals: - We share some tips for engaging developers and IT professionals in cybersecurity projects. Credibility within the industry – Stefania shares her experience of struggling with credibility as a young woman in the industry and the importance of coaching. Non-technical aspects of security – finally, we talk about the importance of non-technical aspects of security, including as finance and policy, and recommending that newbies stay non-specialised for the first five years of their career. GUEST BIOS Stefania Chaplin Stefania’s (aka @DevStefOps) experience as a Solutions Architect within DevSecOps, Security Awareness and Software Supply Chain Management means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting and automating processes and creating integrations. She is a member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants. Resources Mentioned ISO 27001 auditor cert and CISSP or preferably a CISM AWS Solutions Architect Associate cert Certificate for Ethical Hacking (CH) Other episodes you'll enjoy Trust & Culture as Cornerstones of Cybersecurity with Paul Dwyer https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ Women in Cybersecurity https://www.razorthorn.com/women-in-cyber-security-razorwire-podcast/ Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com , We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. Linkedin: Razorthorn Security Youtube: Razorthorn Security Twitter: @RazorThornLTD Website: www.razorthorn.com Loved this episode? Leave us a review and rating here All rights reserved. © Razorthorn Security LTD 2025…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to Razorwire Cyber Security
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
