45 episodes

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec.

Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before.

This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience.

Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500.

The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences.

For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com

This podcast uses the following third-party services for analysis:

Chartable - https://chartable.com/privacy

Razorwire Cyber Security Razorthorn Security

    • Technology

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec.

Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before.

This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience.

Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500.

The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences.

For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com

This podcast uses the following third-party services for analysis:

Chartable - https://chartable.com/privacy

    Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter

    Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter

    Welcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion.
    Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. 
    Key Talking Points
    Personal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation.
    Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate.
    -Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout.
    Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people.


    Embracing Failure for Cybersecurity Improvement: 
    "We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’"
    Yanya Viskovich
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises.
    - Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers.
    - Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure.
    - Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation.
    - Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals.
    - Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic.
    - Power of Recognition: We...

    • 1 hr 15 min
    The Impact of FAIR on Risk Management with Jack Jones

    The Impact of FAIR on Risk Management with Jack Jones

    Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.
    In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!
    Key Talking Points:
    1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.
    2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.
    3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.
    For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.

    “I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” 
    - Jack Jones

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.
      
    - Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.
      
    - Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.
      
    - Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.
      
    - Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the...

    • 41 min
    The Real Impact of the Lockbit Ransomware Takedown

    The Real Impact of the Lockbit Ransomware Takedown

    Welcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. 
    Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. 

    Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. 

    Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you.

    Key Talking Points:
    1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts.
    2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach.
    3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board.

    Don’t miss out on this candid and informative discussion. 

    "There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there."
    Oliver Rochford

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:
    - Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain.
    - Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions.
    - Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector.
    - Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals.
    - Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals
    - Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios.
    - Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness.

    - Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement.

    Resources Mentioneda href="https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group" rel="noopener noreferrer"...

    • 51 min
    The Rise of Cyber Mercenaries: Governments' Secret Weapons in Cyber Warfare

    The Rise of Cyber Mercenaries: Governments' Secret Weapons in Cyber Warfare

    In this episode, we tackle some of the most pressing issues in the convergence of cyber warfare, information security and political strategy. Our guests, Iain and Chris, share their frontline insights on how the digital realm has become a playground for clandestine operations, where cyber mercenaries are the new knights, rooks and perhaps even the kings. 
    We examine the repercussions and complexities of engaging third party cyber groups for state-sponsored operations, debate the seemingly lucrative appeal of cybercrime and look at real-world examples where the cyber realm has been militarised. Discussions range from the effect of bot networks on democracies, to the specific roles of organised criminal cyber divisions and the evolution of digital espionage.
    Talking Points:
    1. The Intricate Web of Cyber Mercenaries: Discover the hidden connections between governments, political factions and cyber mercenaries. We unravel the complex tactics and consequences of outsourcing cyber warfare and the ethical lines that get blurred along the way. 

    2. The Business of Cyber Conflict: We talk about the paradoxical profitability of cybercrime versus the costs of robust defence. We discuss the art of balancing offensive strategies and cybersecurity defences, drawing comparisons between private sector incentives and government backed digital warfare. Professionals keen on risk assessment and cyber strategies will find this conversation particularly interesting.

    3. Navigating Cybersecurity Governance: Dive into a crucial debate on managing the cyber mercenary phenomenon, filtration in intelligence gathering, and the quintessential role of governance in preventing operational downfall. As we explore the undeniable need for quality defence mechanisms, the insights shared here are invaluable for any professional aiming to stay ahead of cyber threats.

    Join us on Razorwire, your go-to podcast for cutting through the digital noise, as we delve into a world where cyber conflict is omnipresent and the concept of warfare is forever altered. This is one episode you'll want to replay, decrypt and safeguard in your mental arsenal.


    "It's not like a physical mercenary group where you can see them. They're not blowing anything up. Nothing's going to go bang so people actually notice. So unless a government gets hacked or something happens, unless they shut down the national grid, unless there’s collateral damage that comes with it - they can pretty much hide it away, can't they?"
    Chris Dawson
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:Government and Media Control: Exploring the intersections of government ownership of media and its implications for information security and cyber warfare.Corporate Espionage and Cyber Warfare: Debating the ethical and strategic considerations of engaging in corporate espionage and cyber warfare.Cyber Mercenaries: Examining the rise of cyber mercenary groups willing to conduct cyber warfare operations for hire.Digital Infrastructure Security: Discussing the technical and strategic challenges associated with detecting and defending against compromises in digital infrastructures.Plausible Deniability and Cyber Attacks: Considering the strategy of plausible deniability and its potential to shield governments from the fallout of cyber operations.Monetisation of Cyber Crime: Analysing the profitability and incentives driving skilled cybercriminals and how crime pays in the cyber realm.Cyber Warfare and Political...

    • 45 min
    Trends in Identity and Access Management with Simon Moffatt

    Trends in Identity and Access Management with Simon Moffatt

    Hello Razorwire listeners! It's your host Jim here, and in today's fascinating episode, we sit down with cybersecurity veteran Simon Moffatt. With two decades under his belt in the dynamic field of identity and access management, Simon unpacks the complexities of cyber protection in our modern age. From the evolution of technology to the murky waters of liability and insurance in cybersecurity, Simon's insights shed light on the challenges and trends we face. 
    As the founder of The Cyber Hut, Simon taps into his experience with giants like Oracle and ForgeRock and his startup stints to guide organisations through the labyrinth of cybersecurity strategies. 
    We talk about the seismic shifts in industry practices, highlighting the advent of cloud technologies and "as a service" models and the post pandemic rise of remote work. We explore the forefront of passwordless technology, the challenges of IoT security, and the critical nature of defence in depth strategies.
    You’ll hear about a significant legal battle that a sizable organisation won against its insurers, highlighting the larger uncertainties in cyber liability insurance. Find out about Simon's predictions for the industry's trajectory, combined with his first hand accounts of working in various sectors of the tech world, to provide a rare glimpse into the past, present and future of cybersecurity.
    Key Talking Points:
    1. The Transformation of Cyber Liability Insurance: Discover why a major organisation's legal victory signals a critical juncture for cyber liability coverage and what this means for businesses navigating today's risk landscape.
    2. Passwordless Futures and Biometric Booms: Tune in as Simon forecasts the rise of biometric authentication over the next few years, discussing how behaviour tracking could redefine threat detection and response.
    3. Cloud Confusion and Shared Responsibilities: Uncover the intricacies of cloud service models and how shifting boundaries have resulted in complex challenges for CISOs and CIOs in pinpointing control and ownership amidst a virtual landscape.
    Ready for a deep dive into cybersecurity's evolving realm with Simon Moffatt? Join us on Razorwire to unravel the enigma of cyber protection in our interconnected world.
    “Cyber's a top priority, maybe even more so than it was 3 or 4 years ago. By that, I mean people are quite familiar with protecting their own identities, or PII protection. People are aware of hackers, you know, the bad guys, nation state threats."
    Simon Moffatt
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:Concerns and challenges surrounding data protection liabilityThe problems of uncertainty due to the constantly changing landscape of cyber liability insuranceIncomplete picture of cybersecurity with third party intelligence companiesThe limitations of third party intelligence companies in the cybersecurity space Trends in identity and access management Introduction to The Cyber Hut, a business focused on tracking cyber trends and aiding organisations in navigating the cybersecurity landscapeThe shift towards cloud technology, remote work and changes in software deliveryThe blurred lines of responsibility in cloud services are explored, raising questions about data ownership and controlThe need for agility, modularity and preparedness in systems following the pandemic
    GUEST BIOSimon MoffattSimon is a recognised expert in the fields of digital identity, access and information security who assists organisations in the...

    • 45 min
    Adapting to Legislative Demands: Insights on Cyber Security Compliance in Critical Infrastructure

    Adapting to Legislative Demands: Insights on Cyber Security Compliance in Critical Infrastructure

    Welcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I'm your host, Jim, and in today's episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos.
    In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications.
    Key Talking Points:
    1. The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation.
    2. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments.
    3. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation.
    “We can't let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it's a distraction, I think, from real security."
    Steve Applegate - Dragos
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation.Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls.Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs.Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats.Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks.Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes.Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency.Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC.Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology.Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry.
    Resources Mentioned- Dragos
    - Sellafield
    a...

    • 55 min

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
Acquired
Ben Gilbert and David Rosenthal
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Deep Questions with Cal Newport
Cal Newport
NCSC Cyber Series
National Cyber Security Centre
Dwarkesh Podcast
Dwarkesh Patel

You Might Also Like