Razorwire Cyber Security & InfoSec Insights
Razorthorn Security | Cybersecurity & InfoSec
0
Razorwire is a cybersecurity podcast hosted by James Rees, founder of Razorthorn Security. It offers practical advice and expert insights on information security, risk management, governance, and security leadership. Each episode features conversations with industry professionals, covering technical strategies, compliance challenges, and human factors. The show aims to help cybersecurity professionals build stronger careers and foster a community of continuous improvement.
Episodios
-
From ISDN to AI - Two Veterans on How Defence in Depth Has Changed 01.07.2026 51mDefence in depth has evolved every time the technology landscape has shifted. The internet, virtualisation, cloud, SaaS. AI is the next shift, and the old model isn't keeping up.Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined once again by Martin Voelk, co-founder of SpartanX and an ethical hacker with nearly 26 years in cybersecurity.Every major technology shift has forced security teams to rethink how they protect their organisations. The internet moved data outside the building. Virtualisation and cloud meant infrastructure was no longer yours to control. Each time, defence in depth had to evolve. AI is the latest shift, and it may be the one that breaks the model entirely.We trace the journey from on-prem data centres and ISDN routers through to a world where AI agents act autonomously, supply chains are built on unverified code and the offensive side of AI is outpacing the defensive side at a rate security teams can't match. They get into why every AI agent needs its own identity, why shadow AI is a problem most organisations haven't begun to address and why the only realistic answer to AI-powered attacks is AI-powered defence.Three key talking points:Defence in depth has always evolved, but this time it's different:Every previous technology shift gave security teams time to catch up. AI isn't offering that. The pace of change is faster than most organisations can respond to, and the defensive tooling hasn't kept pace with what the offensive side can already do.AI agents need to be treated like people:Every AI agent needs its own identity, authentication and authorisation policies. Without that, a compromised agent can act under a human user's name with no way to tell the difference. The legal and forensic implications are enormous and largely unsolved.The offensive side is winning:AI is finding vulnerabilities faster than teams can fix them. Alert volumes are overwhelming SOCs, attackers are using AI-generated noise to mask real attacks and human in the loop is becoming unworkable at scale. The only realistic counter is defensive AI, but it isn't mature yet.Defence in depth has survived every technology shift so far. AI is testing it in ways we haven't seen before. If you're responsible for securing an organisation that's adopting AI, this is the conversation to listen to.On why security teams are always one step behind:"We don't have the ability to figure out what's going on until it's already happened. We don't have that technology yet."James ReesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Defence in DepthFrom ISDN and on-prem data centres to cloud and SaaS, we trace how defence in depth has evolved with every major technology shift.Why AI Is DifferentPrevious shifts gave security teams time to adapt. We discuss why AI isn't offering that luxury.Supply Chain Risk and Unverified CodeOpen source code from GitHub, AI skills downloaded from the web, integrations nobody has reviewed. Discover why the modern supply chain is built on foundations most organisations haven't verified.Third Party Risk Management Is BrokenAI fills in vendor questionnaires and AI reviews the answers. We get into why the current TPRM process is fundamentally flawed.Shadow AILearn why unapproved AI usage is one of the hardest risks to detect and why most organisations have no way of monitoring it.Continuous AuthenticationSingle sign-on isn't enough anymore. We discuss why continuous authentication is becoming essential in environments where AI agents operate alongside human users.AI Agent Identity and AccountabilityFind out why every AI agent needs its own identity and access controls, and what happens when a compromised agent acts under a human user's name.Alert Fatigue as an Attack VectorFlooding a SOC with noise to mask a real attack isn't new, but AI makes it possible at a scale that's almost impossible to manage.Prompt Injection via Log FilesFind out how a prompt injection hidden in a standard HTTP header was used to trick a summarisation agent into exfiltrating data.The Case for Defensive AIOffensive AI is outpacing the defensive side. We discuss why AI-powered defence is the only realistic answer and why it isn't mature yet.Resources Mentioned SpartanXMartin Voelk - LinkedIn Kali LinuxDocker OllamaHugging FaceDeepSeekCrowdStrikeGitHubConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
Daybreak and the Battle for AI Security: The Arms Race Accelerates 17.06.2026 50mAI used to be something security vendors built into their own products. Now OpenAI is going direct, positioning itself as the layer that security runs on. What does that mean for the rest of the industry?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined again by Jon Care, Head of the AI Practice at KuppingerCole, to unpack OpenAI's launch of Daybreak.OpenAI launched Daybreak on 11 May 2026. It's not a security product, it's a platform play designed to embed AI-driven security directly into the development lifecycle, with a three-tier access model and a partner programme that includes Cisco, CrowdStrike, Palo Alto and a dozen other major vendors. This is OpenAI's bid to become the infrastructure that security runs on.But the governance questions are enormous. Who counts as a "verified defender"? Who decides? What happens when someone with access changes jobs or gets laid off? And when the same model families sit on both sides of the equation, how do you govern dual use? Jim and Jonathan argue the industry urgently needs an independent regulatory body to oversee access to these capabilities. The conversation also gets into China's response to Western chip restrictions and why the idea that any one country can control AI capability is already looking outdated.Three key talking points:Daybreak isn't a product, it's a platform land grab: OpenAI isn't selling to security vendors the way AI has traditionally been integrated into the market. It's going direct to CISOs and development teams, bypassing the existing vendor layer entirely. This episode gets into what that means for the security market and why the major vendor partnerships may not be enough to mask the disruption.The governance gap nobody has answered: Daybreak gates access based on "verified defender" status, but there's no public specification of what that means, no independent auditing and no appeals process. This episode raises the uncomfortable questions about who qualifies, what happens when access follows a person rather than an organisation and what model could end up benefitting the industry the most.You can't contain capability: China's response to Western chip restrictions has been to develop its own hardware at pace, certifying nine domestically designed AI processors for state procurement. The assumption that any single country can control access to frontier AI capability is already looking outdated and that has serious implications for everything from dual use governance to the future of the AI arms race.Daybreak launched on the same day Google confirmed the first AI-built zero day. If you care about where the security market is heading, this is the conversation to listen to.On who controls access to AI security capability:“OpenAI sets the criteria, OpenAI approves or denies and OpenAI monitors usage. For those of you who noticed, I said OpenAI three times in that past sentence. That was deliberate.”Jon CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:What Daybreak Actually Is Find out what OpenAI's Daybreak initiative involves and why it's being positioned as infrastructure rather than a product.A Platform Land Grab Explore why Daybreak is OpenAI's bid to own the security developer toolchain and what that means for the existing vendor ecosystem.Partner Asymmetry Major vendors get early and deeper access. We discuss what that means for everyone else.Who Counts as a "Verified Defender"? There's no public specification, no independent auditing and no appeals process. We get into why that's a problem.Dual Use Governance The same models are being used for offence and defence. Discover why that raises questions nobody has answered yet.Credential Portability What happens when someone with access to the most permissive tier gets laid off or changes jobs?The Case for Independent Regulation We discuss why the industry needs an equivalent of PCI DSS for AI security access, independent of any single government or vendor.AI vs AI Daybreak launched the same day Google confirmed the first AI-built zero day. We discuss what that signals about where the arms race is heading.China's Hardware Response Huawei unveiled Logic Folding and China certified nine domestically designed AI processors. The assumption that any country can gate AI capability is already outdated.Human in the Loop Is Dying The speed of AI development is outpacing human decision-making. We discuss why this concept may already be obsolete.Resources Mentioned OpenAI DaybreakAnthropic Mythos / Project Glasswing Microsoft MDASH CyberGym benchmark Google first AI-built zero day Huawei LogicFolding / Tau Scaling Law PCI DSS / PCI Security Standards CouncilKuppingerColeBank of Dave (film) SnykSocketEndor Labs GitHub Advanced SecurityConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
Third Party Risk in the Age of AI. A Spotlight on Black Kite 03.06.2026 50mYour vendors are adopting AI faster than you can assess them. What does that mean for your third party risk? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this Spotlight on Technology episode, I'm joined by Jeffrey Wheatman, Senior Vice President and Cyber Risk Strategist at Black Kite. Jeffrey previously spent over a decade as an analyst VP at Gartner where he launched their third party cyber risk management coverage.Third party risk management used to be fairly straightforward. If finance was happy and legal had done their redlining, you signed the contract and moved on. That world is gone. Organisations are now dependent on layers of vendors, suppliers and service providers, and the chain goes deeper than most security teams can see. When a logistics company can go from operational to out of business in five months after a ransomware attack, and one incident at Jaguar Land Rover can measurably affect UK GDP, the question isn't whether third party risk matters. It's whether your programme can keep up.This episode covers how the old model of spreadsheets and questionnaires is giving way to intelligence-led continuous monitoring, why AI has made the problem exponentially harder and how Black Kite is helping organisations cut through the complexity, from mapping supply chain connectivity and scoring ransomware susceptibility to cutting a 500-question vendor questionnaire down to 30.Three key talking points:You can't protect what you can't see: Most organisations know who their biggest vendors are. Beyond that, it gets murky fast. This episode gets into why even mature organisations still struggle to see past the first or second layer of their supply chain, why figuring out which vendors actually matter is harder than it sounds and why Jeffrey always tells people to solve their third party problem before worrying about their fourth.AI just made your third party programme ten times harder: Your vendors are already using AI, whether they've told you or not. The person you're speaking to may not even know, because it could be embedded two or three layers down. Meanwhile the market is flooded with AI solution claims and attackers are using it to move faster than ever. This episode covers the three ways AI is complicating third party risk and why most organisations haven't even begun to get their AI governance right.From questionnaires to continuous intelligence: The old model of sending out hundreds of questions, hoping for honest answers and filing the results is finished. This episode covers how the industry is moving from periodic assessment to continuous monitoring, why real data beats self-reported questionnaires and how platforms like Black Kite are helping organisations focus on the vendors that actually pose a risk.If your third party risk programme is still running on spreadsheets and annual reviews, this episode will make you uncomfortable. And it should.On why most organisations don't know which vendors matter most:“I always badly paraphrase Animal Farm by George Orwell. All your vendors are equal, but some vendors are more equal than others. And most people don't really know how to figure that out.”Jeffrey WheatmanListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:When a Vendor Goes Down, You Go Down With Them We discuss why the conversation has shifted from data protection to operational resilience.The Nth Party Problem Most organisations can't see past the first or second layer of their supply chain. The web of interconnected vendors is far more complex than it looks – we talk about where to start if you haven't solved your third party basics yet.Concentration Risk and Single Points of Failure Heavy reliance on a handful of major cloud providers creates risks that can't easily be mitigated. We explore what you can realistically do about it.Three Ways AI Is Complicating Third Party Risk Discover why AI isn't just changing the threat landscape for your own organisation but fundamentally altering how you need to think about every vendor in your supply chain.Shadow AI in Your Supply Chain Learn why shadow AI in your vendor ecosystem is a growing risk when most organisations' AI governance isn't anywhere near ready to deal with it.The AI Vendor Bubble Find out why many AI companies are currently selling their services at a loss, and what this means for organisations that have built critical processes around vendors that might not survive when the economics catch up.Moving Beyond Spreadsheets and Questionnaires Find out why self-reported questionnaires and periodic assessments can't keep up anymore, and what's replacing them.How Black Kite Approaches Third Party Risk Explore what an intelligence-led approach to third party risk actually looks like in practice and why it's a fundamentally different model to what most organisations are used to.The Ownership Problem No two organisations agree on who owns third party risk. Find out why this inconsistency creates serious governance gaps and why it matters more than ever as the scope of the problem grows.Resources Mentioned Black KiteJeffrey Wheatman on LinkedInBlack Kite's Third Party Risk podcastK&P Logistics / Knights of the Old (ransomware case study)Jaguar Land Rover (supply chain breach impact)DORA (EU banking regulation)MITRE ATT&CKOpenFair (cyber risk quantification)GA3 framework (Black Kite's AI governance add-on)Threat Tracev (Black Kite's NetFlow-based offering)RSA ConferenceProject Glasswing / Mythos (Anthropic)OpenAI DaybreakAll rights reserved. © Razorthorn Security LTD 2025
-
Deeper Deepfakes - Why You Can No Longer Trust What You See 20.05.2026 50mIt took 10 minutes and a free online tool to deepfake Jim's voice, with no expertise and no cost involved.Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined again by Alexandra Jorissen from identifAI, alongside Lorenzo Zoffoli, a cybersecurity professional with 12 years of experience. Following the huge response to our first deepfakes episode, which set a bit of a channel record with the number of views, we go further into the technology, the threats and what organisations can actually do about it.The episode opens with a deepfake of Jim's voice, created by Lorenzo using a free online tool and 5 seconds of audio from our YouTube channel. It took 10 and cost nothing. That sets the tone for a conversation that goes well beyond what was covered in the first episode, into the industrialisation and scalability of deepfake attacks, the personalisation that makes them almost impossible to spot and why visual and audio content can no longer be treated as proof of truth.From a Dutch bank discovering 46 fraudulent accounts opened by one person using deepfakes, to personalised attacks targeting family members and high net worth individuals, the threat has moved well beyond the boardroom. This episode gets into what organisations can actually do about it, from how detection technology works and where it fits in a security stack, to why verifying identity in digital spaces needs to become as normal as challenging someone without a badge in a physical office.Three key talking points:The industrialisation of deepfake attacks: Creating a convincing deepfake used to take time, expertise and significant effort. That barrier has almost disappeared. Attacks can now be generated, refined and reused across hundreds of targets at speed and at almost no cost, using nothing more than publicly available social media content and free online tools.It's not just organisations at risk anymore: The first episode focused on corporate threats like fake board meetings and expense fraud. This one goes further into the personal risk, from deepfaked voice messages impersonating family members to compromising images generated from a single photograph. The technology doesn't care whether the target is a CISO or someone's mum.Why detection is now part of defence in depth: Deepfake detection needs to sit alongside email security, EDR and the rest of the standard security stack. This episode gets into how detection works at a pixel and byte level, why results are probabilistic rather than binary and what happens if smaller organisations are priced out of access.If you caught the first episode, this one goes further. If you didn't, take a look! Either way, deepfakes aren't just on their way. They're already here.On why the real problem is what we're not catching:“We need to put doubt in any digital media we handle and get used to trying to verify if content coming from unknown sources can be manipulated or completely generated by AI tools.”Lorenzo ZoffoliListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Industrialisation of Deepfake Attacks Understand why deepfake attacks are no longer handcrafted for single targets but can be generated, refined and deployed at scale across hundreds of victims simultaneously.46 Fake Bank Accounts at a Major Dutch Bank How one person used deepfakes to open 46 fraudulent accounts at ABN AMRO and why it was only caught because of a fluke.Personalised Social Engineering at Scale Discover how AI-driven attacks are now tailored to individual targets using publicly available data, making phishing attempts feel familiar, urgent and highly credible.The Personal Risk: Family, VIPs and Romance Scams Explore the extent to which deepfake threats extend beyond corporate targets, from cloned voice messages impersonating family members to compromising images generated from a single photograph.Why Seeing Is No Longer Believing Find out why visual and audio content can no longer be treated as proof of truth and why human senses alone are no longer enough to detect manipulation.How Deepfake Detection Actually Works We discuss how detection tools analyse images and video, why results are expressed as probabilities rather than certainties and why organisations need to determine their own thresholds for action.Liveness Checks Are Already Being Bypassed Find out why the "turn your head left, turn your head right" verification that banks and identity platforms rely on is already being beaten by newer deepfake models.Normalising Verification in Digital Spaces Explore why challenging a suspicious video call or email needs to become as normal as stopping someone without a badge in a physical office.Deepfake Detection as Part of Defence in Depth Understand why deepfake detection now needs to sit alongside email security, EDR and the rest of the standard security stack.Resources Mentioned identifAI ABN AMRO deepfake bank account fraud Mobile World Congress Barcelona Nanobanana (image generation tool referenced for realism) Will Smith spaghetti meme (referenced for AI quality progression) Google badge policy (referenced by Alex as example of normalised verification)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
Useful or Spam? A CISO's Guide to Vendor Outreach 06.05.2026 54mWhy do so many vendors still get it wrong when selling to security leaders? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Marius Poskus, CISO at a fintech organisation and host of the Cyber Diaries podcast, and Simon Woods, co-founder of One Compliance and a salesperson who's been working in cybersecurity sales for over 15 years. If you're a CISO, you already know how this goes. The same regurgitated emails, the "just 30 seconds of your time" cold calls, the pitches that lead with product features instead of understanding what problem you're actually trying to solve. It's one of the most complained about topics on LinkedIn and in this episode we sit down with a CISO who gets sold to every day and also someone who does the selling to talk about why so much of it is broken. The conversation covers why persistence without research is just spam, why the best vendor relationships take years to build, why AI-generated outreach is making things worse and what salespeople actually need to do differently if they want to get through the door. Whether you're on the receiving end of the hundredth cold approach this week or you're a vendor trying to work out why nobody's responding, there's something in this for both sides. Three key talking points: Why most sales approaches fail before they even start: Sales in cybersecurity has a low barrier to entry, and it shows. We talk why the industry seems to have settled into a cycle of lazy, templated outreach that treats every CISO the same. We cover why this isn't just annoying for the people on the receiving end but how it actively damages the reputation of vendors who might genuinely have something useful to offer. Relationships over transactions: The best vendor relationships in cybersecurity don't start with a sale. They start with genuine engagement, understanding someone's challenges and being useful before there's any commercial benefit. This episode makes the case that the salespeople who build real connections, who act as a first port of call rather than a product pusher, are the ones who eventually get through the door. What good actually looks like: So what does getting it right look like? We break down the practical habits and mindset shifts that separate the salespeople who get responses from the ones who get blocked, and why the answer has far less to do with product knowledge than most people think. If you've ever wanted to tell a salesperson exactly where they're going wrong, this episode does it for you. And if you're the salesperson, consider this a free masterclass. On what every salesperson should think about before hitting send: “Salespeople are not trying to understand the problems that CISOs face. It's all about selling features and product instead of understanding where the pain points are." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Why Your Inbox Is Full of Rubbish Find out why so many vendor approaches are lazy, untargeted and AI-generated, and why the low barrier to entry in cybersecurity sales means it's unlikely to improve any time soon. What Makes a Vendor Worth Your Time Discover the signs that a vendor has actually done their homework, understands your challenges and is worth a conversation, versus the ones who are just working through a list. How to Spot a Vendor Who's Out of Their Depth Learn the warning signs that someone is bluffing through a technical conversation rather than being honest about what they know and don't know, and why that should affect your procurement decisions. What You Can Tell From a Single Email Understand why the first approach from a vendor tells you almost everything you need to know about whether they're worth engaging with, and what the red flags look like. Why Vendors Keep Getting It Wrong Find out why so much sales outreach in cybersecurity follows the same broken playbook, and why understanding the mechanics behind it helps you filter faster. It's Not Just Vendors Explore why recruiters, lead generation companies and adjacent industries are all guilty of the same lazy outreach, and why CISOs are getting hit from every direction, not just product sales. When a Vendor Relationship Actually Pays Off Find out what a genuinely useful vendor relationship looks like from the buying side and how to recognise when someone is investing in you rather than just your budget. Managing the Noise So You Don't Miss What Matters Understand why the sheer volume of bad outreach creates a real risk of filtering out the vendors who could genuinely help, and how to build a process that catches the good ones without drowning in the rest. Resources Mentioned Never Split the Difference by Chris Voss One Compliance RMI Cyber Cyber Diaries podcast CTRL+ALT+DEFEND Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025
-
Project Glasswing. What Anthropic's Mythos Means for Cybersecurity 22.04.2026 54mWhat happens when an AI model can find more vulnerabilities in a day than a red team could find in a year?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst at KuppingerCole covering AI and cybersecurity.Anthropic recently announced Mythos, a security-focused AI model reportedly capable of discovering vulnerabilities that have gone undetected for decades, including a 27-year-old bug in OpenBSD. But how much of this is genuine breakthrough and how much is marketing? This episode cuts through the hype and asks what Mythos actually means for the cybersecurity industry, from the arms race it signals between AI model providers to the competitive implications of restricting access to a small group of US-based companies.The conversation goes well beyond Mythos itself, into the reality that AI-powered hacking at scale is already happening, that existing models have already been used to compromise government infrastructure, and that open source and non-Western alternatives are freely available to anyone who wants them. With 80% of code now being vibe coded with minimal security checks, jailbreaking tools available on the open web and CISOs unable to keep pace with the speed of adoption, the question isn't whether AI will change cybersecurity. It's whether the industry can adapt fast enough to survive what's already here.Three key talking points:The Mythos hype vs the reality of AI-powered hacking: Anthropic's announcement made headlines, but the capability to find and exploit vulnerabilities at scale already exists in models available to anyone. This episode asks whether Mythos is really the breakthrough it's been presented as, or whether the industry should be more concerned about what's already out there, including a recent attack on the Mexican government carried out entirely using standard AI models.The competitive and geopolitical implications of restricted AI models: Mythos has been restricted to a small group of US-based companies, giving at least one major EDR vendor a significant edge over every competitor. But by announcing the capability publicly, Anthropic has effectively told the rest of the world it's possible to build. With Chinese, Russian and open source models already filling the gap, the question is whether restricting access to Western models actually contains anything at all.Why security practitioners can't keep up and what comes next: The pace of AI development has outstripped the ability of security teams to keep up. Even full-time practitioners can't stay on top of the daily volume of new models, new vulnerabilities and new attack techniques. If the people doing this for a living are struggling, what chance does an SMB with a part-time security person have? And where does it end? Possibly with offensive and defensive AI agents fighting it out at scale, with humans increasingly on the sidelines.Whether Mythos lives up to the hype or not, the arms race it signals is already underway. If you want to understand what that means for cybersecurity, this is the conversation to listen to.On the implications of restricting AI security models:“Anthropic may be doing this, but for those of us who are not lucky enough to be Anthropic's friend, other countries, other organisations are not so circumspect.”Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Anthropic's Mythos Announcement Find out what Anthropic is claiming about Mythos, why it reportedly found a 27-year-old vulnerability in OpenBSD and why not everyone is convinced it's the breakthrough the headlines suggest.AI-Powered Vulnerability Discovery at Scale Understand why the ability to find and exploit vulnerabilities at machine speed already exists and why Mythos may be less of a leap forward than it first appears.The Mexican Government Hack Hear how standard, publicly available AI models were used to compromise multiple government entities and exfiltrate massive amounts of sensitive data over a matter of weeks, without any zero days involved.Restricted Access and Competitive Advantage Explore why limiting Mythos to a handful of US-based companies raises questions about competitive fairness and what it means when one EDR vendor gets capabilities that nobody else has access to.The Open Source and Non-Western Model Landscape Discover why restricting Western models may not contain much at all, with Chinese, Russian and uncensored open source alternatives already being used by security researchers and attackers worldwide.Vibe Coding and Unchecked AI-Generated Code Find out why an estimated 80% of code is now vibe coded, why most of it isn't being properly tested and what that means for the attack surface organisations are unknowingly building.Jailbreaking and Uncensored Models Learn why tools that can jailbreak frontier models on the fly are freely available on the open web and what that tells us about the limits of trying to restrict AI capability.The CISO's Impossible Position Understand why CISOs are caught between an industry that's moving faster than they can govern and organisations that want to adopt AI regardless of whether the security is ready.Keeping Up With the Pace of Change Explore why even full-time security practitioners are struggling to stay on top of the daily volume of new developments and what that means for organisations with fewer resources.The Future: Agent vs Agent Hear why the near future of cybersecurity may look less like humans defending networks and more like offensive and defensive AI agents battling it out at scale, with practitioners increasingly in a supervisory role.Resources Mentioned Anthropic – Mythos/Project GlasswingMexican Government CyberattackGodMode AI / Pliny the Prompter (jailbreaking harness)Hugging Face (uncensored models)OpenClawDeepSeek (Chinese AI model)KuppingerColeSpartanX Technologies / SpartanX AIConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security
-
The Rise of CTEM - Why AI Demands a New Approach to Security 08.04.2026 57mWhat happens when your organisation adopts AI faster than your security strategy can keep up?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst covering the intersection of AI, cybersecurity and identity.We started out planning to talk about the rise of CTEM (Continuous Threat Exposure Management) and why traditional pentesting and vulnerability scanning can't keep up anymore. But the conversation quickly went further than that, into the real security risks of AI agents, prompt injection, vibe coding and the speed at which organisations are adopting AI without thinking about what happens when it goes wrong. Martin shares examples from his red teaming work of how AI agents can be tricked into exfiltrating data and executing malicious code, Jonathan makes the case for why identity needs to become a first class attack surface in any CTEM programme; and all three of us end up genuinely concerned about what happens when CISOs are expected to govern technology that's moving faster than anyone can keep up with. This one ended up not going quite as planned, and it's all the better for it.Three key talking points:Why traditional security testing can't keep up with AI and agent-driven attacks: Annual pentests and periodic vulnerability scans were built for a world where things changed slowly. Martin and Jonathan explain why that model is no longer suitable when new AI vulnerabilities are emerging daily, most of them without a CVE number attached, and why CTEM as a continuous programme rather than a one-off exercise is becoming essential.How prompt injection and invisible exploits are rewriting the rules of risk: Martin shares examples from his red teaming work where AI agents were tricked into exfiltrating data through a fake spellchecker and downloading malicious code disguised as a support tool. He and Jonathan discuss why prompt injections are so difficult to defend against, how they can be hidden in emails, PDFs, code and even voice, and why traditional security tools don't detect them.What CISOs and tech leaders must face as responsibility and risk escalate: Organisations are adopting AI faster than security teams can govern it, and CISOs are caught between being seen as obstructionist if they slow things down or negligent if they let things through. Jonathan and Martin get into the legal grey areas around who's responsible when an AI agent causes harm and why the lack of clear legislation makes this even harder to navigate.If your organisation is adopting AI and your security model hasn't changed to match, this is a conversation worth listening to. On why traditional security testing no longer works:“You have new releases and new technology popping up almost on a daily basis. And you have vulnerabilities popping up on a daily basis as well. The traditional model we have in place with regular penetration testing, once every three months, once every year, that doesn't cut it anymore.”Martin VoelkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Acceleration of AI Adoption Find out why organisations are pushing AI adoption at a pace that's leaving security teams behind and why the pressure from upper management to automate is creating serious blind spots.Continuous Threat Exposure Management (CTEM) Evolution Learn why CTEM is a programme not a product, how it differs from traditional vulnerability management and why it focuses on what an attacker can actually exploit right now rather than theoretical CVE scores.Limitations of Traditional Security Testing Understand why annual pentests and periodic vulnerability scans were built for a different era and why they can't keep up with a landscape where new AI vulnerabilities emerge daily.The Changing Nature of Exploits Discover why many of the attacks hitting AI systems don't have a CVE associated with them at all, and why the traditional model of scoring and prioritising vulnerabilities is falling short.Prompt Injection Risks Learn how prompt injections work, why they can be embedded in almost anything from emails and PDFs to code comments and voice, and why they're so difficult to defend against compared to traditional injection attacks.Agentic AI and Chained Attacks Find out why compromising a single AI agent in an orchestrated system can have a knock-on effect across the entire ecosystem, and why the blast radius is far greater than with traditional vulnerabilities.Visibility and Explainability Understand why maintaining oversight of AI systems matters, why security teams risk rubber-stamping AI-driven decisions they don't fully understand and why explainability is becoming a critical requirement.Supply Chain and Third-Party AI Concerns Explore how the use of open source models, third-party AI agents and tools like OpenClaw is exposing organisations to indirect vulnerabilities they may not even know about.Identity as the New Attack Surface Learn why misconfigured identities, over-privileged service accounts and weak authentication between AI agents are becoming primary targets, and why CTEM programmes need to treat identity as a first class concern.Regulatory and Legal Accountability Find out why jurisdictions are still divided on who's responsible when an AI agent causes harm, from the Air Canada chatbot ruling to the question of what accountability looks like when AI is making autonomous decisions.Resources Mentioned GartnerOpenClawPCI DSSTenableNessusAnthropicClaudeClaude Secure CodeGroqAir Canada - AI LawsuitEngineering Council of Great Britain11 LabsVoiceboxSpartanX TechnologiesSpartanX AIMexican Government CyberattackConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube:
-
All the Gear and No Idea: What's Actually Going Wrong in Security with Gary Hibberd 25.03.2026 38mThe industry is full of people making security sound complicated so they can sell you the fix. Gary Hibberd and Jim talk about what actually works in cybersecurity.Welcome to Razorwire, where we bring you directly into honest conversations with the minds shaping our industry. I’m your host, Jim, and in this episode, I sit down with Gary Hibberd, co-founder of Consultants Like Us and a veteran of the security, data protection and privacy world.We talk about why so many organisations pour money into security tools and chase compliance without doing the real work underneath, and why it still leaves them exposed. Gary makes the case that one of the biggest security challenges right now is simply speed, that people and organisations are moving too fast to think clearly, and that slowing down is one of the most effective things you can do. We discuss where the industry is heading, why the focus needs to shift from cybersecurity as a purely technical discipline towards genuine organisational resilience and what it takes to cut through the noise of influencers and vendors selling quick fixes that don't exist.We also get into the challenges facing people newer to the industry who are trying to work out who to listen to, why communication and understanding risk matter just as much as technical skills, and why owning your place at the boardroom table is something the security community still needs to get better at.Key Talking Points:Why technical tools and frameworks aren't enough: Gary uses his marathon analogy to explain the issues with buying security kit without doing the work underneath. He and Jim share examples from the field and discuss why leadership and commitment matter more than the software you’ve bought.Beyond cybersecurity: why organisational resilience is the real goal: If your organisation treats security as a purely technical problem, it's missing the bigger picture. Gary and Jim make the case for why the industry needs to move beyond siloed thinking and start building genuine organisational resilience, and what that actually looks like in practice.How to avoid security "false prophets" and spot real expertise: Gary talks about the rise of influencers selling easy compliance that doesn't exist, from GDPR vendors promising a magic fix to people with big platforms and limited experience. He and Jim discuss what to look for in trustworthy voices and why critical thinking still matters more than following whoever shouts the loudest.Join us for an episode filled with real-world insights, practical takeaways, and a reminder that believing in yourself, and your value at the table, is the ultimate career defence.On why products alone won't protect you:"People go, oh, I've got IDS, I've got a SOC, I've got SIEM, I've got this platform, I've got that thing. And you're going, okay, so when was the last time you sat down as a team and talked about what it means to you as a business?"Gary HibberdListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:From IT to Infosec Find out how Gary's path from office admin and Lotus Notes programming through to European crisis management at GE Money shaped his approach to practical security thinking.Hacker Culture & Mindset Explore why the original meaning of "hacker" was never a negative term, and how curiosity and a desire to push technology beyond its limits drove a whole generation into information security.Evolution of Security Challenges Learn why organisations are moving too fast to make good security decisions and why slowing down might be one of the most effective defences available.Impact of Compliance & Frameworks Understand why standards like ISO 27001 and GDPR had to be introduced because organisations weren't securing data on their own and what that tells us about where the industry still falls short.False Prophets in Cyber Find out how the rise of influencers with big platforms and limited experience are making it harder for newcomers and established professionals alike to find reliable advice.Misconceptions About Tools & Compliance Discover why buying security products is no substitute for doing the real work, and why so many organisations still confuse having the tools with actually being secure.Organisational Resilience as the Goal Find out why we should be treating governance, risk, compliance, business continuity and security as one conversation.Communication & Soft Skills Learn why communication, understanding people and managing risk are just as important as technical skills for anyone working in security.Resources Mentioned Consultants Like UsISO 27001ISO 22301FortranCC++Lotus NotesLotus DominoMicrosoft Certified Systems EngineerGDPR (General Data Protection Regulation)Data Protection ActPCI DSSReal Cyber AwardsConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTD
-
Trust Nothing: The Rise of Deepfakes in Cybercrime 11.03.2026 46mAre you confident you could spot a deepfake in your next meeting, or could someone be using your identity without you knowing?Welcome back to Razorwire, the cybersecurity podcast where we explore the challenges professionals face at the cutting edge of threat intelligence. In this episode, I sit down with Alexandra Jorissen, a specialist in deepfake detection and digital identity safeguards. We discuss the explosive rise of deepfake technology, where it's already being used and what it means for personal and professional security.SummaryIt’s no longer science fiction: deepfakes have become both a tool for petty fraud and a devastating weapon for sophisticated cybercriminals. Together, Alex and I discuss how rapidly these impersonations have improved, from laughable scams to well-orchestrated attacks inside global organisations. We get into how deepfakes are now being used for document fraud, insurance scams and internal expense fraud, and why most people still think they'd be able to spot one. Alex shares inside knowledge from her work with IdentifAI, reveals how detection technology is developing, and offers practical advice for anyone safeguarding digital identities, documents, and core business processes.Key Talking Points & Reasons to ListenInside Real-Life Deepfake Attacks Hear how a single convincing deepfake Teams meeting led to a $25 million loss at engineering firm Arup, why even well-trained employees followed standard processes and still got fooled and what this tells us about how far social engineering has come.How Deepfakes Bypass Everyday Security Find out how deepfakes are being used far beyond fake videos, from altered salary slips and AI-generated taxi receipts to fraudulent insurance claims, faked passports that pass KYC checks and criminals impersonating executives in remote meetings. Learn why one company discovered its internal expense fraud was three times worse than expected.Detection, Zero Trust and Practical Defence Learn how IdentifAI's forensic detection analyses images pixel by pixel in nanoseconds, why a zero trust mindset needs to extend to identity verification in everyday business and what simple, practical steps like secret questions and duress codes can do to protect against impersonation right now.This is a must-listen for anyone who wants to understand the new deepfake threat landscape, and pick up the actionable intelligence to defend against it.Verifying Identities in Online Meetings: "A lot of people I speak to, they seem to think deepfakes aren't there yet. Like they would still be able to spot them. And that's a very false presumption."Alex JorissenListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Deepfakes See how deepfake technology has gone from laughable early efforts like the Will Smith spaghetti video to highly convincing fakes that even experienced professionals struggle to detect.Social Engineering and Deepfakes Learn how deepfakes are supercharging traditional social engineering tactics, making phishing and impersonation attacks far harder to spot than they used to be.Real-World Deepfake Scams Hear about actual cases where organisations have been deceived, including the Arup finance manager who transferred $25 million after a fake Teams call and companies that accidentally hired North Korean engineers using deepfaked identities.Abuse of Deepfakes for Fraud and Blackmail Find out how criminals are using AI to create compromising content of real people, using faked media to ransom victims or threaten reputational damage.Document and Identity Fraud Discover how deepfakes now extend to digital documents and IDs, with faked passports passing standard KYC checks and altered salary slips being used to secure larger loans.Breach of Age and Access Controls Learn how people, including minors, are using deepfaked images and identities to get around age verification and other digital barriers.Insider Threats and Employee Fraud Explore how easy it has become to create fake receipts and invoices using tools like ChatGPT, and why one company found its internal expense fraud was three times worse than it expected.Detection Technology and Limitations Understand how forensic AI analyses images pixel by pixel to detect manipulation, where the technology performs well and where limitations like screenshots and overlaid text still create challenges.The Importance of Zero Trust and Verification Find out why a zero trust mindset needs to apply to identity verification in everyday work, from checking badges to using secret questions and duress codes for high-risk communications.The Challenge of Awareness and Organisational Culture Hear why many organisations still believe deepfakes wouldn't fool them, and how deploying detection technology acts as both a defence and a deterrent that changes behaviour.Resources Mentioned Technical University of EindhovenDelft UniversityIdentifAi Nigerian prince scamWill Smith eating spaghetti (deepfake reference)Arup (British engineering and design firm) AI HackKnowBe4NISTConcurEU AI ActNanobanana Oliver RochfordBrad Pitt romance scam Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok:
-
From Security Theatre to Real Resilience: Why Most Incident Response Plans Fall Apart 25.02.2026 44mAre you ready for the cybersecurity incident that could bring your business to a standstill?On this episode of Razorwire, I sit down with Marius Poskus, a CISO and vCISO, to tackle one of the most crucial yet overlooked aspects of information security: incident response. Whether you’re leading a cyber team, supporting your board, or simply keen to sharpen your readiness, we dig into what happens when your best defences fail and chaos strikes.We talk about what actually happens when an incident hits and why polished policies on their own aren't enough. From the practical realities CISOs face at the sharp end of an incident, through the pitfalls of security theatre, to the importance of clear communications and building resilience, we get into the lessons the playbooks often miss. Marius and I talk through wargaming, learning from unexpected scenarios and how to empower teams to make tough decisions on the fly.Key talking points:Wargaming the Unthinkable:What happens when your CEO dies? When your entire C-suite is on a plane for six hours and unreachable? When someone poisons the fish at a team dinner? Jim and Marius talk about why the most valuable wargaming exercises aren't the predictable ones. Testing unusual, uncomfortable scenarios is what exposes the single points of failure nobody thought about and builds the kind of muscle memory that no written policy can replace.Decision-making Authority in Crisis:One of Marius's contacts had a major ransomware incident and needed to hire 200 people within hours. The biggest problem wasn't the attack itself, it was getting budget approved and contracts signed fast enough. Learn why pre-agreed access to emergency funds, signing authority and the ability to bypass normal procurement processes can be the difference between a swift response and days of lost time.Security Theatre and Why It Falls Apart Under Pressure:Marius has been making waves on LinkedIn talking about companies that want the appearance of security rather than the real thing. In this episode, he and Jim get into why polished policies that have never been tested crumble the moment a real incident hits, how to tell the difference between genuine preparedness and box-ticking and what it actually takes to build an incident response capability that works when it matters.Listen and step inside the mindset every cybersecurity professional needs before the worst happens.On testing your plan:"You never want to run through an incident response scenario first time when the real thing happens."Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Importance of Incident Response Find out why incident response is still one of the most neglected areas of security, how to get organisational buy-in for proper preparation and what happens when the first time you test your plan is during the real thing.Security Theatre vs. Real Preparedness Learn how focusing on the appearance of security rather than genuine preparedness leaves organisations vulnerable when a real incident hits, and what it takes to build real readiness through testing and practice.Practical Testing and Muscle Memory Discover why written policies aren't enough on their own and how regular testing and tabletop exercises help teams build the confidence to act effectively under pressure.Authority and Decision-Making During Events Learn how to set up clear escalation paths and decision-making authority before an incident happens, including access to emergency funds and the ability to hire specialist support at short notice.C-Suite Engagement and Support Find out how senior executives can best support their security teams during an incident, from trusting CISOs to lead the response to providing practical help like food, hotel rooms and team rotations.Communication and PR During Incidents Explore how thoughtful, transparent communication can protect reputation and rebuild trust after a breach, and why generic "we take security seriously" messaging does more harm than good.Resilience and Recovery Strategies Learn how to maintain business operations while an incident is unfolding, from planned team rotations and post-breach customer support to quantifying downtime for the board.Wargaming and Scenario Thinking Find out why testing unusual scenarios, not just technical failures, helps organisations expose single points of failure and prepare for real-world unpredictability.Critical Thinking and Cybersecurity Career Skills Discover why curiosity, initiative and adaptability matter more than following prescribed instructions, both for handling incidents and for building a career in cybersecurity.Learning from Mistakes and History Explore how drawing on real historical events and shared industry experiences equips professionals to handle crisis situations, make tough decisions and build personal resilience.Resources Mentioned SolarWindsCited as a high-impact security incident affecting third parties and requiring significant communication. https://www.solarwinds.com/Professor MesserCited as a free educational resource for CompTIA courses.https://www.professormesser.com/Network ChuckMentioned as a well-known YouTuber focused on networking tutorials and resources.https://www.youtube.com/c/NetworkChuckCompTIAReference to a popular provider of IT and cybersecurity certifications.https://www.comptia.org/Y2K (Year 2000 problem)Discussed as a past example of widespread incident response planning.https://en.wikipedia.org/wiki/Year_2000_problemChangi JailHistorical site referenced during a discussion of resilience and decision-making under pressure.https://en.wikipedia.org/wiki/Changi_PrisonRorke’s DriftBrought up as a historical account to learn about resilience.https://en.wikipedia.org/wiki/Battle_of_Rorke%27s_DriftApollo 13 (“Houston, we have a problem”)Referenced as an example of problem solving under extreme pressure with limited resources.https://en.wikipedia.org/wiki/Apollo_13US Military zombie apocalypse wargamingReferenced as an example of creative scenario planning for incident response.https://en.wikipedia.org/wiki/CONOP_8888The Y-FilesReferenced as a source of conspiracy theories and unusual scenarios Jim enjoys.https://www.youtube.com/@TheYFilesConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and...
-
No Honour Amongst Thieves: The Hidden World of Hackers and Cyber Criminals 11.02.2026 55mIs there really honour amongst cybercriminals or is it every hacker for themselves?On this episode of Razorwire, I’m joined by Martin Voelk, a seasoned ethical hacker, to take a look at how the world’s most notorious cybercriminal groups really operate. We trace the journey from early hacking culture to today’s sprawling underworld of digital organised crime. Along the way, we ask: What does "hacker" truly mean and who actually gets caught when the authorities close in?We discuss the blurred lines between white hat and black hat hackers and why some of the most skilled operators never set foot in the countries they target. Martin and I explore the various motivations behind cyber attacks, from ideology to pure profit and debate why classic notions of criminal “honour” simply don’t hold up in this ruthless business. We share stories from both sides of the fence - how cyber gangs operate like corporations, how rivalry and betrayal play out behind the scenes and why it’s never been easier to get started in cybercrime (if you’re not fussy about the law). The episode closes with a stark look at the arms race between attackers and defenders and what it means for the future of cybersecurity.Three key talking pointsFresh Perspectives on Hacker Mentality:Martin breaks down the difference between hackers, researchers and outright criminals, challenging media stereotypes. We examine why understanding attacker psychology isn’t just academic - it’s essential for building better defences.Behind the Scenes of Cybercrime-as-a-Service:Hear how today’s criminal groups mirror legitimate organisations, complete with their own HR, development teams and even “scapegoats” to throw authorities off their trail. Discover what this corporatisation means for detection, attribution and response.The Global Chessboard: Tactics, Rivalries and AI Advances:Learn why the most effective cyber operators operate with impunity from certain countries, protected through corruption and international legal gaps. We unpack how rivalries really play out, the role of AI in hands of both attackers and defenders and what to expect as attack automation accelerates.Tune in and arm yourself with real-world insights that go beyond the headlines - because what you don’t know about the criminal underground could be your biggest risk.AI-Powered Cyber Threats Target Weaker Defences: "Because the hackers are predominantly looking at the weakest targets, does it make sense to hack into the most sophisticated bank in the United States? Or do I rather target a mid-sized bank in Mexico where I already know that they had previous security vulnerabilities?"Martin VoelkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of HackingExplore how hacking started as a curiosity-driven activity, the role of groups like the Chaos Computer Club and why the term “hacker” was never originally a negative label.Different Types of HackersLearn about the three main categories of attacker (hacktivists, financially motivated criminals and state-sponsored groups) and what drives each of them.Organised Crime's Role in CybercrimeDiscover how cybercrime evolved from individuals working alone to structured operations with recruitment, development teams and corporate-style hierarchies.Scapegoats and Sacrificial LambsFind out what can happen to less skilled members of criminal groups and how the people who get arrested are rarely the ones running the operation.Safe Havens and Jurisdictional GapsUnderstand how top operators work from countries with no extradition treaties, often protected by corruption, and why Western law enforcement struggles to reach them.The Rise of Ransomware and EspionageLearn why attackers target Western organisations where ransoms are more likely to be paid and how corporate espionage is a bigger part of the picture than most people realise.Rivalries and Alliances Among Hacker GroupsFind out how competition between groups plays out in forums, why it’s driven by profit rather than politics and how hackers from rival nations routinely work together.AI's Dual Impact on CybersecurityLearn why AI has made it easier than ever to develop malicious code, how both sides are using it and why SMBs and less cyber-aware countries face the greatest risk going forward.Resources Mentioned Silk RoadDread Pirate RobertsConti FilesChaos Computer ClubGitHubHugging FaceClaude CodeCursor CLIGoogle Anti-GravityFlipper ZeroTor networkEl Salvador crypto currency acceptanceTron chainConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube:
-
What’s Making 2026 the Toughest Year Yet for CISOs 28.01.2026 50mWhat threats should CISOs prioritise as we move into 2026?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're looking ahead to the challenges facing security leaders in 2026.I'm joined by Richard Cassidy, EMEA CISO at Rubrik, and together, we discuss the three themes dominating CISO conversations: navigating the expanding regulatory landscape, preparing for quantum computing's impact on existing cryptography and understanding how attackers are shifting from loud ransomware to quiet economic warfare through time drag operations.SummaryThis episode examines the strategic and operational challenges CISOs face in 2026. The conversation covers how evolving regulations require fundamental changes to business operations and threat response, why tabletop exercises with executive teams are becoming standard practice for testing organisational maturity and how quantum computing is moving from theoretical concern to practical planning requirement. Richard and Jim discuss the technological shifts happening simultaneously with AI and quantum computing and why security awareness gained during the pandemic is being eroded by the race to implement new technologies without proper security consideration. The episode explores how attackers are evolving beyond traditional ransomware towards time drag operations that threaten business continuity without triggering incident declarations and why the combination of deepfakes and AI-driven social engineering represents a fundamental challenge to shared reality.Three Key Talking Points:The Regulatory Burden and Tabletop TestingLearn about the regulatory challenges CISOs face across DORA, NIS2 and evolving frameworks, plus why organisations are increasingly running tabletop exercises with executive teams. Discover how war gaming activities help boards understand real-world breach scenarios and test organisational maturity beyond traditional red teaming. Find out how recent breaches at companies like Ubisoft, M&S and Jaguar Land Rover are driving leadership to take security seriously.Quantum Computing's Imminent ImpactUnderstand why quantum computing has moved from background concern to top-three CISO priority for 2026 to 2028. Explore the timeline for quantum threats to existing cryptography, what organisations need to do now to prepare for post-quantum cryptography and why there's significant uncertainty around adoption strategies. See how quantum computing combines with AI to create a tectonic shift in security technology that requires planning today.Time Drag Operations and Economic WarfareDiscover the shift from loud ransomware to quiet time drag attacks where threat actors threaten extended operational downtime rather than data theft. Learn why boards will pay millions to restore business continuity without declaring cyber incidents and how attackers are exploiting the economic model where disruption costs more than ransom. Explore how this combines with AI-powered deepfakes and social engineering to create attacks that undermine shared reality itself.On the appearance of security: "The economic model of cybercrime has shifted from traditional theft to time drag. If attackers know they can present you with a problem where you're not going to be able to recover your key systems for an inordinate amount of time, there's a higher likelihood that you are going to pay for a level of data or knowledge that will get you back to operational efficiency rather quick."Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Evolving Regulatory FrameworksLearn about the challenges posed by DORA, NIS2 and other regulatory requirements, including uncertainty around implementation, costs and the procedural changes they demand from organisations.Executive Tabletop ExercisesDiscover why organisations are moving beyond traditional pen testing to run war gaming scenarios with executive teams, testing how leadership would respond to real-world breach scenarios like those that hit M&S, JLR and MGM.Quantum Computing PreparationUnderstand why quantum computing has become a top-three CISO concern for 2026 to 2028, what organisations need to know about post-quantum cryptography and why planning needs to start now despite uncertainty around timelines.Security Awareness ErosionExplore how the security awareness gained during the pandemic is being pushed aside by the rush to implement AI and other technologies, with businesses prioritising efficiency over security considerations.The RAM Crisis and Supply Chain ImpactFind out about the technological shifts happening with component shortages, RAM price increases and how hardware availability is affecting security planning and organisational technology strategies.AI as a Constant ThemeSee how AI weaves through every major security challenge, from regulatory compliance to quantum preparation, even when it's not explicitly the top concern.The Shift to Time Drag OperationsLearn about the attacker evolution from loud, transactional ransomware to quiet economic warfare where threat actors threaten indefinite operational disruption rather than data theft.Why Boards Pay Without Declaring IncidentsUnderstand the economics of why executive teams will pay millions to restore business continuity quickly rather than endure months of disruption, often without ever declaring a cyber incident publicly.Deepfakes and Loss of Shared RealityDiscover the fundamental challenge posed by AI-driven deepfakes and social engineering that make it increasingly difficult to determine what's real, including examples of CEO-targeted WhatsApp attacks and voice cloning.Educating Users Against Sophisticated Social EngineeringExplore why organisations must improve user education to detect the growing sophistication of AI-powered social engineering, deepfakes and attacks designed to exploit human trust and decision-making.Resources Mentioned RubrikDORANIST FrameworkNIST2Marks and Spencer Cyber AttackJaguar Land Rover Cyber AttackMGM Cyber AttackUbisoft Cyber AttackCorsairNvidiaIBMScattered SpiderShiny Lapis HuntersNCSE USASun Tzu's Art of War
-
Cryptocurrency: Good, Bad or Evil? 14.01.2026 48mAre cryptocurrencies revolutionising finance, or are they simply empowering cybercriminals and state-sponsored hackers?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, we're tackling one of the most polarising topics at the intersection of finance and security: cryptocurrency.I'm joined by Richard Cassidy, Oliver Rochford and Jonathan Care, and together, we debate whether Bitcoin has solved any real problems or simply enabled cybercriminals to operate at an unprecedented scale, with 98% of ransomware payments now made in cryptocurrency.SummaryThis episode looks at how cryptocurrency has impacted real-world security and policy, including how it has facilitated over $3 billion in theft by state-sponsored groups like Lazarus to fund North Korea's nuclear programme and romance scams that have drained 4.6 billion victims with zero recourse. Everything illegal in traditional financial markets is legal in crypto. Yet in Argentina, Venezuela and Nigeria, people use it to preserve value against hyperinflation and bypass authoritarian controls. The debate centres on whether governments truly control crypto through exchanges and legal tender conversion, whether blockchain transparency helps law enforcement more than it helps criminals and whether ransomware payment rates dropping to 19% proves cybersecurity is winning despite crypto, not because of it.Three key talking points from this episode:Criminal Infrastructure and the Ransomware Economy. Find out how cryptocurrency is used for ransomware payments and how this has enabled the ransomware epidemic. Learn about state-sponsored theft, romance scams operating at an industrial scale and why dark web marketplaces like Hydra and AlphaBay succeeded Silk Road in facilitating organised crime. Discover the impact of payment rates dropping to 19% as companies choose disaster recovery over paying criminals.Government Control vs Decentralisation Claims. Explore the heated debate about whether governments truly control cryptocurrency through regulating exchanges and legal tender conversion or whether the protocol itself remains ungovernable. Learn why KYC requirements at exchanges undermine the original vision of anonymity, how states force participation through tax requirements and whether crypto can function without an army to back it. Real-World Use Cases vs Original Promises. Discover how cryptocurrency is being used in Argentina, Venezuela and Nigeria to preserve value against hyperinflation and bypass authoritarian capital controls. Examine whether these legitimate use cases justify a technology that hasn't solved its original problems: transaction speed remains too slow for real-time use, energy consumption is enormous compared to Visa, scalability hasn't improved and volatility undermines its claim as a stable store of value.If you’re a cybersecurity professional looking to understand both the promise and peril of cryptocurrency, this episode is essential listening.On the lawless nature of cryptocurrency:"Every scam, every market rig that has been outlawed in real world money markets is wide open in crypto. As Richard points out, we're not only deregulated, it is lawless."Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cryptocurrency as Ransomware's Preferred Payment Method. Learn why ransomware payments use cryptocurrency and how this payment method enabled the ransomware epidemic that became every CISO's biggest headache.Declining Ransomware Payment Rates. Discover why payment rates dropped to just 19% in 2024, with overall payments down 35% to $813.55 million, as companies increasingly choose disaster recovery over paying criminals.The Irreversibility Problem. Learn why cryptocurrency transactions being irreversible means mistakes and theft are permanent, with no chargebacks or recourse for victims of fraud.State-Sponsored Cryptocurrency Theft. Understand how the Lazarus Group has stolen over $3 billion in crypto through targeting exchanges, DeFi protocols and blockchain bridges.Romance Scams and Pig Butchering Operations. Learn about the explosion in crypto-enabled romance scams, fake investment platforms and rug pulls operating at industrial scale.Pump and Dump Market Manipulation. Find out why pretty much everything untoward is perfectly legal in crypto, from coordinated manipulation on Telegram and Discord to influencer fraud, wash trading and spoofing.Government Control Through Legal Tender Conversion Understand why governments ultimately control cryptocurrency through regulating exchanges, requiring tax payments in fiat currency and controlling the conversion points between crypto and legal tender.Blockchain Transparency for Law Enforcement. Learn how public blockchains can be easier to analyse than shell companies behind offshore banking, with tools like Chain Analysis, Elliptic and Interpol using on-chain data to track illicit networks.Proof-of-Work Mining's Environmental Impact. Examine the massive energy consumption of cryptocurrency mining, why specialised hardware becomes obsolete within a year and the climate impact of a payment system processing fewer transactions than Visa does in an hour.Exchange Security Failures and Hacks. See how exchanges like Mount Gox and BYBIT lost billions through security failures and why holding crypto at exchanges rather than in personal wallets creates unnecessary risk.Resources Mentioned Financial Crime Enforcement Network (FinCEN) US agency tracking financial crime, referenced for 2024 ransomware payment statistics showing 35% decrease to $813.555 million. https://www.fincen.gov/Chain Analysis Blockchain analysis platform helping law enforcement track cryptocurrency transactions and disrupt criminal networks. https://www.chainalysis.com/Elliptic Cryptocurrency investigation platform used by law enforcement and financial institutions to identify criminal activity on blockchains. https://www.elliptic.co/Lazarus Group North Korean state-sponsored threat actor attributed with over $3 billion in cryptocurrency theft to fund nuclear programmes. Overview: https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/north-koreaHydra Market Russian-language dark web marketplace that succeeded Silk Road before being shut down in 2022, facilitating billions in illicit cryptocurrency transactions. Background: https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-biggest-marketplace-dark-web-offlineAlphaBay Major dark web marketplace that operated from 2014-2017, enabling cryptocurrency-based transactions for drugs, weapons and stolen data.
-
The Razorwire Christmas Special 2025: Looking Back, Looking Forward 24.12.2025 1h 15mWhat happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading?Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it.Summary2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support.We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh.Three Key Talking Points:The Theatre of SecurityUnderstand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them.The Junior Pipeline CrisisDiscover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing.Burnout as Occupational TraumaLearn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers.If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it.On the appearance of security: "Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way."Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:2025 Year in Review Explore what actually happened this year, from falling ransomware payment rates to the continued rise in burnout and stress levels across the industry.Marketing-Driven Threat Intelligence Discover why claims about AI-enabled ransomware and nation-state AI usage turned out to be more hype than reality.The CISO Accountability Trap Understand why security leaders are handed responsibility without power, budget or support and why so many are choosing to step back from leadership roles.Burnout as a Systemic Problem Learn why organisations still treat burnout as an individual issue rather than addressing the systemic factors that cause it.Legal Protections for Occupational Trauma Explore whether cybersecurity professionals could gain legal recognition for work-related harm, similar to content moderators and healthcare workers.The AI Skills Shortage Coming in 2026 Find out why Oliver predicts salaries will rise as companies realise they've hollowed out their junior pipeline with premature AI deployment.Economics vs Security Spending Understand why businesses treat security breaches like shoplifting and why perfect security isn't the goal for most organisations.Cognitive Load and Dashboard Design Discover how principles from aviation flight deck design could reduce alert fatigue and improve security operations workflows.The Younger Generation's Boundaries Learn what Gen Z might teach us about setting limits, refusing workplace nonsense and reframing work around life instead of the other way around.Predictions for 2026 Hear what the panel thinks is coming next year, from salary increases to AI backlash and the potential consequences of neglecting security basics.Resources Mentioned Coveware (Ransomware Payment Data)Referenced by Oliver regarding the drop in ransomware payments in 2025.MIT Sloan (AI-Enabled Ransomware Claims)Referenced by Oliver as an example of retracted threat intelligence claims.AnthropicReferenced regarding claims about nation-state actors using their AI service.ISC2 Workforce SurveyReferenced by Eve Parmiter regarding burnout statistics (59%) in cybersecurity.SolarWinds Breach and CISO ImpactReferenced by Jim regarding the personal toll on the SolarWinds CISO.Health and Safety Executive (UK)Referenced by Bec McKeown regarding employer responsibility for workplace stress.Cloudflare OutagesReferenced by Marius Poskus regarding organisations bypassing WAF protections during downtime.Anu AI (Foresight and Predictions Tool)Mentioned by Oliver Rochford as his startup with a free community edition.Mental Health in Cybersecurity FoundationReferenced in context of ongoing burnout discussions.Cyber Diaries PodcastMentioned by Marius Poskus as his...
-
Burnout in Cybersecurity: Preparing Cyber Staff for the Reality, Not Just the Role 10.12.2025 1h 7mIs burnout in cybersecurity inevitable, or are we finally learning how to prevent it?Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today.SummaryTwo-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation.Three Key Talking Points:Human Factors and the Reality of Leadership BurnoutUnderstand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.Spotting Burnout Early - Inside and Around YouGet practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.Building Resilience and Finding Peer SupportDiscover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field.If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip.On power vs responsibility:“CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.”Eve ParmiterListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can fix.Navigating the Working Location Debate Find out how remote, hybrid and office preferences impact team cohesion and what it means for your mental health.Balancing CISO Responsibility Without Authority Understand why security leaders face mounting pressure without the power to create change and how this fuels burnout.Spotting Burnout Before It's Too Late Learn to identify the subtle behavioural shifts that signal burnout in yourself and colleagues before it becomes a crisis.Creating Teams That Can Weather the Storm See how managers can build resilience by recognising and responding to individual stress patterns.Leveraging Different Perspectives Under Pressure Explore why mixing personalities and viewpoints strengthens problem-solving and team support during incidents.Building a Culture Where People Can Speak Up Understand what psychological safety actually looks like and why it's essential for preventing burnout.Finding Professional Support That Actually Helps Learn where to access peer support and resources designed specifically for cybersecurity professionals.Getting Involved in Industry-Wide Solutions Discover how the Mental Health in Cybersecurity Foundation is creating practical frameworks and communities to address burnout collectively.Resources Mentioned 1. ISACA (Cybersecurity Research and Reports)Referenced by Bec McKeown regarding global research on cybersecurity stress levels.Website: https://www.isaca.org/2. NLP (Neuro-Linguistic Programming)Mentioned as a resource for self-understanding and career development.Overview: https://www.britannica.com/topic/neuro-linguistic-programming3. Major UK Brands Affected by Cyber AttacksHarrods: https://www.bbc.co.uk/news/articles/cpq5w324pd3o Marks & Spencer: https://www.bbc.co.uk/news/articles/c93x16zkl9do Jaguar Land Rover https://www.bbc.co.uk/news/articles/ckg1w255gy1o Co-op: https://www.bbc.co.uk/news/articles/ckgq9dke4e5o 4. ‘Be Left of Bang’ Used as a metaphor by Bec McKeown for proactivity in noticing stress and burnout.Book Info: https://www.amazon.co.uk/Left-Bang-Marine-Combat-Program/dp/19368913015. Maslach’s Research into Burnout Cited by Eve Parmiter about organisational factors driving burnout.Overview: https://www.verywellmind.com/burnout-4157336Christina Maslach Profile: https://psychology.berkeley.edu/people/christina-maslach6. Mental Health in Cybersecurity Foundation (Community and Support Resource)Discussed by Bec McKeown as a growing support and best practice group; LinkedIn page only (no website yet).LinkedIn: https://www.linkedin.com/company/mental-health-in-cybersecurity-foundation/7. The Cyber Sentinel's Handbook (by James Rees)Mentioned as a resource for information security professionals at all levels.Amazon link: https://www.amazon.co.uk/Cyber-Sentinels-Handbook-professionals-ebook/dp/B0CXTS3S7D/Available as paperback, e-book and via Kindle Unlimited.Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you...
-
The Death of Passwords: The Future of Authentication 26.11.2025 55mIs passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.SummaryWe examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.Key Talking Points The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.On the security of key documentation: "Attackers aren't breaking in anymore, they're logging in."David Higgins, CyberArkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.Zero Standing Privilege as the New Normal How organisations are moving away from permanent permissions toward just-in-time access, why no one should have standing privileges anymore and how this approach aligns with modern cloud environments.The Passwordless Movement Goes Mainstream What's changed to make passwordless authentication viable now, why passkeys are moving from hype to implementation and the real challenges of rolling out modern authentication to millions of users.Third Party and Non-Human Identity Challenges The growing problem of managing identities for contractors, suppliers, automated systems and AI and why this volume of identities is creating new security and access control headaches.Continuous Authentication and Risk-Based Approaches Why logging in once isn't enough anymore, how behavioural analysis can detect when an owned identity is being misused and why risk-based authentication is making a comeback after years of being overlooked.The Help Desk as Attack Vector How attackers are purchasing stolen credentials then simply calling help desks to reset MFA tokens, why context matters as much as credentials and what this means for authentication strategies.Balancing Security Friction with User Acceptance Why completely frictionless security is impossible, how to find the right balance between protection and productivity and why users will find workarounds if authentication becomes too painful.Privilege Access Management Evolution How PAM has evolved from simple credential vaulting to addressing root causes, why managing secrets at scale remains challenging and the shift toward eliminating standing privileges entirely.The Privacy vs Security Dilemma Concerns around government databases for digital ID verification, the risks of centralised identity storage and why securing authentication data is becoming more critical as we move toward digital-first validation.Resources Mentioned CyberArkOneSpan Gartner Hype Cycle for Digital Identity FIDO AlliancePrinciple of Least PrivilegeAWS (Amazon Web Services)Microsoft Azure Google Cloud Platform (GCP)WebAuthn CTAP (Client to Authenticator Protocol)UK Digital ID VerificationConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
How to Build Effective & Affordable Cyber Defences for SMEs 12.11.2025 48mHow can small and medium businesses protect themselves from cyber threats without spending a fortune or just ticking boxes for compliance?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, we’re taking a look into the challenges faced by SMEs on the journey through cybersecurity compliance and insurance.I’m joined by Lewis Lockwood from Incursion and Josh X of Capsule, who bring experience from the front lines of offensive security and insurance broking. Together, we tackle the misconception that security is prohibitively expensive and explore how smart strategies can strengthen your defences without breaking the bank.SummaryWe tackle a topic at the heart of SME cybersecurity struggles - from box-ticking compliance to negotiating cyber insurance and surviving data breaches. Lewis Lockwood explains why Cyber Essentials is more than a paperwork exercise and how agility can be a secret weapon for smaller companies. Josh X talks about the realities of selling cyber insurance to resource-stretched businesses, the importance of aligning insurance with actual security posture and the real risks hidden even in smaller businesses.Whether you’re a founder, IT manager or just curious about how attackers think, you’ll get practical advice, cautionary tales and actionable steps you can take today.Key Talking Points Cyber Essentials as Practical Defence, Not Just Compliance Learn why basic frameworks like Cyber Essentials shield SMEs from common attacks, offering affordable, actionable protection that goes well beyond box-ticking.How Insurance and Security Must Work Together Discover the realities of cyber insurance for small businesses, including why your security posture affects premiums and claims, and what actually happens if you’re hit by ransomware or invoice fraud.Learning from Real-World Breaches and SME Pitfalls Hear first hand stories about high profile incidents, negotiation tactics with threat actors and how even a local florist or butcher can be targeted. Understand why continuous education, simple security controls and the right insurance mix can prevent both financial disaster and sleepless nights.Tune in for a conversation that’s honest, insightful and practical - with takeaways you can put into action immediately, no matter your company size.On the security of key documentation: “Where are you storing your insurance documents? If someone wants to get into your network, the easiest thing to do is to look at their insurance documents and be like, okay, they've got a million pound limit, let me ask for £2 mil.”Josh X, CapsuleListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cybersecurity Cost Perceptions Why the belief that security is prohibitively expensive for SMEs is misleading and what actually drives costs.The Role of Cyber Essentials How Cyber Essentials provides a practical, affordable security baseline for small and medium businesses without breaking the bank.Insurance as a Safety Net Why cyber insurance can't replace proper security measures and how to understand its role as a last resort, not a first line of defence.SME Agility in Security How smaller organisations can use their size as an advantage to quickly implement fixes and adapt to security recommendations compared to larger enterprises.Rise in Cyber Insurance Adoption What's driving growing awareness and uptake of cyber insurance among SMEs and why certain sectors are slower to adopt.Practical Security Measures Simple, cost-effective steps SMEs can take to drastically reduce risk, including patching, access control and MFA.Fraud and Social Engineering Threats Real-world attack scenarios targeting SMEs, from invoice fraud to phishing, and why user awareness matters more than you think.Incident Response and Business Impact The wider consequences of a cyber incident beyond financial loss, including operational disruption, PR crises, regulatory fines and personal liability for directors.Insurance Document Security Why you need to secure your insurance documentation and how attackers use policy details to calibrate ransom demands.The Value of Security Accreditation How frameworks like ISO 27001 and Cyber Essentials can lower your insurance premiums and deliver tangible business benefits beyond compliance.Resources Mentioned Incursion Cyber Security (incursion-security.co.uk) Capsule (capsulecover.com)Cyber EssentialsCyber Essentials PlusIASMEISO 27001DORANIST2PCI DSSHITRUSTJaguar Land Rover Cyber AttackHarrods Cyber AttackCo-op Cyber AttackNHS Cyber AttackSony Cyber AttackICO (Information Commissioner's Office)SOC2DMARCBlockchain technologyConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastInstagram: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
How Cybercriminals are using AI - and How to Defend Against It 29.10.2025 57mWhat happens when the dark side gets its hands on cutting-edge AI and why might even seasoned defenders find themselves playing catch-up?Welcome back to Razorwire, where I’m joined by Oliver Rochford and Richard Cassidy to discuss how criminals are using AI, what's actually working and how the threat landscape is changing. We explore how adversaries are using AI, what’s actually working in the wild and how professionals can prepare for the unsettling pace of change.Summary:We discuss AI-powered phishing, deepfakes in recruitment and self-evolving malware. The conversation moves beyond the classic image of lone hackers, unveiling an economy of cybercrime with advanced automation, international collaboration and ruthless incentives. The real tension lies in whether AI is simply sharpening existing attack tools or if we’re on the brink of something genuinely new and autonomous. We dissect economic shifts in attack and defence and raises questions about resilience, readiness and just how quickly the future may arrive.3 Key Talking Points:AI in current attacks: Discover how attackers are already automating phishing, password cracking and social engineering at scale, with some criminal campaigns boasting success rates that would have been unthinkable without AI.Deepfakes and infiltration: Hear real cases of attackers using AI-generated identities and language tools to pass job interviews and access company systems, including documented North Korean operations.The autonomy debate: Join the debate over whether we’re seeing the emergence of fully autonomous AI attacks or just more sophisticated versions of existing threats, and what it means for risk management and defending against a fast-paced, well-funded adversary.Ideal for any cybersecurity professional looking for sharp perspectives and real-world examples on the present and future impact of AI in the hands of attackers. The New Question for Cybersecurity:"We don't need to ask anymore, ‘Do we have good security?’ What we have to say, and what the question should be is, ‘Are we resilient when AI is being used against us? And how do we do that from a technology perspective?’ And there's no one answer."Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered:AI as the New Adversary Learn how criminals are using advanced AI tools to make cyber threats less predictable and harder to control.Phishing Supercharged by AI Discover why AI-generated phishing campaigns achieve significantly higher success rates than traditional attempts and what makes them harder to spot.Deepfakes and Recruitment Fraud Hear how attackers use deepfakes and voice-changing technology to impersonate job candidates and infiltrate organisations under false identities.Automation and Evolving Malware Explore the debate around whether malware can autonomously adapt and rewrite itself, reducing the need for human hackers to intervene directly.Limits of Current AI Threats Understand why truly autonomous, intelligent cyber attacks aren't widely observed in the wild yet, despite AI amplifying certain attack vectors.Economic Shift in Cybercrime See how AI has lowered costs and barriers to entry for cybercriminals, allowing attacks to scale rapidly without nation-state resources.Social and Psychological Impacts Consider how AI's rapid advancement is outpacing society's ability to adapt, leading to new forms of manipulation and radicalisation.Defence Strategies Lagging Behind Find out why most defensive tools still rely on older methods and haven't matched the sophistication of AI-powered attacks.Importance of Cyber Resilience Learn why resilience measures like robust backup, disaster recovery and regular risk assessments are now critical as AI heightens attack speed and scale.Ethics, Regulation and the Future Race Examine how the race to adopt AI technologies by criminals and corporations alike is happening without adequate regulation or ethical boundaries.Resources Mentioned MIT SloanSafe SecurityVirusTotalPromptLockFirewood (Malware)Mirai (Malware / Botnet Variant)HackerOneExpo (LLM Project)AnthropicOpenAIEuropolChatGPTGenTek AIArctic WolfSQL SlammerMorris WormThe ZiziansFuture Shock (Book)Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
What Actually Works in Cybersecurity (And What Doesn't) 15.10.2025 41mAre you making career moves in cybersecurity or is cybersecurity making moves around you?Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.Summary:Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.Key Talking Points:The Truth About Career Pathways:We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.Security Culture and Human Factors:We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.AI, Emerging Threats and Resilience:Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.The Future of AI in Software Development: “Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why the sexy-sounding jobs aren't where beginners should aim.Stop buying tools to solve people problems: Why organisations waste money chasing technology instead of fixing processes and how this approach guarantees poor security outcomes.Recognise that compliance doesn't mean you're secure: How mistaking audit requirements for actual protection leaves your business exposed and why ticking boxes won't stop breaches.Build a security culture that works: Why punishing people for clicking phishing links backfires and how rewarding reporting creates collaboration instead of fear.Question autonomous AI in security: Why removing humans from security decisions is riskier than most people realise and what happens when AI makes critical choices without oversight.Shift from firefighting to prevention: How to identify root causes instead of just responding to incidents and why this approach saves time and money.Use your network to accelerate your career: Why the relationships you build in the infosec community matter and how asking for help from people who've solved your problems before is a professional skill, not a weakness.Resources Mentioned MP CybersecurityCyber Diaries PodcastCtrl Alt Defend (YouTube channel)CompTIA Security+CompTIA Network+CompTIA A+ISOSOC2Cyber Sentinels HandbookMicrosoft CopilotMontinuGreg van der GaastJack JonesJane FranklandConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastTwitter: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
-
The Hidden Costs of Security Stack Consolidation (That Vendors Don't Mention) 01.10.2025 48mIs your security stack making you safer or just adding to the chaos?Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.Three key reasons to listen:“Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.Welcome to the Future: Solving Problems, Not Just Selling Tools"If you're coming to market, remember the product is only half the game.Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it. If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds another noisy layer without reducing tool sprawl.Integration Challenges and Data Standards Find out why lack of shared standards makes integration painful, and how to use your purchasing power to demand vendors support open standards and data portability.Cost Fallacies of Consolidation Discover why promised cost savings from consolidating tools rarely appear once you factor in migration, retraining, integration and operational complexities.System Integrators and Rising Complexity Learn why systems integrators and resellers often profit from complexity rather than simplification, and how to spot when you're being sold more than you need.Shifting Vendor Strategies: Acquisitions and Synergy Understand how large vendors grow through acquisitions that never get properly integrated, and what to look for when evaluating whether a "platform" is actually unified or just a collection of separate products.Staying Flexible as Things Change Learn why security leaders need agile, modular strategies and should avoid long-term commitments to match the pace of change in technology and security threats.Resources Mentioned Gartnercyberfuturist.comAgoriaRubrikDORANIS 2Microsoft CopilotMcAfeeWizAWS S3Iceberg DataClickHouseGoldman SachsLangChainThe Cyber Sentinels HandbookConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.LinkedIn: Razorthorn SecurityYouTube: Razorthorn SecurityTikTok: Razorwire PodcastX: @RazorThornLTDWebsite: www.razorthorn.comAll rights reserved. © Razorthorn Security LTD 2025
Popular en
Este podcast también aparece en las listas de podcasts de estos países.