Razorwire Cyber Security & InfoSec Insights

Razorthorn Security | Cybersecurity & InfoSec

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

  1. 6 MAY

    Useful or Spam? A CISO's Guide to Vendor Outreach

    Why do so many vendors still get it wrong when selling to security leaders? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Marius Poskus, CISO at a fintech organisation and host of the Cyber Diaries podcast, and Simon Woods, co-founder of One Compliance and a salesperson who's been working in cybersecurity sales for over 15 years. If you're a CISO, you already know how this goes. The same regurgitated emails, the "just 30 seconds of your time" cold calls, the pitches that lead with product features instead of understanding what problem you're actually trying to solve. It's one of the most complained about topics on LinkedIn and in this episode we sit down with a CISO who gets sold to every day and also someone who does the selling to talk about why so much of it is broken. The conversation covers why persistence without research is just spam, why the best vendor relationships take years to build, why AI-generated outreach is making things worse and what salespeople actually need to do differently if they want to get through the door. Whether you're on the receiving end of the hundredth cold approach this week or you're a vendor trying to work out why nobody's responding, there's something in this for both sides. Three key talking points: Why most sales approaches fail before they even start: Sales in cybersecurity has a low barrier to entry, and it shows. We talk why the industry seems to have settled into a cycle of lazy, templated outreach that treats every CISO the same. We cover why this isn't just annoying for the people on the receiving end but how it actively damages the reputation of vendors who might genuinely have something useful to offer. Relationships over transactions: The best vendor relationships in cybersecurity don't start with a sale. They start with genuine engagement, understanding someone's challenges and being useful before there's any commercial benefit. This episode makes the case that the salespeople who build real connections, who act as a first port of call rather than a product pusher, are the ones who eventually get through the door. What good actually looks like: So what does getting it right look like? We break down the practical habits and mindset shifts that separate the salespeople who get responses from the ones who get blocked, and why the answer has far less to do with product knowledge than most people think. If you've ever wanted to tell a salesperson exactly where they're going wrong, this episode does it for you. And if you're the salesperson, consider this a free masterclass. On what every salesperson should think about before hitting send: “Salespeople are not trying to understand the problems that CISOs face. It's all about selling features and product instead of understanding where the pain points are." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics: Why Your Inbox Is Full of Rubbish Find out why so many vendor approaches are lazy, untargeted and AI-generated, and why the low barrier to entry in cybersecurity sales means it's unlikely to improve any time soon. What Makes a Vendor Worth Your Time Discover the signs that a vendor has actually done their homework, understands your challenges and is worth a conversation, versus the ones who are just working through a list. How to Spot a Vendor Who's Out of Their Depth Learn the warning signs that someone is bluffing through a technical conversation rather than being honest about what they know and don't know, and why that should affect your procurement decisions. What You Can Tell From a Single Email Understand why the first approach from a vendor tells you almost everything you need to know about whether they're worth engaging with, and what the red flags look like. Why Vendors Keep Getting It Wrong Find out why so much sales outreach in cybersecurity follows the same broken playbook, and why understanding the mechanics behind it helps you filter faster. It's Not Just Vendors Explore why recruiters, lead generation companies and adjacent industries are all guilty of the same lazy outreach, and why CISOs are getting hit from every direction, not just product sales. When a Vendor Relationship Actually Pays Off Find out what a genuinely useful vendor relationship looks like from the buying side and how to recognise when someone is investing in you rather than just your budget. Managing the Noise So You Don't Miss What Matters Understand why the sheer volume of bad outreach creates a real risk of filtering out the vendors who could genuinely help, and how to build a process that catches the good ones without drowning in the rest. Resources Mentioned Never Split the Difference by Chris Voss One Compliance RMI Cyber Cyber Diaries podcast CTRL+ALT+DEFEND Connect with your host James Rees Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025

    55 min

  2. 22 APR

    Project Glasswing. What Anthropic's Mythos Means for Cybersecurity

    What happens when an AI model can find more vulnerabilities in a day than a red team could find in a year? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst at KuppingerCole covering AI and cybersecurity. Anthropic recently announced Mythos, a security-focused AI model reportedly capable of discovering vulnerabilities that have gone undetected for decades, including a 27-year-old bug in OpenBSD. But how much of this is genuine breakthrough and how much is marketing? This episode cuts through the hype and asks what Mythos actually means for the cybersecurity industry, from the arms race it signals between AI model providers to the competitive implications of restricting access to a small group of US-based companies. The conversation goes well beyond Mythos itself, into the reality that AI-powered hacking at scale is already happening, that existing models have already been used to compromise government infrastructure, and that open source and non-Western alternatives are freely available to anyone who wants them. With 80% of code now being vibe coded with minimal security checks, jailbreaking tools available on the open web and CISOs unable to keep pace with the speed of adoption, the question isn't whether AI will change cybersecurity. It's whether the industry can adapt fast enough to survive what's already here. Three key talking points: The Mythos hype vs the reality of AI-powered hacking: Anthropic's announcement made headlines, but the capability to find and exploit vulnerabilities at scale already exists in models available to anyone. This episode asks whether Mythos is really the breakthrough it's been presented as, or whether the industry should be more concerned about what's already out there, including a recent attack on the Mexican government carried out entirely using standard AI models.The competitive and geopolitical implications of restricted AI models: Mythos has been restricted to a small group of US-based companies, giving at least one major EDR vendor a significant edge over every competitor. But by announcing the capability publicly, Anthropic has effectively told the rest of the world it's possible to build. With Chinese, Russian and open source models already filling the gap, the question is whether restricting access to Western models actually contains anything at all.Why security practitioners can't keep up and what comes next: The pace of AI development has outstripped the ability of security teams to keep up. Even full-time practitioners can't stay on top of the daily volume of new models, new vulnerabilities and new attack techniques. If the people doing this for a living are struggling, what chance does an SMB with a part-time security person have? And where does it end? Possibly with offensive and defensive AI agents fighting it out at scale, with humans increasingly on the sidelines. Whether Mythos lives up to the hype or not, the arms race it signals is already underway. If you want to understand what that means for cybersecurity, this is the conversation to listen to. On the implications of restricting AI security models: “Anthropic may be doing this, but for those of us who are not lucky enough to be Anthropic's friend, other countries, other organisations are not so circumspect.” Jonathan Care Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Anthropic's Mythos Announcement Find out what Anthropic is claiming about Mythos, why it reportedly found a 27-year-old vulnerability in OpenBSD and why not everyone is convinced it's the breakthrough the headlines suggest.AI-Powered Vulnerability Discovery at Scale Understand why the ability to find and exploit vulnerabilities at machine speed already exists and why Mythos may be less of a leap forward than it first appears.The Mexican Government Hack Hear how standard, publicly available AI models were used to compromise multiple government entities and exfiltrate massive amounts of sensitive data over a matter of weeks, without any zero days involved.Restricted Access and Competitive Advantage Explore why limiting Mythos to a handful of US-based companies raises questions about competitive fairness and what it means when one EDR vendor gets capabilities that nobody else has access to.The Open Source and Non-Western Model Landscape Discover why restricting Western models may not contain much at all, with Chinese, Russian and uncensored open source alternatives already being used by security researchers and attackers worldwide.Vibe Coding and Unchecked AI-Generated Code Find out why an estimated 80% of code is now vibe coded, why most of it isn't being properly tested and what that means for the attack surface organisations are unknowingly building.Jailbreaking and Uncensored Models Learn why tools that can jailbreak frontier models on the fly are freely available on the open web and what that tells us about the limits of trying to restrict AI capability.The CISO's Impossible Position Understand why CISOs are caught between an industry that's moving faster than they can govern and organisations that want to adopt AI regardless of whether the security is ready.Keeping Up With the Pace of Change Explore why even full-time security practitioners are struggling to stay on top of the daily volume of new developments and what that means for organisations with fewer resources.The Future: Agent vs Agent Hear why the near future of cybersecurity may look less like humans defending networks and more like offensive and defensive AI agents battling it out at scale, with practitioners increasingly in a supervisory role. Resources Mentioned Anthropic – Mythos/Project Glasswing Mexican Government Cyberattack GodMode AI / Pliny the Prompter (jailbreaking harness) Hugging Face (uncensored models) OpenClaw DeepSeek (Chinese AI model) KuppingerCole SpartanX Technologies / SpartanX AI Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter: @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security

    54 min

  3. 8 APR

    The Rise of CTEM - Why AI Demands a New Approach to Security

    What happens when your organisation adopts AI faster than your security strategy can keep up? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst covering the intersection of AI, cybersecurity and identity. We started out planning to talk about the rise of CTEM (Continuous Threat Exposure Management) and why traditional pentesting and vulnerability scanning can't keep up anymore. But the conversation quickly went further than that, into the real security risks of AI agents, prompt injection, vibe coding and the speed at which organisations are adopting AI without thinking about what happens when it goes wrong. Martin shares examples from his red teaming work of how AI agents can be tricked into exfiltrating data and executing malicious code, Jonathan makes the case for why identity needs to become a first class attack surface in any CTEM programme; and all three of us end up genuinely concerned about what happens when CISOs are expected to govern technology that's moving faster than anyone can keep up with. This one ended up not going quite as planned, and it's all the better for it. Three key talking points: Why traditional security testing can't keep up with AI and agent-driven attacks: Annual pentests and periodic vulnerability scans were built for a world where things changed slowly. Martin and Jonathan explain why that model is no longer suitable when new AI vulnerabilities are emerging daily, most of them without a CVE number attached, and why CTEM as a continuous programme rather than a one-off exercise is becoming essential.How prompt injection and invisible exploits are rewriting the rules of risk: Martin shares examples from his red teaming work where AI agents were tricked into exfiltrating data through a fake spellchecker and downloading malicious code disguised as a support tool. He and Jonathan discuss why prompt injections are so difficult to defend against, how they can be hidden in emails, PDFs, code and even voice, and why traditional security tools don't detect them.What CISOs and tech leaders must face as responsibility and risk escalate: Organisations are adopting AI faster than security teams can govern it, and CISOs are caught between being seen as obstructionist if they slow things down or negligent if they let things through. Jonathan and Martin get into the legal grey areas around who's responsible when an AI agent causes harm and why the lack of clear legislation makes this even harder to navigate. If your organisation is adopting AI and your security model hasn't changed to match, this is a conversation worth listening to. On why traditional security testing no longer works: “You have new releases and new technology popping up almost on a daily basis. And you have vulnerabilities popping up on a daily basis as well. The traditional model we have in place with regular penetration testing, once every three months, once every year, that doesn't cut it anymore.” Martin Voelk Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Acceleration of AI Adoption Find out why organisations are pushing AI adoption at a pace that's leaving security teams behind and why the pressure from upper management to automate is creating serious blind spots.Continuous Threat Exposure Management (CTEM) Evolution Learn why CTEM is a programme not a product, how it differs from traditional vulnerability management and why it focuses on what an attacker can actually exploit right now rather than theoretical CVE scores.Limitations of Traditional Security Testing Understand why annual pentests and periodic vulnerability scans were built for a different era and why they can't keep up with a landscape where new AI vulnerabilities emerge daily.The Changing Nature of Exploits Discover why many of the attacks hitting AI systems don't have a CVE associated with them at all, and why the traditional model of scoring and prioritising vulnerabilities is falling short.Prompt Injection Risks Learn how prompt injections work, why they can be embedded in almost anything from emails and PDFs to code comments and voice, and why they're so difficult to defend against compared to traditional injection attacks.Agentic AI and Chained Attacks Find out why compromising a single AI agent in an orchestrated system can have a knock-on effect across the entire ecosystem, and why the blast radius is far greater than with traditional vulnerabilities.Visibility and Explainability Understand why maintaining oversight of AI systems matters, why security teams risk rubber-stamping AI-driven decisions they don't fully understand and why explainability is becoming a critical requirement.Supply Chain and Third-Party AI Concerns Explore how the use of open source models, third-party AI agents and tools like OpenClaw is exposing organisations to indirect vulnerabilities they may not even know about.Identity as the New Attack Surface Learn why misconfigured identities, over-privileged service accounts and weak authentication between AI agents are becoming primary targets, and why CTEM programmes need to treat identity as a first class concern.Regulatory and Legal Accountability Find out why jurisdictions are still divided on who's responsible when an AI agent causes harm, from the Air Canada chatbot ruling to the question of what accountability looks like when AI is making autonomous decisions. Resources Mentioned Gartner OpenClaw PCI DSS Tenable Nessus Anthropic Claude Claude Secure Code Groq Air Canada - AI Lawsuit Engineering Council of Great Britain 11 Labs Voicebox SpartanX Technologies SpartanX AI Mexican Government Cyberattack Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: a href="https://www.youtube.com/c/RazorthornSecurity" rel="noopener...

    57 min

  4. 25 MAR

    All the Gear and No Idea: What's Actually Going Wrong in Security with Gary Hibberd

    The industry is full of people making security sound complicated so they can sell you the fix. Gary Hibberd and Jim talk about what actually works in cybersecurity. Welcome to Razorwire, where we bring you directly into honest conversations with the minds shaping our industry. I’m your host, Jim, and in this episode, I sit down with Gary Hibberd, co-founder of Consultants Like Us and a veteran of the security, data protection and privacy world. We talk about why so many organisations pour money into security tools and chase compliance without doing the real work underneath, and why it still leaves them exposed. Gary makes the case that one of the biggest security challenges right now is simply speed, that people and organisations are moving too fast to think clearly, and that slowing down is one of the most effective things you can do. We discuss where the industry is heading, why the focus needs to shift from cybersecurity as a purely technical discipline towards genuine organisational resilience and what it takes to cut through the noise of influencers and vendors selling quick fixes that don't exist. We also get into the challenges facing people newer to the industry who are trying to work out who to listen to, why communication and understanding risk matter just as much as technical skills, and why owning your place at the boardroom table is something the security community still needs to get better at. Key Talking Points: Why technical tools and frameworks aren't enough: Gary uses his marathon analogy to explain the issues with buying security kit without doing the work underneath. He and Jim share examples from the field and discuss why leadership and commitment matter more than the software you’ve bought.Beyond cybersecurity: why organisational resilience is the real goal: If your organisation treats security as a purely technical problem, it's missing the bigger picture. Gary and Jim make the case for why the industry needs to move beyond siloed thinking and start building genuine organisational resilience, and what that actually looks like in practice.How to avoid security "false prophets" and spot real expertise: Gary talks about the rise of influencers selling easy compliance that doesn't exist, from GDPR vendors promising a magic fix to people with big platforms and limited experience. He and Jim discuss what to look for in trustworthy voices and why critical thinking still matters more than following whoever shouts the loudest. Join us for an episode filled with real-world insights, practical takeaways, and a reminder that believing in yourself, and your value at the table, is the ultimate career defence. On why products alone won't protect you: "People go, oh, I've got IDS, I've got a SOC, I've got SIEM, I've got this platform, I've got that thing. And you're going, okay, so when was the last time you sat down as a team and talked about what it means to you as a business?" Gary Hibberd Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:From IT to Infosec Find out how Gary's path from office admin and Lotus Notes programming through to European crisis management at GE Money shaped his approach to practical security thinking.Hacker Culture & Mindset Explore why the original meaning of "hacker" was never a negative term, and how curiosity and a desire to push technology beyond its limits drove a whole generation into information security.Evolution of Security Challenges Learn why organisations are moving too fast to make good security decisions and why slowing down might be one of the most effective defences available.Impact of Compliance & Frameworks Understand why standards like ISO 27001 and GDPR had to be introduced because organisations weren't securing data on their own and what that tells us about where the industry still falls short.False Prophets in Cyber Find out how the rise of influencers with big platforms and limited experience are making it harder for newcomers and established professionals alike to find reliable advice.Misconceptions About Tools & Compliance Discover why buying security products is no substitute for doing the real work, and why so many organisations still confuse having the tools with actually being secure.Organisational Resilience as the Goal Find out why we should be treating governance, risk, compliance, business continuity and security as one conversation.Communication & Soft Skills Learn why communication, understanding people and managing risk are just as important as technical skills for anyone working in security. Resources Mentioned Consultants Like Us ISO 27001 ISO 22301 Fortran C C++ Lotus Notes Lotus Domino Microsoft Certified Systems Engineer GDPR (General Data Protection Regulation) Data Protection Act PCI DSS Real Cyber Awards Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter: @RazorThornLTD a href="http://www.razorthorn.com" rel="noopener...

    39 min

  5. 11 MAR

    Trust Nothing: The Rise of Deepfakes in Cybercrime

    Are you confident you could spot a deepfake in your next meeting, or could someone be using your identity without you knowing? Welcome back to Razorwire, the cybersecurity podcast where we explore the challenges professionals face at the cutting edge of threat intelligence. In this episode, I sit down with Alexandra Jorissen, a specialist in deepfake detection and digital identity safeguards. We discuss the explosive rise of deepfake technology, where it's already being used and what it means for personal and professional security. Summary It’s no longer science fiction: deepfakes have become both a tool for petty fraud and a devastating weapon for sophisticated cybercriminals. Together, Alex and I discuss how rapidly these impersonations have improved, from laughable scams to well-orchestrated attacks inside global organisations. We get into how deepfakes are now being used for document fraud, insurance scams and internal expense fraud, and why most people still think they'd be able to spot one. Alex shares inside knowledge from her work with IdentifAI, reveals how detection technology is developing, and offers practical advice for anyone safeguarding digital identities, documents, and core business processes. Key Talking Points & Reasons to Listen Inside Real-Life Deepfake Attacks Hear how a single convincing deepfake Teams meeting led to a $25 million loss at engineering firm Arup, why even well-trained employees followed standard processes and still got fooled and what this tells us about how far social engineering has come.How Deepfakes Bypass Everyday Security Find out how deepfakes are being used far beyond fake videos, from altered salary slips and AI-generated taxi receipts to fraudulent insurance claims, faked passports that pass KYC checks and criminals impersonating executives in remote meetings. Learn why one company discovered its internal expense fraud was three times worse than expected.Detection, Zero Trust and Practical Defence Learn how IdentifAI's forensic detection analyses images pixel by pixel in nanoseconds, why a zero trust mindset needs to extend to identity verification in everyday business and what simple, practical steps like secret questions and duress codes can do to protect against impersonation right now. This is a must-listen for anyone who wants to understand the new deepfake threat landscape, and pick up the actionable intelligence to defend against it. Verifying Identities in Online Meetings: "A lot of people I speak to, they seem to think deepfakes aren't there yet. Like they would still be able to spot them. And that's a very false presumption." Alex Jorissen Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of Deepfakes See how deepfake technology has gone from laughable early efforts like the Will Smith spaghetti video to highly convincing fakes that even experienced professionals struggle to detect.Social Engineering and Deepfakes Learn how deepfakes are supercharging traditional social engineering tactics, making phishing and impersonation attacks far harder to spot than they used to be.Real-World Deepfake Scams Hear about actual cases where organisations have been deceived, including the Arup finance manager who transferred $25 million after a fake Teams call and companies that accidentally hired North Korean engineers using deepfaked identities.Abuse of Deepfakes for Fraud and Blackmail Find out how criminals are using AI to create compromising content of real people, using faked media to ransom victims or threaten reputational damage.Document and Identity Fraud Discover how deepfakes now extend to digital documents and IDs, with faked passports passing standard KYC checks and altered salary slips being used to secure larger loans.Breach of Age and Access Controls Learn how people, including minors, are using deepfaked images and identities to get around age verification and other digital barriers.Insider Threats and Employee Fraud Explore how easy it has become to create fake receipts and invoices using tools like ChatGPT, and why one company found its internal expense fraud was three times worse than it expected.Detection Technology and Limitations Understand how forensic AI analyses images pixel by pixel to detect manipulation, where the technology performs well and where limitations like screenshots and overlaid text still create challenges.The Importance of Zero Trust and Verification Find out why a zero trust mindset needs to apply to identity verification in everyday work, from checking badges to using secret questions and duress codes for high-risk communications.The Challenge of Awareness and Organisational Culture Hear why many organisations still believe deepfakes wouldn't fool them, and how deploying detection technology acts as both a defence and a deterrent that changes behaviour. Resources Mentioned Technical University of Eindhoven Delft University IdentifAi Nigerian prince scam Will Smith eating spaghetti (deepfake reference) Arup (British engineering and design firm) AI Hack KnowBe4 NIST Concur EU AI Act Nanobanana Oliver Rochford Brad Pitt romance scam Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: a

    47 min

  6. 25 FEB

    From Security Theatre to Real Resilience: Why Most Incident Response Plans Fall Apart

    Are you ready for the cybersecurity incident that could bring your business to a standstill? On this episode of Razorwire, I sit down with Marius Poskus, a CISO and vCISO, to tackle one of the most crucial yet overlooked aspects of information security: incident response. Whether you’re leading a cyber team, supporting your board, or simply keen to sharpen your readiness, we dig into what happens when your best defences fail and chaos strikes. We talk about what actually happens when an incident hits and why polished policies on their own aren't enough. From the practical realities CISOs face at the sharp end of an incident, through the pitfalls of security theatre, to the importance of clear communications and building resilience, we get into the lessons the playbooks often miss. Marius and I talk through wargaming, learning from unexpected scenarios and how to empower teams to make tough decisions on the fly. Key talking points: Wargaming the Unthinkable: What happens when your CEO dies? When your entire C-suite is on a plane for six hours and unreachable? When someone poisons the fish at a team dinner? Jim and Marius talk about why the most valuable wargaming exercises aren't the predictable ones. Testing unusual, uncomfortable scenarios is what exposes the single points of failure nobody thought about and builds the kind of muscle memory that no written policy can replace. Decision-making Authority in Crisis: One of Marius's contacts had a major ransomware incident and needed to hire 200 people within hours. The biggest problem wasn't the attack itself, it was getting budget approved and contracts signed fast enough. Learn why pre-agreed access to emergency funds, signing authority and the ability to bypass normal procurement processes can be the difference between a swift response and days of lost time. Security Theatre and Why It Falls Apart Under Pressure: Marius has been making waves on LinkedIn talking about companies that want the appearance of security rather than the real thing. In this episode, he and Jim get into why polished policies that have never been tested crumble the moment a real incident hits, how to tell the difference between genuine preparedness and box-ticking and what it actually takes to build an incident response capability that works when it matters. Listen and step inside the mindset every cybersecurity professional needs before the worst happens. On testing your plan: "You never want to run through an incident response scenario first time when the real thing happens." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Importance of Incident Response Find out why incident response is still one of the most neglected areas of security, how to get organisational buy-in for proper preparation and what happens when the first time you test your plan is during the real thing.Security Theatre vs. Real Preparedness Learn how focusing on the appearance of security rather than genuine preparedness leaves organisations vulnerable when a real incident hits, and what it takes to build real readiness through testing and practice.Practical Testing and Muscle Memory Discover why written policies aren't enough on their own and how regular testing and tabletop exercises help teams build the confidence to act effectively under pressure.Authority and Decision-Making During Events Learn how to set up clear escalation paths and decision-making authority before an incident happens, including access to emergency funds and the ability to hire specialist support at short notice.C-Suite Engagement and Support Find out how senior executives can best support their security teams during an incident, from trusting CISOs to lead the response to providing practical help like food, hotel rooms and team rotations.Communication and PR During Incidents Explore how thoughtful, transparent communication can protect reputation and rebuild trust after a breach, and why generic "we take security seriously" messaging does more harm than good.Resilience and Recovery Strategies Learn how to maintain business operations while an incident is unfolding, from planned team rotations and post-breach customer support to quantifying downtime for the board.Wargaming and Scenario Thinking Find out why testing unusual scenarios, not just technical failures, helps organisations expose single points of failure and prepare for real-world unpredictability.Critical Thinking and Cybersecurity Career Skills Discover why curiosity, initiative and adaptability matter more than following prescribed instructions, both for handling incidents and for building a career in cybersecurity.Learning from Mistakes and History Explore how drawing on real historical events and shared industry experiences equips professionals to handle crisis situations, make tough decisions and build personal resilience. Resources Mentioned SolarWinds Cited as a high-impact security incident affecting third parties and requiring significant communication. https://www.solarwinds.com/ Professor Messer Cited as a free educational resource for CompTIA courses. https://www.professormesser.com/ Network Chuck Mentioned as a well-known YouTuber focused on networking tutorials and resources. https://www.youtube.com/c/NetworkChuck CompTIA Reference to a popular provider of IT and cybersecurity certifications. https://www.comptia.org/ Y2K (Year 2000 problem) Discussed as a past example of widespread incident response planning. https://en.wikipedia.org/wiki/Year_2000_problem Changi Jail Historical site referenced during a discussion of resilience and decision-making under pressure. https://en.wikipedia.org/wiki/Changi_Prison Rorke’s Drift Brought up as a historical account to learn about resilience. https://en.wikipedia.org/wiki/Battle_of_Rorke%27s_Drift Apollo 13 (“Houston, we have a problem”) Referenced as an example of problem solving under extreme pressure with limited resources. https://en.wikipedia.org/wiki/Apollo_13 US Military zombie apocalypse wargaming Referenced as an example of creative scenario planning for incident response. https://en.wikipedia.org/wiki/CONOP_8888 The Y-Files Referenced as a source of conspiracy theories and unusual scenarios Jim enjoys. https://www.youtube.com/@TheYFiles Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and...

    45 min

  7. 11 FEB

    No Honour Amongst Thieves: The Hidden World of Hackers and Cyber Criminals

    Is there really honour amongst cybercriminals or is it every hacker for themselves? On this episode of Razorwire, I’m joined by Martin Voelk, a seasoned ethical hacker, to take a look at how the world’s most notorious cybercriminal groups really operate. We trace the journey from early hacking culture to today’s sprawling underworld of digital organised crime. Along the way, we ask: What does "hacker" truly mean and who actually gets caught when the authorities close in? We discuss the blurred lines between white hat and black hat hackers and why some of the most skilled operators never set foot in the countries they target. Martin and I explore the various motivations behind cyber attacks, from ideology to pure profit and debate why classic notions of criminal “honour” simply don’t hold up in this ruthless business. We share stories from both sides of the fence - how cyber gangs operate like corporations, how rivalry and betrayal play out behind the scenes and why it’s never been easier to get started in cybercrime (if you’re not fussy about the law). The episode closes with a stark look at the arms race between attackers and defenders and what it means for the future of cybersecurity. Three key talking points Fresh Perspectives on Hacker Mentality:Martin breaks down the difference between hackers, researchers and outright criminals, challenging media stereotypes. We examine why understanding attacker psychology isn’t just academic - it’s essential for building better defences.Behind the Scenes of Cybercrime-as-a-Service:Hear how today’s criminal groups mirror legitimate organisations, complete with their own HR, development teams and even “scapegoats” to throw authorities off their trail. Discover what this corporatisation means for detection, attribution and response.The Global Chessboard: Tactics, Rivalries and AI Advances:Learn why the most effective cyber operators operate with impunity from certain countries, protected through corruption and international legal gaps. We unpack how rivalries really play out, the role of AI in hands of both attackers and defenders and what to expect as attack automation accelerates. Tune in and arm yourself with real-world insights that go beyond the headlines - because what you don’t know about the criminal underground could be your biggest risk. AI-Powered Cyber Threats Target Weaker Defences: "Because the hackers are predominantly looking at the weakest targets, does it make sense to hack into the most sophisticated bank in the United States? Or do I rather target a mid-sized bank in Mexico where I already know that they had previous security vulnerabilities?" Martin Voelk Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of HackingExplore how hacking started as a curiosity-driven activity, the role of groups like the Chaos Computer Club and why the term “hacker” was never originally a negative label.Different Types of HackersLearn about the three main categories of attacker (hacktivists, financially motivated criminals and state-sponsored groups) and what drives each of them.Organised Crime's Role in CybercrimeDiscover how cybercrime evolved from individuals working alone to structured operations with recruitment, development teams and corporate-style hierarchies.Scapegoats and Sacrificial LambsFind out what can happen to less skilled members of criminal groups and how the people who get arrested are rarely the ones running the operation.Safe Havens and Jurisdictional GapsUnderstand how top operators work from countries with no extradition treaties, often protected by corruption, and why Western law enforcement struggles to reach them.The Rise of Ransomware and EspionageLearn why attackers target Western organisations where ransoms are more likely to be paid and how corporate espionage is a bigger part of the picture than most people realise.Rivalries and Alliances Among Hacker GroupsFind out how competition between groups plays out in forums, why it’s driven by profit rather than politics and how hackers from rival nations routinely work together.AI's Dual Impact on CybersecurityLearn why AI has made it easier than ever to develop malicious code, how both sides are using it and why SMBs and less cyber-aware countries face the greatest risk going forward. Resources Mentioned Silk Road Dread Pirate Roberts Conti Files Chaos Computer Club GitHub Hugging Face Claude Code Cursor CLI Google Anti-Gravity Flipper Zero Tor network El Salvador crypto currency acceptance Tron chain Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: a...

    55 min

  8. 28 JAN

    What’s Making 2026 the Toughest Year Yet for CISOs

    What threats should CISOs prioritise as we move into 2026? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're looking ahead to the challenges facing security leaders in 2026. I'm joined by Richard Cassidy, EMEA CISO at Rubrik, and together, we discuss the three themes dominating CISO conversations: navigating the expanding regulatory landscape, preparing for quantum computing's impact on existing cryptography and understanding how attackers are shifting from loud ransomware to quiet economic warfare through time drag operations. Summary This episode examines the strategic and operational challenges CISOs face in 2026. The conversation covers how evolving regulations require fundamental changes to business operations and threat response, why tabletop exercises with executive teams are becoming standard practice for testing organisational maturity and how quantum computing is moving from theoretical concern to practical planning requirement. Richard and Jim discuss the technological shifts happening simultaneously with AI and quantum computing and why security awareness gained during the pandemic is being eroded by the race to implement new technologies without proper security consideration. The episode explores how attackers are evolving beyond traditional ransomware towards time drag operations that threaten business continuity without triggering incident declarations and why the combination of deepfakes and AI-driven social engineering represents a fundamental challenge to shared reality. Three Key Talking Points: The Regulatory Burden and Tabletop Testing Learn about the regulatory challenges CISOs face across DORA, NIS2 and evolving frameworks, plus why organisations are increasingly running tabletop exercises with executive teams. Discover how war gaming activities help boards understand real-world breach scenarios and test organisational maturity beyond traditional red teaming. Find out how recent breaches at companies like Ubisoft, M&S and Jaguar Land Rover are driving leadership to take security seriously. Quantum Computing's Imminent Impact Understand why quantum computing has moved from background concern to top-three CISO priority for 2026 to 2028. Explore the timeline for quantum threats to existing cryptography, what organisations need to do now to prepare for post-quantum cryptography and why there's significant uncertainty around adoption strategies. See how quantum computing combines with AI to create a tectonic shift in security technology that requires planning today. Time Drag Operations and Economic Warfare Discover the shift from loud ransomware to quiet time drag attacks where threat actors threaten extended operational downtime rather than data theft. Learn why boards will pay millions to restore business continuity without declaring cyber incidents and how attackers are exploiting the economic model where disruption costs more than ransom. Explore how this combines with AI-powered deepfakes and social engineering to create attacks that undermine shared reality itself. On the appearance of security: "The economic model of cybercrime has shifted from traditional theft to time drag. If attackers know they can present you with a problem where you're not going to be able to recover your key systems for an inordinate amount of time, there's a higher likelihood that you are going to pay for a level of data or knowledge that will get you back to operational efficiency rather quick." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Evolving Regulatory Frameworks Learn about the challenges posed by DORA, NIS2 and other regulatory requirements, including uncertainty around implementation, costs and the procedural changes they demand from organisations. Executive Tabletop Exercises Discover why organisations are moving beyond traditional pen testing to run war gaming scenarios with executive teams, testing how leadership would respond to real-world breach scenarios like those that hit M&S, JLR and MGM. Quantum Computing Preparation Understand why quantum computing has become a top-three CISO concern for 2026 to 2028, what organisations need to know about post-quantum cryptography and why planning needs to start now despite uncertainty around timelines. Security Awareness Erosion Explore how the security awareness gained during the pandemic is being pushed aside by the rush to implement AI and other technologies, with businesses prioritising efficiency over security considerations. The RAM Crisis and Supply Chain Impact Find out about the technological shifts happening with component shortages, RAM price increases and how hardware availability is affecting security planning and organisational technology strategies. AI as a Constant Theme See how AI weaves through every major security challenge, from regulatory compliance to quantum preparation, even when it's not explicitly the top concern. The Shift to Time Drag Operations Learn about the attacker evolution from loud, transactional ransomware to quiet economic warfare where threat actors threaten indefinite operational disruption rather than data theft. Why Boards Pay Without Declaring Incidents Understand the economics of why executive teams will pay millions to restore business continuity quickly rather than endure months of disruption, often without ever declaring a cyber incident publicly. Deepfakes and Loss of Shared Reality Discover the fundamental challenge posed by AI-driven deepfakes and social engineering that make it increasingly difficult to determine what's real, including examples of CEO-targeted WhatsApp attacks and voice cloning. Educating Users Against Sophisticated Social Engineering Explore why organisations must improve user education to detect the growing sophistication of AI-powered social engineering, deepfakes and attacks designed to exploit human trust and decision-making. Resources Mentioned Rubrik DORA NIST Framework NIST2 Marks and Spencer Cyber Attack Jaguar Land Rover Cyber Attack MGM Cyber Attack Ubisoft Cyber Attack Corsair Nvidia IBM Scattered Spider Shiny Lapis Hunters NCSE USA Sun Tzu's Art of War a href="https://vaclavsmil.com/" rel="noopener

    50 min
See All (97)

Trailer

Ratings & Reviews

5
out of 5
4 Ratings

About

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

Information

  • Creator
    Razorthorn Security | Cybersecurity & InfoSec
  • Years Active
    2022 - 2026
  • Episodes
    97
  • Rating
    Explicit
  • Copyright
    © Copyright 2026 Razorthorn Security | Cybersecurity & InfoSec
  • Show Website
    Razorwire Cyber Security & InfoSec Insights

You Might Also Like