Razorwire Cyber Security

Razorthorn Security
Razorwire Cyber Security

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec. Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before. This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience. Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500. The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences. For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com This podcast uses the following third-party services for analysis: OP3 - https://op3.dev/privacy

  1. 19 MAR

    Spotlight on Technology: Mastering Attack Surface Management

    In our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks. We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams. Nick shares eye-opening real-world examples that illustrate the hidden vulnerabilities present in even seemingly secure environments. We cover how organisations can gain continuous visibility of their assets, extend security monitoring to third party suppliers and build a security culture that protects customer data effectively. A must-listen for security professionals seeking practical advice on protecting against modern cyber threats. Key Talking Points: Attack Surface Velocity: Learn how attackers can discover vulnerabilities within just hours instead of weeks, and how Censys's daily internet scanning helps organisations keep pace with this alarming speed. Nick talks about the mechanics behind this acceleration and what it means for your security strategy.Supply Chain Security: Discover the hidden risks in your vendor ecosystem through Nick's shocking real-world example of compromised medical equipment. This is a key example on why monitoring your suppliers' security posture is just as crucial as your own.Beyond Compliance: Understand why building a genuine security culture trumps mere regulatory compliance. Nick and I discuss practical approaches to embedding security consciousness throughout your organisation, from the C-suite to frontline staff. Gain practical insights that will help you better defend your organisation. This conversation goes beyond theoretical concepts to deliver actionable security wisdom you can implement immediately. "If you are looking at your external attack surface any less than daily, you're missing a trick. It has to be scanned at least daily, preferably in real time."  -Nick Palmer, Censys In this episode, we covered the following topics:●     Attack Surface Management: Learn how to identify and manage your organisation's vulnerabilities to prevent cyber attacks. ●     Evolution of IT and Security: Gain historical perspective on how security challenges have evolved to better prepare for future threats. ●     Supply Chain Security: Discover techniques to protect your business from vulnerabilities introduced by third-party suppliers. ●     Legislation and Compliance: Understand how to navigate new regulations like DORA to avoid penalties and legal consequences. ●     Phishing Defence: Master strategies to protect your organisation from increasingly sophisticated social engineering attacks. ●     Rapid Response: Learn why and how to accelerate your security monitoring to match attackers' discovery capabilities. ●     Cloud Security: Acquire practical approaches to securing cloud and virtual environments against emerging threats. ●     Building Security Culture: Develop effective methods to embed security awareness throughout your organisation. ●     Continuous Monitoring: Implement cost-effective techniques for ongoing attack surface visibility to catch vulnerabilities before attackers do. ●     Security Tooling:...

    49 min

  2. 5 MAR

    AI Data Harvesting - Who Really Owns Your Digital Footprint?

    In this episode of Razorwire, we’re looking into the contentious realm of AI and data privacy. This week, I’m joined by Amy Stokes Waters, CEO of The Cyber Escape Room Company, and Ryan Mangan, a chartered IT professional and Microsoft MVP, to explore the ethical implications of feeding our personal data into AI systems. Join our discussion on recent controversies, including Adobe's T&C changes and Clearview's facial recognition technology, while questioning who truly benefits from AI data collection. We debate the balance between technological advancement and personal privacy rights, highlighting the disparities in how different organisations handle consent and transparency. From medical research to creative rights, this episode addresses how AI development is outpacing both regulatory frameworks and organisational policies. As businesses increasingly rely on AI-powered tools, what safeguards should we demand, and how much of our digital footprint are we willing to sacrifice? 3 Key Talking Points: The Opt-Out Illusion: Discover how major tech companies are quietly changing their terms of service to automatically opt users into AI training programmes using your data. We reveal the hidden challenges of truly removing your information once it's been absorbed into AI systems and what this means for your digital privacy. Policy vs. Protection Gap: Learn why most organisations lack proper AI usage policies, leaving customer data vulnerable. Our experts discuss how even well-intentioned employees are likely uploading confidential information to ChatGPT without realising the risks and what safeguards businesses should implement immediately. The Jurisdictional Minefield: Understand the complex legal landscape where regulations like GDPR and HIPAA struggle to keep pace with AI development. Our conversation explores the dangerous territory of international data jurisdiction and how conflicting regulations create loopholes that affect your privacy rights. "I think it's really positive that actually these things are coming out and that there are court cases and legal action being taken against companies who are using data without consent." Amy Stokes Waters Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Spot stealth data collection – Identify how companies like Adobe and LinkedIn are changing their terms of service to automatically opt you into AI training programmesProtect your creative work - Understand the risks to your intellectual property when uploading content to cloud services with AI featuresNavigate consent manipulation - Recognise the tactics used to hide opt-out options and how to find themSafeguard sensitive information - Prevent employees from inadvertently exposing confidential data through ChatGPT and similar toolsUnderstand data sanitisation - Learn what proper data anonymisation actually means and why it matters for your privacyBalance innovation with privacy - Discover how organisations can ethically use AI for advancements in healthcare while protecting personal dataCreate effective AI policies - Develop clear guidelines for your business on appropriate AI usage before data breaches occurRecognise AI's limitations - Identify when AI might present biased or false information, particularly in specialised fields like...

    50 min

  3. 19 FEB

    Inside Incident Response: Turning Chaos into Cohesive Teamwork

    Our latest episode brings in security expert Iain Pye, who shares military tales with me, your host James Rees, about what really happens when everything goes wrong. We get stuck into the nitty-gritty of incident response - the sleepless nights, the pressure from executives, and how to keep your team going when they're running on fumes.  From ransomware attacks to system meltdowns, we chat about war games and escape room scenarios, exploring how organisations can build proper resilience rather than just ticking compliance boxes. We dig into why most incident response plans gather dust in drawers and what happens when you actually need to use them. Ian brings a refreshing military perspective to corporate incident management, showing how battlefield experience translates surprisingly well to handling information security crises.  Whether you're dealing with compromised systems or insider threats, this episode packs practical wisdom for those moments when everything falls apart. 3 Key Talking Points and Reasons to Listen: Building Resilience Through War Games: Discover why military-style drills and wargaming are crucial for effective incident response. Iain and I explore how regular team exercises - from realistic ransomware scenarios to creative "zombie apocalypse" simulations - help build the muscle memory and team dynamics needed when real crises hit. We share practical examples of how to run these exercises effectively.Managing Team Stress in a Crisis: Learn the critical importance of managing your team during long running incidents. We break down the practical aspects often overlooked in incident response plans - from implementing proper shift patterns to ensuring your team stays fed, rested and functional during multi day crises. Find out why pushing your team to exhaustion is a recipe for disaster.Turning Incidents into Improvements: Understand why post-incident analysis is where the real value lies. We discuss how to turn incident learnings into actionable improvements, including how to leverage serious incidents to secure necessary budget improvements. Learn why the "five whys" methodology is essential for preventing future incidents and strengthening your security posture. On building muscle memory through repeated training:  "It's drills essentially. It’s doing the same thing over and over again and having that natural reaction. So you train your body - your mind, essentially - so if the proverbial poo does hit the fan,  you can react in the right way and in accordance with what your SOPs [Standard Operating Procedures] might be." Iain Pye Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Military Training for Incident Response: Learn how military-style drills can transform your team's ability to handle high-pressure security incidents with confidence and precision.Importance of Incident Response in Infosec: Master the essential skill of incident response and protect your organisation from data breaches and ransomware attacks effectively.Human Reactions to Emergencies: Discover practical techniques to keep your team calm and focused when emergencies strike, avoiding costly panic-driven mistakes.Role of Team Trust: Build unshakeable team trust that enables swift, coordinated responses during critical...

    47 min

  4. 5 FEB

    The Cost of Being a CISO Part 2: Ethics, Leadership and Strategic Impact

    Welcome back to Razorwire! I'm your host, Jim, and in this second part of our CISO Dilemmas series, we welcome back security experts Oliver Rochford and Richard Cassidy. Moving beyond the challenges covered in part one, this episode explores the rewarding aspects of the role while taking a frank look at the ethical issues security leaders regularly face. The guests share personal experiences and practical actions for transitioning from technical expertise to strategic leadership, building effective teams and managing relationships across the business.  As regulations tighten and cyber threats evolve, we talk about how the CISO position has grown far beyond its IT roots to become a complex executive role requiring business knowledge, political savvy and strong moral judgement.  This conversation offers a valuable perspective on where the role is heading and what it takes to succeed. Stay til the end for our predictions about how the CISO position will transform over the next five years as organisations grapple with AI, automation and increasing regulatory scrutiny. We’re talking about: The CISO Role Beyond Technology Learn how modern security leaders are shifting from pure technical expertise to become strategic business enablers. Richard and Oliver share some great insights about balancing technical knowledge with leadership skills, and explain why successful CISOs need to master communication, relationship-building and business strategy alongside their security expertise. Navigating Ethical Challenges Get an insider's perspective on the ethical decisions that CISOs face, from breach disclosures to managing surveillance requests. Using some real world examples from Oliver and Richard, we talk about how security leaders can maintain their integrity while balancing business interests, regulatory requirements and moral obligations. Building Future-Ready Security Teams Discover practical approaches to developing high performing security teams in an era of rapid change. The conversation offers actionable guidance on mentoring new talent, improving resilience and creating a positive security culture - essential knowledge for both current leaders and those aspiring to senior  This episode is packed with practical advice and forward-looking perspectives that every cybersecurity professional can benefit from.  "CISOs often face ethical dilemmas... 52% of CISOs reported that they've faced situations where they felt pressured to compromise ethical standards for business interests. In cybersecurity, the hardest decisions aren't technical - they're ethical."  Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Role Definition of the CISO: Learn how to navigate different stakeholder expectations and position yourself effectively as a CISO.Transformational Changes: Gain insights on transitioning from technical expert to strategic business leader.Key Skills for CISOs: Master the essential skills that make modern CISOs successful—from boardroom communication to risk management.Ethical Dilemmas: Handle ethical challenges confidently with real-world strategies from experienced security leaders.Regulatory and Legal Knowledge: Build your knowledge of global security regulations and protect yourself from personal...

    50 min

  5. 22 JAN

    Cybersecurity 2025 – Predictions from the Experts

    Surviving and Thriving in the 2025 Cybersecurity Landscape: Predictions and Strategies Welcome back to Razorwire! Join me, Jim, as we forecast the major trends and changes for 2025 that are set to reshape the cybersecurity industry. Joining me are cyber veterans and regular guests Oliver Rochford and Richard Cassidy. As cybersecurity becomes increasingly complex and critical to business operations, understanding what lies ahead can provide an invaluable edge. In this episode, Richard, Oliver and I break down our predictions for 2025, focusing on market consolidation, the evolution of AI in security and the ever-tightening grip of global regulations. From the rising costs of consultancy services to the rapid proliferation of security technologies, we've got you covered. We'll also take a look into the potential rise of AI-powered hacktivism and what it means for organisations worldwide.  Key Takeaways: Strategic Investment Planning for 2025 - Get expert insights on why vendor consolidation may not be the answer and learn practical approaches to evaluating emerging security technologies against established solutions while managing rising costs.Practical Regulatory Compliance Tactics - Discover how organisations are using AI to efficiently manage overlapping regulations, with actionable strategies for meeting multiple regulatory requirements without duplicating effort.Future-Proofing Your Security Strategy - Learn how the threat landscape is evolving with politically motivated insiders, how organisations are using behavioural analysis in security and what AI can realistically do for security operations in 2025. From understanding emerging markets to decoding regulatory complexities, this episode offers critical insights to arm you for the future. Don’t miss out on these expert predictions and actionable advice! Consolidation of Regulation:  "A group of CISOs wrote to the G20 summit, the OECD member states, writing a letter crying out for some level of sanity on regulatory releases because it's just getting to the point where businesses are struggling." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we’re talking about:● Consolidation of the Cyber Security Market Learn how to evaluate whether vendor consolidation makes sense for your organisation and identify which emerging technologies could add value to your security programme. ● AI in Security Operations Understand the practical applications of AI in security versus future possibilities, helping you make informed decisions about AI investment and implementation. ● Regulation Complexity Discover strategies for efficiently managing overlapping regulations and learn how other organisations are successfully navigating complex compliance requirements. ● Quantum Encryption Learn about forthcoming quantum encryption products and how to start preparing your organisation's encryption infrastructure for quantum resilience. ● AI Enabled Activism Understand how autonomous AI systems could be used in cyber campaigns and what defensive measures you should consider implementing. ● Increased Costs and Market Changes Get practical advice on managing rising security costs and maintaining effective security despite budget pressures. ● Vendor Pricing and Economic Pressures...

    48 min

  6. 8 JAN

    Supercharge Your Security Budget in 2025: Smarter Investments, Stronger Defence

    Ever wonder how to get the most out of your cybersecurity budget without leaving your company vulnerable? Hey there, it’s Jim from Razorwire! In this episode, I sit down with cybersecurity pros Chris Dawson and Iain Pye to chat about smart spending when it comes to your cybersecurity budget. Whether you’re a big enterprise with a hefty budget or a small business wanting maximum impact on a small budget, we’ve got some actionable insights for you. In this episode, we tackle one of the industry's most pressing challenges—how organisations allocate and manage their cybersecurity spending. Together with Chris and Iain, we examine the complex relationship between IT departments and security teams competing for resources, exploring perspectives from startups making their first security investments through to enterprises managing substantial security budgets. Drawing on our collective experience, we challenge conventional wisdom about security investment and explore whether current approaches truly serve organisations effectively. Through real-world examples and hard-earned lessons, we examine why traditional approaches often fall short and propose fresh perspectives on security strategy. Our debate around tools versus talent—and occasional heated disagreements—gives you multiple battle-tested perspectives to help shape your own security investment strategy, whether you're just starting out or running an enterprise security programme. Key Talking Points Get More Bang for Your Security Buck - Learn how successful organisations are stretching their security budgets by intelligently balancing people, tools and training - so you can stop wasting money on solutions that don't deliverBuild Security That Sticks - Discover how to create a security programme that works for your whole business, not just IT, with proven approaches that align security spending to genuine business risksSmart Security on a Budget - Get practical insights on maximising security with minimal spend, from leveraging free tools effectively to knowing when (and how) to bring in expert help Tune in to Razorwire for these tips and more, and start making your cybersecurity budget work harder for you, not the other way around! Decentralised Security Budgeting:  "Security doesn't need to be expensive. It just needs to be effective, and there's a million different ways to handle security in a million different organisations." Jim Rees Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, learn how to:●      Scale Security for Your Company Size: Implement the right cybersecurity strategy whether you're running a small business or large corporation. ●      Balance Your Security Investment: Make informed decisions between hiring security personnel or investing in software tools when working with limited resources. ●      Measure Security ROI: Effectively demonstrate and track the business value of your cybersecurity investments. ●      Choose Security Partners: Select and evaluate third party security providers that match your organisation's needs and budget. ●      Implement Continuous Security Testing: Set up a continuous penetration testing programme using global resources to maintain strong security. ●      Build a Security-Aware Culture: Create and run effective security awareness programmes

    49 min

  7. 11/12/2024

    The Cost of Being A CISO Part 1: Personal, Professional & Organisational Challenges

    Join us for part one of our two-part series examining the world of Chief Information Security Officers. This episode welcomes back Richard Cassidy, Field CISO at Rubrik, and Oliver Rochford, former Gartner analyst and founder of Cyberfuturist. This episode offers insights that will give you insight into what makes security leadership successful - and what can lead to failure. Through real world experiences and practical examples, we explore where CISOs best fit in modern organisations, proven approaches for communicating risk to boards and how to handle increasing personal accountability under new regulations. Our guests share hard won lessons from building security programmes across different business cultures, revealing what works and what doesn't. We also examine why CISO tenures average just 18-24 months, and identify the changes needed to make the role sustainable. As cybersecurity becomes a pivotal aspect of business operations, the significance of CISO roles continues to grow - and so do the challenges. From justifying cybersecurity budgets to handling personal accountability for breaches, we take a look at the complexities and evolving duties of today's CISOs.  For security professionals, this discussion will help you prepare for senior leadership. For current CISOs, you'll gain strategies for navigating common challenges. And for business leaders, you'll learn how to better support and work with your security teams to protect your organisation effectively. Key Talking Points: The role and responsibilities of modern CISOs - understand how the Chief Information Security Officer position has transformed from a technical IT role into a complex business leadership position that spans multiple organisational functions Reporting structures and organisational challenges - discover how different reporting relationships (to CEO, CIO, CFO, etc.) impact a CISO's effectiveness and ability to implement security programmes across the business The personal and professional costs of being a CISO - learn about the realities and challenges that CISOs face, from stress and burnout to reputation management and legal liability, providing valuable insights for those considering or currently in the role Don't miss out on this deep dive into the cost, both personal and professional, of being a Chief Information Security Officer. Evolving Role of the CISO:  “A CISO today is essentially a senior executive that is responsible for designing, implementing, and overseeing any organisation's cybersecurity strategy... But it has significantly evolved from what used to be the old IT security director from simply managing technical security operations to actually acting as a key business partner... balancing risk and compliance and security whilst, and this is the hard part, aligning with organisational goals.” Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Learn proven approaches for justifying security investments - Discover how to effectively demonstrate the value of preventative security measures and build compelling business cases for cybersecurity budgets Master the language of business risk - Learn how to translate complex cyber risks into clear financial, operational, reputational and regulatory

    59 min

  8. 27/11/2024

    Humans vs AI: Building a Security Culture That Actually Works with Noora Ahmed-Moshe

    As AI reshapes cybersecurity threats, understanding how scams are evolving has never been more critical. Welcome to Razorwire. I'm Jim, and today I'm talking with Noora Ahmed-Moshe, VP of Strategy and Operations at Hoxhunt. We'll explore how AI is transforming cybersecurity threats and what that means for protecting ourselves and our organisations. We discuss how traditional scams have changed with AI technology and look at why phishing remains a persistent problem, along with practical ways to make security training more effective. Noora explains her approach to combining smart technology with human awareness and why building a supportive security culture works better than focusing on mistakes. Join us to gain insights into today's cyber threats and take away actionable tips for how organisations can better prepare their teams. 3 Key Talking Points: AI-Enhanced Phishing Techniques: Discover how AI, including tools like ChatGPT, has drastically increased the volume and sophistication of phishing emails, making them harder to detect and more culturally nuanced.Positive Reinforcement in Training: Learn why a supportive, non-punitive approach to security awareness training—using gamification and rewards—can lead to better internalisation of security practices among employees.Deepfake Challenges: Understand the emerging threats posed by deepfake technology, particularly in a remote work environment, and how organisations can adapt their security measures to validate identities effectively. Tune in to this vital discussion to stay ahead of cyber threats and foster a culture of security within your organisation. Motivating Through Gamification:  "It is about motivating people and how you do that. And that's why at Hoxhunt, when we do our training, for example, in terms of social engineering attacks, we reward people anytime they report something. Then they're on a leaderboard, and it's all gamified. So it gives people this real sense of engagement, and that makes it positive." Noora Ahmed-Moshe Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Power up your security training: Learn how to structure effective security training programmes that actually prevent data breaches, based on real-world examples of what works and what doesn't.Master the scammer’s playbook: Understand why "too good to be true" scams continue to succeed by exploring their evolution from the Love Bug virus to modern day frauds, helping you spot timeless patterns in social engineering.Outsmart AI-powered threats: Discover how AI is transforming phishing attempts with sophisticated language and cultural awareness and learn what makes these new attacks so challenging for staff to detect.Stay ahead of QR code attacks: Get ahead of emerging threats by understanding how criminals are exploiting QR codes in innovative ways and learn how to spot these often-overlooked security risks.Unlock human security potential: Understand why human behaviour is at the heart of most security breaches and learn practical ways to address these vulnerabilities in your organisation.Build a confident security culture: Discover why leading organisations are moving away from fear-based security cultures and learn how to create an environment where staff feel confident reporting potential...

    49 min
See All (68)

Trailer

Ratings & Reviews

5
out of 5
4 Ratings

About

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec. Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before. This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience. Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500. The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences. For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com This podcast uses the following third-party services for analysis: OP3 - https://op3.dev/privacy

Information

  • Creator
    Razorthorn Security
  • Years Active
    2022 - 2025
  • Episodes
    68
  • Rating
    Explicit
  • Copyright
    © Copyright 2025 Razorthorn Security
  • Show Website
    Razorwire Cyber Security

You Might Also Like

Content Restricted

This episode cannot be played on the web in your country or region.

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada