Razorwire Cyber Security

Razorthorn Security
  • 5.0 (4)
  • TECHNOLOGY
  • UPDATED FORTNIGHTLY
Razorwire Cyber Security

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec. Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before. This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience. Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500. The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences. For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com This podcast uses the following third-party services for analysis: OP3 - https://op3.dev/privacy

  1. 13 NOV

    Mental Health, Organisational Culture & The Human Side of Cybersecurity

    Are layoffs increasing your cybersecurity risk and driving your team to burnout? This episode looks into the psychological underpinnings of infosec to navigate turbulent times at work. Welcome to Razorwire, the podcast that cuts through the complexities of information security with sharp insights and expert discussions. In this episode, I’m joined by Lisa Ventura (MBE), founder of Cybersecurity Unity, and Bec McKeown, a psychologist specialising in high-risk environments. Together, we explore the hidden psychological factors that shape cybersecurity practices and discuss essential strategies to safeguard your organisation. Join us as we discuss the impact of economic layoffs on cybersecurity, the efficacy and ethical concerns surrounding psychological profiling, and the sophisticated tactics employed by malicious actors in today's digital arena. Lisa, Bec, and I also unpack the importance of organisational culture in mitigating human error, the role of mental health in cybersecurity, and how to implement targeted security measures without overwhelming your team. This episode is a must-listen for professionals seeking to understand the human dynamics behind infosec challenges and cultivate a supportive, resilient security culture. 3 Key Takeaways: Protect Your Organisation Without Crossing Privacy Lines. Want to strengthen your security approach without relying on controversial psychological profiling? Discover practical, ethical alternatives as Bec McKeown walks you through smarter ways to assess and mitigate insider risks whilst preserving employee trust and privacy.Prevent Data Theft During Company Transitions. Is your organisation facing changes? Learn how to protect your critical assets during turbulent times. Lisa Ventura reveals proven strategies to identify and secure your most valuable data, particularly when your company is experiencing workforce changes or economic pressure.Build a Stronger, More Resilient Security Team. Ready to boost both your security effectiveness AND team morale? Get hands-on techniques from Bec McKeown to create an environment where your security professionals thrive. Walk away with practical steps to reduce burnout, increase psychological safety and build a high-performing team that stays sharp and engaged. Tune in to Razorwire for actionable advice and expert perspectives to fortify your cybersecurity strategy amid challenging times. On Psychological Safety & Blame Culture: "If people are constantly told off for not doing things in the right way, whether that's cybersecurity training or otherwise, they're never gonna fess up to it... if you haven't got that psychological safety within the culture, then these things are probably more likely to happen because it's not in the person's best interest to hold their hand up." Bec McKeown  Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Understanding Layoff Security Risks: Explore why workforce changes increase data theft risks and why organisations need heightened awareness during these transitions. Beyond Psychological Profiling: Learn more effective and ethical ways to assess security risks without compromising employee privacy - practical alternatives you can implement today. High-Value Target Protection: Understanding why certain roles face increased targeting and need additional security...

    41 min

  2. 30 OCT

    Insider Threats & Third Party Risk: How to Manage Security Threats

    Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire! Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all.  My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures.  We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols. Key takeaways: Strengthen Your Third Party Risk Management Implement contractual audit rights early in vendor relationshipsDevelop resilience plans for vendor service failuresUnderstand the risks of supply chain dependencies (third parties of third parties)Plan for scenarios where key service providers might fail or be compromised Understand and Mitigate Insider Threats Identify different types of insider threats (accidental, disgruntled employees, corporate espionage)Monitor for behavioural changes and suspicious activity patternsImplement ongoing background checks and security clearance reviewsBalance monitoring with employee privacy and company culture considerations Address Modern Security Challenges Evaluate the cost-benefit trade-offs between in-house and outsourced servicesImplement monitoring solutions that correlate data from multiple sourcesDevelop security strategies that account for both human and technical factorsCreate comprehensive risk assessments that include both internal and external threats Join us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences. On the inevitability and scale of third-party breaches:  "It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach."  Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we discuss:● Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins. ● Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities. ● Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls. ● Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them. ● Managing Employee-Related Risks: Develop strategies to...

    45 min

  3. 16 OCT

    How to Optimise Your GRC Tools

    How to Optimise Your GRC Tools Improving Value, Efficiency & True Risk Management Are your GRC tools really managing risk, or just creating noise? Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity world to deliver actionable insights.  I'm your host, Jim, and in this episode, we're discussing the multifaceted challenges and opportunities surrounding Governance, Risk and Compliance (GRC) tools with none other than Jack Jones, creator of the FAIR risk model and a seasoned security professional with nearly 40 years’ experience. In our conversation, Jack and I explore the intricate landscape of GRC tools, questioning their effectiveness in truly managing risk. We talk about the difference between controlling efficiencies and understanding genuine risks, shedding light on the often misleading contents of risk registers.  In this episode, you'll learn invaluable insights that could transform how you approach risk management and compliance. From navigating price range vs efficiency, to the idea of developing a more effective and affordable GRC solution, this episode offers a treasure trove of useful takeaways for anyone in the cybersecurity field.  Key takeawaysThe Real Cost of GRC Tools: Jack and I discuss the hidden expenses and renewal price hikes associated with existing GRC tools. If you're feeling the financial strain of your current GRC solutions, this segment is a must-listen to understand the true cost and value proposition of these tools.Redefining Risk Management: We talk about the importance of differentiating between real risks and mere efficiencies and how many organisations can get this wrong. Learn how to avoid the ‘noise’ in your risk register to focus on genuine risk scenarios that matter to your business.The Path to Better GRC Solutions: Tune in to hear our thoughts on the pressing need for innovation in GRC tool design. If you're looking for practical, cost effective solutions tailored to meet your risk management needs, you'll want to hear our insights and future plans. Don't miss this conversation that could reshape your perspective on GRC tools and risk management. "If I thought the [GRC tool] technology is actually provided anywhere near the value of their potential… if the GRC products and their implementations were actually doing the job they're intended to do, they should cost a lot of money because they would be providing a ton of value." - Jack Jones Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Cybersecurity Responsibilities Debate: We debate whether cybersecurity should fall under IT or infosec departments.Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it.GRC Tool Costs: Maximising GRC Tool ROI: Gain insights on how to assess and optimise your GRC tool's value proposition through regular utilisation and cost reviews.Identifying GRC Tool Shortcomings: Understand the common pitfalls of popular GRC tools in addressing real world risks, enabling better tool selection and implementation.Proper Risk Register Management: Learn to distinguish between genuine risks and audit deficiencies for more accurate and useful risk registers.Third-Party Risk Management: Learn strategies for effectively managing the challenges posed by third party risks in modern business environments.Effective Risk Communication: Master...

    44 min

  4. 2 OCT

    Navigating Mental Health, Narcissism & Burnout in Cybersecurity with Lisa Ventura MBE

    Welcome to Razorwire, the podcast where I, James Rees, cover the cybersecurity topics that matter with expert guests from across the industry. We aim to help cybersecurity professionals enhance their skills, improve their work performance, and boost their overall quality of life in this demanding field. The illustrious Lisa Ventura, MBE, award winning cyber security specialist and the founder of Cyber Security Unity, joins me in this episode. We talk about the pressing issues that cybersecurity professionals face on a daily basis, from mental health struggles to dealing with industry narcissists. Lisa shares her insights on current industry developments and uses her personal experiences to offer practical advice and knowledge for cybersecurity professionals at all career stages. Join us as we talk about: 1. Burnout and Mental Health in Cybersecurity: We talk about the root causes of burnout and mental health issues among cybersecurity professionals, and share practical strategies to protect your wellbeing in a high stress environment. 2. Navigating Industry Narcissism: Gain insights on how to identify and handle narcissistic behaviours in the workplace, and work towards a healthier and more supportive professional atmosphere. 3. Cyber Skills Gap and Industry Trends: Lisa's shares her thoughts on the role of AI and VC money, and the ongoing challenge of closing the cyber skills gap, especially in smaller organisations. Tune in to Razorwire and empower yourself with the knowledge and resilience essential for thriving in the cybersecurity arena. Lisa on handling narcissists in the workplace:  "If it gets too much, I have only one bit of advice. And it's not a good bit of advice to say, and that is to find something new as soon as you possibly can and leave because those individuals will never change." Lisa Ventura, MBE Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Burnout and Mental Health: Discover strategies for managing burnout and maintaining mental health in cybersecurity.Cyber Skills Gap: Learn about the factors contributing to the cyber skills gap and how this can be addressed.Responsibility and Fear: Understand the psychological impact of responsibility and blame in security roles.Budget Reductions and Layoffs: Find out how budget cuts and layoffs are affecting the industry post-pandemic.Handling Narcissistic Individuals: Get practical advice on dealing with narcissistic individuals in the workplace.Infosec Industry Trends: Explore current and future trends in information security, including AI misuse.Legislation and C-Suite Attention: Learn how new legislation is increasing executive-level focus on cybersecurity.Experiences in Infosec: Hear firsthand accounts of dealing with negative behaviours in the industry.Targeting and Narcissism Among Women: Uncover insights on targeting and hypocrisy, even among diversity advocates.Challenges for Young Professionals: Find out how mentorship can help newcomers overcome challenges and impostor syndrome. Resources MentionedCyber Sentinels...

    41 min

  5. 18 SEPT

    ChatGPT vs Cyber Threats: The REAL Role of AI in Cybersecurity

    Unlock the truth about using Large Language Models (LLMs) in cybersecurity - are they the next big thing or just another trend? In this episode of Razorwire, your host, James Rees, brings together cybersecurity expert Richard Cassidy and data scientist Josh Neil to talk about the use of AI and large language models (LLMs) in cybersecurity and their role in threat detection and security. Join us for a discussion on the capabilities and limitations of these technologies, sparked by a controversial LinkedIn post.  We bring you expert insights into AI in security applications and a frank discussion on always being open to learning and correcting misconceptions. Hear about real world examples and practical advice on how to integrate AI tools effectively without falling into common traps. This episode delivers a balanced, in depth look at an often misunderstood but crucial topic in modern cybersecurity. 3 Key Takeaways: Anomaly Detection Challenges: We break down why traditional time series models are still king when it comes to anomaly detection, highlighting the limitations of LLMs. Learn why these models are better suited for identifying real threats without drowning in false positives. Role of Critical Thinking in Cybersecurity: Richard Cassidy emphasises the irreplaceable value of human expertise in threat detection. Discover why relying too heavily on AI could stifle critical thinking and skill development, especially for junior analysts, potentially weakening your security team in the long run. Practical Applications and Misconceptions: Hear a candid conversation about the real strengths and weaknesses of LLMs in cybersecurity. Both guests share practical advice on how LLMs can augment, but not replace, human-driven methods to ensure stronger, more reliable security measures. Tune in to Razorwire for an episode that cuts through the hype and delivers actionable insights for cybersecurity professionals navigating the evolving landscape of AI in security. The Downside of AI in the Workplace:  "My concern with AI assistants or co-pilots with quick and easy answers, the junior analysts aren't learning the critical thinking required to become senior analysts, and therefore we're losing our bench. And we're going to end up with unskilled senior analysts that don't know when the LLM doesn't know what to do. Neither does the human." Josh Neil Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:●      Anomaly Detection Challenges: Find out how experts approach the complex task of identifying unusual patterns in cybersecurity data. ●      LLMs vs. Traditional Methods: We explore different approaches to anomaly detection, comparing cutting-edge AI with established statistical techniques. ●      Organisational Understanding: Listen to insights on the importance of deep knowledge about critical systems for effective threat detection. ●      Surgical vs. Brute Force Approaches: Discover the debate surrounding different methodologies in cybersecurity, and the role of human expertise. ●      Training and Critical Thinking: We examine how the increasing use of AI tools might impact skill development in the cybersecurity workforce. ●      Evolution of Threat Detection:...

    57 min

  6. 4 SEPT

    DORA & NIS2: The Cybersecurity Regulation Revolution

    Are you ready for DORA and NIS2? Discover how these regulations could transform your security strategy! Welcome back to another episode of Razorwire! Today we unpack the DORA and NIS2 regulations with esteemed cybersecurity expert Richard Cassidy. I’m your host, Jim Rees, and I’ll be guiding the conversation for anyone navigating the evolving landscape of digital security in the financial sector. In this information-packed episode: Discover why organisations are dangerously behind in DORA and NIS2 preparationLearn how these EU regulations could impact global operations, including US companiesExplore the potential for hefty fines and personal liability for executivesUnderstand the critical role of third party providers in complianceGet practical advice on assessing your organisation's readinessUncover the challenges of implementing cross border information sharingGain insights on budget planning and vendor alignment for compliance Whether you're a CISO, IT professional or business leader, this episode offers crucial information to help you stay ahead of regulatory changes. Don't miss Richard's expert analysis and insider tips on preparing effectively for compliance. This episode is packed with invaluable insights you won't want to miss. " Don't be looking at this, head in your hands and worry that you haven't got the stack. You most likely do have the capabilities. Now you've just got to understand how you go about aligning to DORA."  Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Regulatory Gap Analysis: Why organisations should start by analysing gaps between current performance and DORA and NIS2 regulations.Vendor Involvement: Why it’s essential to involve vendors and ensure they align with new regulations.Global Impact: Learn how DORA and NIS2 will impact organisations worldwide, especially those within the EU financial industry.Budget Implications: Advice on beginning regulatory analysis before budget renewal, for better allocation of resources.Contract Renegotiation: How to navigate the lengthy process and challenges of renegotiating contracts for compliance with new regulations.Third Party Security: Why we need to include audit rights and fine clauses in contracts with third party service providers.C-suite Accountability: Learn about the personal responsibility of the c-suite under DORA, including potential legal consequences.CISO Role Evolution: Find out how the CISO role is likely to gain more prominence and may replace the CIO in the future.Information Sharing Challenges: We discuss the difficulties organisations might face in sharing cybersecurity information.Implementation Recommendations: How to implement a simplified approach to aligning with DORA by assessing maturity and targeting domain-level improvements. Resources MentionedDORA (Digital Operational Resilience Act)NIS2 (Network and Information Systems 2)a href="https://www.bankofengland.co.uk/prudential-regulation"...

    51 min

  7. 21 AUG

    Contextual Security and Beyond: The Future of Cybersecurity

    Welcome back to Razorwire! I'm Jim, your host, and joining me today are cybersecurity experts Richard Cassidy and Oliver Rochford.   Following on from our last episode of Razorwire, where Oliver and I discussed the key issues that cyber professionals need to focus on in 2024, this episode centres on key takeaways from recent security conferences, particularly RSA and Infosecurity Europe, and explores the shift towards contextual security as highlighted in Byron Acohido's recent report.  The conversation covers several critical topics:  The potential transformation of long term cybersecurity planning Emerging trends in integration and standardisation among security solutions Fresh perspectives on supply chain risk management The debate over vendor accountability for security vulnerabilities Innovative approaches to security budgeting and prioritisation  We discuss the necessity of proactive security approaches, the value of contextual information in threat detection and response, and the importance of considering customer impact when assessing security risks. They also touch on the potential implications of AI advancements for cybersecurity strategies.  We give you an overview of current industry trends, challenges and potential future directions. We challenge conventional ways of thinking and offer insights that may help reshape how listeners approach cybersecurity strategies so you come away with actionable insights and strategies.  The Overwhelming Complexity of Choice at Tech Events  "It's just unbelievable that at every stand you go to [the vendor says] “we're the best in application security.” “We are the best in UEBA.” And I try to put the customer hat on when I go to these events and go, oh my goodness, how does anybody make a decision in the midst of all of this complexity?"   Richard Cassidy    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen    In this episode, we covered the following topics:  Data Growth Management: Addressing the growing need for truly effective data management to secure the projected increase in data volume in the coming years. Communication Challenges: The difficulties in communicating long term infosec plans to the C-suite, who focus on shorter term financial goals. Cultural Shift: How the infosec industry has been impacted by post-lockdown advancements in technology as well as cultural changes. Cybercrime Costs: The predicted increase in the financial cost of cyber attacks is likely to be a more significant financial threat than physical crimes by 2025. Financial Challenges: Current investments in cybersecurity are not keeping pace with the evolving threat landscape. New Strategies: Why we need to move from rules-based to contextual-based security. Integration: How interoperability and synergy between vendors can help address evolving threats. Cyber Senescence: Why we need a longer-term approach to cybersecurity planning. C-Suite Communication: Why infosec professionals need to communicate risk and the importance of security investment to the c-suite effectively. Vendor Relations: The challenges of vendor lock-in, tool...

    48 min

  8. 7 AUG

    Top Cybersecurity Priorities for 2024

    Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion. From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams. Key Talking Points  1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies. 2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions. 3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments. Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024. The Future of Cybersecurity:  "I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything." Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:- Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry. - Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention. - Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present. - Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging. - Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions. - AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges. - Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets. - Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys. - Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies. - Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations. Resources MentionedEvents: Infosec conferenceRSA

    49 min
See All (60)

Trailer

Ratings & Reviews

5
out of 5
4 Ratings

About

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec. Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before. This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience. Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500. The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences. For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com This podcast uses the following third-party services for analysis: OP3 - https://op3.dev/privacy

Information

  • Creator
    Razorthorn Security
  • Years Active
    2022 - 2024
  • Episodes
    60
  • Rating
    Explicit
  • Copyright
    © Copyright 2024 Razorthorn Security
  • Show Website
    Razorwire Cyber Security

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada