Razorwire Cyber Security Insights

Razorthorn Security
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

  1. 1D AGO

    Trust Nothing: The Rise of Deepfakes in Cybercrime

    Are you confident you could spot a deepfake in your next meeting, or could someone be using your identity without you knowing? Welcome back to Razorwire, the cybersecurity podcast where we explore the challenges professionals face at the cutting edge of threat intelligence. In this episode, I sit down with Alexandra Jorissen, a specialist in deepfake detection and digital identity safeguards. We discuss the explosive rise of deepfake technology, where it's already being used and what it means for personal and professional security. Summary It’s no longer science fiction: deepfakes have become both a tool for petty fraud and a devastating weapon for sophisticated cybercriminals. Together, Alex and I discuss how rapidly these impersonations have improved, from laughable scams to well-orchestrated attacks inside global organisations. We get into how deepfakes are now being used for document fraud, insurance scams and internal expense fraud, and why most people still think they'd be able to spot one. Alex shares inside knowledge from her work with IdentifAI, reveals how detection technology is developing, and offers practical advice for anyone safeguarding digital identities, documents, and core business processes. Key Talking Points & Reasons to Listen Inside Real-Life Deepfake Attacks Hear how a single convincing deepfake Teams meeting led to a $25 million loss at engineering firm Arup, why even well-trained employees followed standard processes and still got fooled and what this tells us about how far social engineering has come.How Deepfakes Bypass Everyday Security Find out how deepfakes are being used far beyond fake videos, from altered salary slips and AI-generated taxi receipts to fraudulent insurance claims, faked passports that pass KYC checks and criminals impersonating executives in remote meetings. Learn why one company discovered its internal expense fraud was three times worse than expected.Detection, Zero Trust and Practical Defence Learn how IdentifAI's forensic detection analyses images pixel by pixel in nanoseconds, why a zero trust mindset needs to extend to identity verification in everyday business and what simple, practical steps like secret questions and duress codes can do to protect against impersonation right now. This is a must-listen for anyone who wants to understand the new deepfake threat landscape, and pick up the actionable intelligence to defend against it. Verifying Identities in Online Meetings: "A lot of people I speak to, they seem to think deepfakes aren't there yet. Like they would still be able to spot them. And that's a very false presumption." Alex Jorissen Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of Deepfakes See how deepfake technology has gone from laughable early efforts like the Will Smith spaghetti video to highly convincing fakes that even experienced professionals struggle to detect.Social Engineering and Deepfakes Learn how deepfakes are supercharging traditional social engineering tactics, making phishing and impersonation attacks far harder to spot than they used to be.Real-World Deepfake Scams Hear about actual cases where organisations have been deceived, including the Arup finance manager who transferred $25 million after a fake Teams call and companies that accidentally hired North Korean engineers using deepfaked identities.Abuse of Deepfakes for Fraud and Blackmail Find out how criminals are using AI to create compromising content of real people, using faked media to ransom victims or threaten reputational damage.Document and Identity Fraud Discover how deepfakes now extend to digital documents and IDs, with faked passports passing standard KYC checks and altered salary slips being used to secure larger loans.Breach of Age and Access Controls Learn how people, including minors, are using deepfaked images and identities to get around age verification and other digital barriers.Insider Threats and Employee Fraud Explore how easy it has become to create fake receipts and invoices using tools like ChatGPT, and why one company found its internal expense fraud was three times worse than it expected.Detection Technology and Limitations Understand how forensic AI analyses images pixel by pixel to detect manipulation, where the technology performs well and where limitations like screenshots and overlaid text still create challenges.The Importance of Zero Trust and Verification Find out why a zero trust mindset needs to apply to identity verification in everyday work, from checking badges to using secret questions and duress codes for high-risk communications.The Challenge of Awareness and Organisational Culture Hear why many organisations still believe deepfakes wouldn't fool them, and how deploying detection technology acts as both a defence and a deterrent that changes behaviour. Resources Mentioned Technical University of Eindhoven Delft University IdentifAi Nigerian prince scam Will Smith eating spaghetti (deepfake reference) Arup (British engineering and design firm) AI Hack KnowBe4 NIST Concur EU AI Act Nanobanana Oliver Rochford Brad Pitt romance scam Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: a

    47 min

  2. FEB 25

    From Security Theatre to Real Resilience: Why Most Incident Response Plans Fall Apart

    Are you ready for the cybersecurity incident that could bring your business to a standstill? On this episode of Razorwire, I sit down with Marius Poskus, a CISO and vCISO, to tackle one of the most crucial yet overlooked aspects of information security: incident response. Whether you’re leading a cyber team, supporting your board, or simply keen to sharpen your readiness, we dig into what happens when your best defences fail and chaos strikes. We talk about what actually happens when an incident hits and why polished policies on their own aren't enough. From the practical realities CISOs face at the sharp end of an incident, through the pitfalls of security theatre, to the importance of clear communications and building resilience, we get into the lessons the playbooks often miss. Marius and I talk through wargaming, learning from unexpected scenarios and how to empower teams to make tough decisions on the fly. Key talking points: Wargaming the Unthinkable: What happens when your CEO dies? When your entire C-suite is on a plane for six hours and unreachable? When someone poisons the fish at a team dinner? Jim and Marius talk about why the most valuable wargaming exercises aren't the predictable ones. Testing unusual, uncomfortable scenarios is what exposes the single points of failure nobody thought about and builds the kind of muscle memory that no written policy can replace. Decision-making Authority in Crisis: One of Marius's contacts had a major ransomware incident and needed to hire 200 people within hours. The biggest problem wasn't the attack itself, it was getting budget approved and contracts signed fast enough. Learn why pre-agreed access to emergency funds, signing authority and the ability to bypass normal procurement processes can be the difference between a swift response and days of lost time. Security Theatre and Why It Falls Apart Under Pressure: Marius has been making waves on LinkedIn talking about companies that want the appearance of security rather than the real thing. In this episode, he and Jim get into why polished policies that have never been tested crumble the moment a real incident hits, how to tell the difference between genuine preparedness and box-ticking and what it actually takes to build an incident response capability that works when it matters. Listen and step inside the mindset every cybersecurity professional needs before the worst happens. On testing your plan: "You never want to run through an incident response scenario first time when the real thing happens." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Importance of Incident Response Find out why incident response is still one of the most neglected areas of security, how to get organisational buy-in for proper preparation and what happens when the first time you test your plan is during the real thing.Security Theatre vs. Real Preparedness Learn how focusing on the appearance of security rather than genuine preparedness leaves organisations vulnerable when a real incident hits, and what it takes to build real readiness through testing and practice.Practical Testing and Muscle Memory Discover why written policies aren't enough on their own and how regular testing and tabletop exercises help teams build the confidence to act effectively under pressure.Authority and Decision-Making During Events Learn how to set up clear escalation paths and decision-making authority before an incident happens, including access to emergency funds and the ability to hire specialist support at short notice.C-Suite Engagement and Support Find out how senior executives can best support their security teams during an incident, from trusting CISOs to lead the response to providing practical help like food, hotel rooms and team rotations.Communication and PR During Incidents Explore how thoughtful, transparent communication can protect reputation and rebuild trust after a breach, and why generic "we take security seriously" messaging does more harm than good.Resilience and Recovery Strategies Learn how to maintain business operations while an incident is unfolding, from planned team rotations and post-breach customer support to quantifying downtime for the board.Wargaming and Scenario Thinking Find out why testing unusual scenarios, not just technical failures, helps organisations expose single points of failure and prepare for real-world unpredictability.Critical Thinking and Cybersecurity Career Skills Discover why curiosity, initiative and adaptability matter more than following prescribed instructions, both for handling incidents and for building a career in cybersecurity.Learning from Mistakes and History Explore how drawing on real historical events and shared industry experiences equips professionals to handle crisis situations, make tough decisions and build personal resilience. Resources Mentioned SolarWinds Cited as a high-impact security incident affecting third parties and requiring significant communication. https://www.solarwinds.com/ Professor Messer Cited as a free educational resource for CompTIA courses. https://www.professormesser.com/ Network Chuck Mentioned as a well-known YouTuber focused on networking tutorials and resources. https://www.youtube.com/c/NetworkChuck CompTIA Reference to a popular provider of IT and cybersecurity certifications. https://www.comptia.org/ Y2K (Year 2000 problem) Discussed as a past example of widespread incident response planning. https://en.wikipedia.org/wiki/Year_2000_problem Changi Jail Historical site referenced during a discussion of resilience and decision-making under pressure. https://en.wikipedia.org/wiki/Changi_Prison Rorke’s Drift Brought up as a historical account to learn about resilience. https://en.wikipedia.org/wiki/Battle_of_Rorke%27s_Drift Apollo 13 (“Houston, we have a problem”) Referenced as an example of problem solving under extreme pressure with limited resources. https://en.wikipedia.org/wiki/Apollo_13 US Military zombie apocalypse wargaming Referenced as an example of creative scenario planning for incident response. https://en.wikipedia.org/wiki/CONOP_8888 The Y-Files Referenced as a source of conspiracy theories and unusual scenarios Jim enjoys. https://www.youtube.com/@TheYFiles Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and...

    45 min

  3. FEB 11

    No Honour Amongst Thieves: The Hidden World of Hackers and Cyber Criminals

    Is there really honour amongst cybercriminals or is it every hacker for themselves? On this episode of Razorwire, I’m joined by Martin Voelk, a seasoned ethical hacker, to take a look at how the world’s most notorious cybercriminal groups really operate. We trace the journey from early hacking culture to today’s sprawling underworld of digital organised crime. Along the way, we ask: What does "hacker" truly mean and who actually gets caught when the authorities close in? We discuss the blurred lines between white hat and black hat hackers and why some of the most skilled operators never set foot in the countries they target. Martin and I explore the various motivations behind cyber attacks, from ideology to pure profit and debate why classic notions of criminal “honour” simply don’t hold up in this ruthless business. We share stories from both sides of the fence - how cyber gangs operate like corporations, how rivalry and betrayal play out behind the scenes and why it’s never been easier to get started in cybercrime (if you’re not fussy about the law). The episode closes with a stark look at the arms race between attackers and defenders and what it means for the future of cybersecurity. Three key talking points Fresh Perspectives on Hacker Mentality:Martin breaks down the difference between hackers, researchers and outright criminals, challenging media stereotypes. We examine why understanding attacker psychology isn’t just academic - it’s essential for building better defences.Behind the Scenes of Cybercrime-as-a-Service:Hear how today’s criminal groups mirror legitimate organisations, complete with their own HR, development teams and even “scapegoats” to throw authorities off their trail. Discover what this corporatisation means for detection, attribution and response.The Global Chessboard: Tactics, Rivalries and AI Advances:Learn why the most effective cyber operators operate with impunity from certain countries, protected through corruption and international legal gaps. We unpack how rivalries really play out, the role of AI in hands of both attackers and defenders and what to expect as attack automation accelerates. Tune in and arm yourself with real-world insights that go beyond the headlines - because what you don’t know about the criminal underground could be your biggest risk. AI-Powered Cyber Threats Target Weaker Defences: "Because the hackers are predominantly looking at the weakest targets, does it make sense to hack into the most sophisticated bank in the United States? Or do I rather target a mid-sized bank in Mexico where I already know that they had previous security vulnerabilities?" Martin Voelk Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of HackingExplore how hacking started as a curiosity-driven activity, the role of groups like the Chaos Computer Club and why the term “hacker” was never originally a negative label.Different Types of HackersLearn about the three main categories of attacker (hacktivists, financially motivated criminals and state-sponsored groups) and what drives each of them.Organised Crime's Role in CybercrimeDiscover how cybercrime evolved from individuals working alone to structured operations with recruitment, development teams and corporate-style hierarchies.Scapegoats and Sacrificial LambsFind out what can happen to less skilled members of criminal groups and how the people who get arrested are rarely the ones running the operation.Safe Havens and Jurisdictional GapsUnderstand how top operators work from countries with no extradition treaties, often protected by corruption, and why Western law enforcement struggles to reach them.The Rise of Ransomware and EspionageLearn why attackers target Western organisations where ransoms are more likely to be paid and how corporate espionage is a bigger part of the picture than most people realise.Rivalries and Alliances Among Hacker GroupsFind out how competition between groups plays out in forums, why it’s driven by profit rather than politics and how hackers from rival nations routinely work together.AI's Dual Impact on CybersecurityLearn why AI has made it easier than ever to develop malicious code, how both sides are using it and why SMBs and less cyber-aware countries face the greatest risk going forward. Resources Mentioned Silk Road Dread Pirate Roberts Conti Files Chaos Computer Club GitHub Hugging Face Claude Code Cursor CLI Google Anti-Gravity Flipper Zero Tor network El Salvador crypto currency acceptance Tron chain Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: a...

    55 min

  4. JAN 28

    What’s Making 2026 the Toughest Year Yet for CISOs

    What threats should CISOs prioritise as we move into 2026? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're looking ahead to the challenges facing security leaders in 2026. I'm joined by Richard Cassidy, EMEA CISO at Rubrik, and together, we discuss the three themes dominating CISO conversations: navigating the expanding regulatory landscape, preparing for quantum computing's impact on existing cryptography and understanding how attackers are shifting from loud ransomware to quiet economic warfare through time drag operations. Summary This episode examines the strategic and operational challenges CISOs face in 2026. The conversation covers how evolving regulations require fundamental changes to business operations and threat response, why tabletop exercises with executive teams are becoming standard practice for testing organisational maturity and how quantum computing is moving from theoretical concern to practical planning requirement. Richard and Jim discuss the technological shifts happening simultaneously with AI and quantum computing and why security awareness gained during the pandemic is being eroded by the race to implement new technologies without proper security consideration. The episode explores how attackers are evolving beyond traditional ransomware towards time drag operations that threaten business continuity without triggering incident declarations and why the combination of deepfakes and AI-driven social engineering represents a fundamental challenge to shared reality. Three Key Talking Points: The Regulatory Burden and Tabletop Testing Learn about the regulatory challenges CISOs face across DORA, NIS2 and evolving frameworks, plus why organisations are increasingly running tabletop exercises with executive teams. Discover how war gaming activities help boards understand real-world breach scenarios and test organisational maturity beyond traditional red teaming. Find out how recent breaches at companies like Ubisoft, M&S and Jaguar Land Rover are driving leadership to take security seriously. Quantum Computing's Imminent Impact Understand why quantum computing has moved from background concern to top-three CISO priority for 2026 to 2028. Explore the timeline for quantum threats to existing cryptography, what organisations need to do now to prepare for post-quantum cryptography and why there's significant uncertainty around adoption strategies. See how quantum computing combines with AI to create a tectonic shift in security technology that requires planning today. Time Drag Operations and Economic Warfare Discover the shift from loud ransomware to quiet time drag attacks where threat actors threaten extended operational downtime rather than data theft. Learn why boards will pay millions to restore business continuity without declaring cyber incidents and how attackers are exploiting the economic model where disruption costs more than ransom. Explore how this combines with AI-powered deepfakes and social engineering to create attacks that undermine shared reality itself. On the appearance of security: "The economic model of cybercrime has shifted from traditional theft to time drag. If attackers know they can present you with a problem where you're not going to be able to recover your key systems for an inordinate amount of time, there's a higher likelihood that you are going to pay for a level of data or knowledge that will get you back to operational efficiency rather quick." Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Evolving Regulatory Frameworks Learn about the challenges posed by DORA, NIS2 and other regulatory requirements, including uncertainty around implementation, costs and the procedural changes they demand from organisations. Executive Tabletop Exercises Discover why organisations are moving beyond traditional pen testing to run war gaming scenarios with executive teams, testing how leadership would respond to real-world breach scenarios like those that hit M&S, JLR and MGM. Quantum Computing Preparation Understand why quantum computing has become a top-three CISO concern for 2026 to 2028, what organisations need to know about post-quantum cryptography and why planning needs to start now despite uncertainty around timelines. Security Awareness Erosion Explore how the security awareness gained during the pandemic is being pushed aside by the rush to implement AI and other technologies, with businesses prioritising efficiency over security considerations. The RAM Crisis and Supply Chain Impact Find out about the technological shifts happening with component shortages, RAM price increases and how hardware availability is affecting security planning and organisational technology strategies. AI as a Constant Theme See how AI weaves through every major security challenge, from regulatory compliance to quantum preparation, even when it's not explicitly the top concern. The Shift to Time Drag Operations Learn about the attacker evolution from loud, transactional ransomware to quiet economic warfare where threat actors threaten indefinite operational disruption rather than data theft. Why Boards Pay Without Declaring Incidents Understand the economics of why executive teams will pay millions to restore business continuity quickly rather than endure months of disruption, often without ever declaring a cyber incident publicly. Deepfakes and Loss of Shared Reality Discover the fundamental challenge posed by AI-driven deepfakes and social engineering that make it increasingly difficult to determine what's real, including examples of CEO-targeted WhatsApp attacks and voice cloning. Educating Users Against Sophisticated Social Engineering Explore why organisations must improve user education to detect the growing sophistication of AI-powered social engineering, deepfakes and attacks designed to exploit human trust and decision-making. Resources Mentioned Rubrik DORA NIST Framework NIST2 Marks and Spencer Cyber Attack Jaguar Land Rover Cyber Attack MGM Cyber Attack Ubisoft Cyber Attack Corsair Nvidia IBM Scattered Spider Shiny Lapis Hunters NCSE USA Sun Tzu's Art of War a href="https://vaclavsmil.com/" rel="noopener

    50 min

  5. JAN 14

    Cryptocurrency: Good, Bad or Evil?

    Are cryptocurrencies revolutionising finance, or are they simply empowering cybercriminals and state-sponsored hackers? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, we're tackling one of the most polarising topics at the intersection of finance and security: cryptocurrency. I'm joined by Richard Cassidy, Oliver Rochford and Jonathan Care, and together, we debate whether Bitcoin has solved any real problems or simply enabled cybercriminals to operate at an unprecedented scale, with 98% of ransomware payments now made in cryptocurrency. Summary This episode looks at how cryptocurrency has impacted real-world security and policy, including how it has facilitated over $3 billion in theft by state-sponsored groups like Lazarus to fund North Korea's nuclear programme and romance scams that have drained 4.6 billion victims with zero recourse. Everything illegal in traditional financial markets is legal in crypto. Yet in Argentina, Venezuela and Nigeria, people use it to preserve value against hyperinflation and bypass authoritarian controls. The debate centres on whether governments truly control crypto through exchanges and legal tender conversion, whether blockchain transparency helps law enforcement more than it helps criminals and whether ransomware payment rates dropping to 19% proves cybersecurity is winning despite crypto, not because of it. Three key talking points from this episode: Criminal Infrastructure and the Ransomware Economy. Find out how cryptocurrency is used for ransomware payments and how this has enabled the ransomware epidemic. Learn about state-sponsored theft, romance scams operating at an industrial scale and why dark web marketplaces like Hydra and AlphaBay succeeded Silk Road in facilitating organised crime. Discover the impact of payment rates dropping to 19% as companies choose disaster recovery over paying criminals.Government Control vs Decentralisation Claims. Explore the heated debate about whether governments truly control cryptocurrency through regulating exchanges and legal tender conversion or whether the protocol itself remains ungovernable. Learn why KYC requirements at exchanges undermine the original vision of anonymity, how states force participation through tax requirements and whether crypto can function without an army to back it. Real-World Use Cases vs Original Promises. Discover how cryptocurrency is being used in Argentina, Venezuela and Nigeria to preserve value against hyperinflation and bypass authoritarian capital controls. Examine whether these legitimate use cases justify a technology that hasn't solved its original problems: transaction speed remains too slow for real-time use, energy consumption is enormous compared to Visa, scalability hasn't improved and volatility undermines its claim as a stable store of value. If you’re a cybersecurity professional looking to understand both the promise and peril of cryptocurrency, this episode is essential listening. On the lawless nature of cryptocurrency: "Every scam, every market rig that has been outlawed in real world money markets is wide open in crypto. As Richard points out, we're not only deregulated, it is lawless." Jonathan Care Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Cryptocurrency as Ransomware's Preferred Payment Method. Learn why ransomware payments use cryptocurrency and how this payment method enabled the ransomware epidemic that became every CISO's biggest headache.Declining Ransomware Payment Rates. Discover why payment rates dropped to just 19% in 2024, with overall payments down 35% to $813.55 million, as companies increasingly choose disaster recovery over paying criminals.The Irreversibility Problem. Learn why cryptocurrency transactions being irreversible means mistakes and theft are permanent, with no chargebacks or recourse for victims of fraud.State-Sponsored Cryptocurrency Theft. Understand how the Lazarus Group has stolen over $3 billion in crypto through targeting exchanges, DeFi protocols and blockchain bridges.Romance Scams and Pig Butchering Operations. Learn about the explosion in crypto-enabled romance scams, fake investment platforms and rug pulls operating at industrial scale.Pump and Dump Market Manipulation. Find out why pretty much everything untoward is perfectly legal in crypto, from coordinated manipulation on Telegram and Discord to influencer fraud, wash trading and spoofing.Government Control Through Legal Tender Conversion Understand why governments ultimately control cryptocurrency through regulating exchanges, requiring tax payments in fiat currency and controlling the conversion points between crypto and legal tender.Blockchain Transparency for Law Enforcement. Learn how public blockchains can be easier to analyse than shell companies behind offshore banking, with tools like Chain Analysis, Elliptic and Interpol using on-chain data to track illicit networks.Proof-of-Work Mining's Environmental Impact. Examine the massive energy consumption of cryptocurrency mining, why specialised hardware becomes obsolete within a year and the climate impact of a payment system processing fewer transactions than Visa does in an hour.Exchange Security Failures and Hacks. See how exchanges like Mount Gox and BYBIT lost billions through security failures and why holding crypto at exchanges rather than in personal wallets creates unnecessary risk. Resources Mentioned Financial Crime Enforcement Network (FinCEN) US agency tracking financial crime, referenced for 2024 ransomware payment statistics showing 35% decrease to $813.555 million. https://www.fincen.gov/Chain Analysis Blockchain analysis platform helping law enforcement track cryptocurrency transactions and disrupt criminal networks. https://www.chainalysis.com/Elliptic Cryptocurrency investigation platform used by law enforcement and financial institutions to identify criminal activity on blockchains. https://www.elliptic.co/Lazarus Group North Korean state-sponsored threat actor attributed with over $3 billion in cryptocurrency theft to fund nuclear programmes. Overview: https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/north-koreaHydra Market Russian-language dark web marketplace that succeeded Silk Road before being shut down in 2022, facilitating billions in illicit cryptocurrency transactions. Background: https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-biggest-marketplace-dark-web-offlineAlphaBay Major dark web marketplace that operated from 2014-2017, enabling cryptocurrency-based transactions for drugs, weapons and stolen data. a href="https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down" rel="noopener noreferrer"...

    49 min

  6. 12/24/2025

    The Razorwire Christmas Special 2025: Looking Back, Looking Forward

    What happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading? Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it. Summary 2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support. We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh. Three Key Talking Points: The Theatre of Security Understand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them. The Junior Pipeline Crisis Discover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing. Burnout as Occupational Trauma Learn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers. If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it. On the appearance of security: "Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way." Marius Poskus Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:2025 Year in Review Explore what actually happened this year, from falling ransomware payment rates to the continued rise in burnout and stress levels across the industry.Marketing-Driven Threat Intelligence Discover why claims about AI-enabled ransomware and nation-state AI usage turned out to be more hype than reality.The CISO Accountability Trap Understand why security leaders are handed responsibility without power, budget or support and why so many are choosing to step back from leadership roles.Burnout as a Systemic Problem Learn why organisations still treat burnout as an individual issue rather than addressing the systemic factors that cause it.Legal Protections for Occupational Trauma Explore whether cybersecurity professionals could gain legal recognition for work-related harm, similar to content moderators and healthcare workers.The AI Skills Shortage Coming in 2026 Find out why Oliver predicts salaries will rise as companies realise they've hollowed out their junior pipeline with premature AI deployment.Economics vs Security Spending Understand why businesses treat security breaches like shoplifting and why perfect security isn't the goal for most organisations.Cognitive Load and Dashboard Design Discover how principles from aviation flight deck design could reduce alert fatigue and improve security operations workflows.The Younger Generation's Boundaries Learn what Gen Z might teach us about setting limits, refusing workplace nonsense and reframing work around life instead of the other way around.Predictions for 2026 Hear what the panel thinks is coming next year, from salary increases to AI backlash and the potential consequences of neglecting security basics. Resources Mentioned Coveware (Ransomware Payment Data) Referenced by Oliver regarding the drop in ransomware payments in 2025. MIT Sloan (AI-Enabled Ransomware Claims) Referenced by Oliver as an example of retracted threat intelligence claims. Anthropic Referenced regarding claims about nation-state actors using their AI service. ISC2 Workforce Survey Referenced by Eve Parmiter regarding burnout statistics (59%) in cybersecurity. SolarWinds Breach and CISO Impact Referenced by Jim regarding the personal toll on the SolarWinds CISO. Health and Safety Executive (UK) Referenced by Bec McKeown regarding employer responsibility for workplace stress. Cloudflare Outages Referenced by Marius Poskus regarding organisations bypassing WAF protections during downtime. Anu AI (Foresight and Predictions Tool) Mentioned by Oliver Rochford as his startup with a free community edition. Mental Health in Cybersecurity Foundation Referenced in context of ongoing burnout discussions. Cyber Diaries Podcast Mentioned by Marius Poskus as his...

    1h 16m

  7. 12/10/2025

    Burnout in Cybersecurity: Preparing Cyber Staff for the Reality, Not Just the Role

    Is burnout in cybersecurity inevitable, or are we finally learning how to prevent it? Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today. Summary Two-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation. Three Key Talking Points: Human Factors and the Reality of Leadership BurnoutUnderstand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.Spotting Burnout Early - Inside and Around YouGet practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.Building Resilience and Finding Peer SupportDiscover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field. If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip. On power vs responsibility: “CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.” Eve Parmiter Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can fix.Navigating the Working Location Debate Find out how remote, hybrid and office preferences impact team cohesion and what it means for your mental health.Balancing CISO Responsibility Without Authority Understand why security leaders face mounting pressure without the power to create change and how this fuels burnout.Spotting Burnout Before It's Too Late Learn to identify the subtle behavioural shifts that signal burnout in yourself and colleagues before it becomes a crisis.Creating Teams That Can Weather the Storm See how managers can build resilience by recognising and responding to individual stress patterns.Leveraging Different Perspectives Under Pressure Explore why mixing personalities and viewpoints strengthens problem-solving and team support during incidents.Building a Culture Where People Can Speak Up Understand what psychological safety actually looks like and why it's essential for preventing burnout.Finding Professional Support That Actually Helps Learn where to access peer support and resources designed specifically for cybersecurity professionals.Getting Involved in Industry-Wide Solutions Discover how the Mental Health in Cybersecurity Foundation is creating practical frameworks and communities to address burnout collectively. Resources Mentioned 1. ISACA (Cybersecurity Research and Reports) Referenced by Bec McKeown regarding global research on cybersecurity stress levels.Website: https://www.isaca.org/ 2. NLP (Neuro-Linguistic Programming) Mentioned as a resource for self-understanding and career development.Overview: https://www.britannica.com/topic/neuro-linguistic-programming 3. Major UK Brands Affected by Cyber Attacks Harrods: https://www.bbc.co.uk/news/articles/cpq5w324pd3o Marks & Spencer:  https://www.bbc.co.uk/news/articles/c93x16zkl9do Jaguar Land Rover  https://www.bbc.co.uk/news/articles/ckg1w255gy1o Co-op:  https://www.bbc.co.uk/news/articles/ckgq9dke4e5o  4. ‘Be Left of Bang’  Used as a metaphor by Bec McKeown for proactivity in noticing stress and burnout.Book Info: https://www.amazon.co.uk/Left-Bang-Marine-Combat-Program/dp/1936891301 5. Maslach’s Research into Burnout  Cited by Eve Parmiter about organisational factors driving burnout.Overview: https://www.verywellmind.com/burnout-4157336Christina Maslach Profile: https://psychology.berkeley.edu/people/christina-maslach 6. Mental Health in Cybersecurity Foundation (Community and Support Resource) Discussed by Bec McKeown as a growing support and best practice group; LinkedIn page only (no website yet).LinkedIn: https://www.linkedin.com/company/mental-health-in-cybersecurity-foundation/ 7. The Cyber Sentinel's Handbook (by James Rees) Mentioned as a resource for information security professionals at all levels.Amazon link: https://www.amazon.co.uk/Cyber-Sentinels-Handbook-professionals-ebook/dp/B0CXTS3S7D/Available as paperback, e-book and via Kindle Unlimited. Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you...

    1h 8m

  8. 11/26/2025

    The Death of Passwords: The Future of Authentication

    Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management. I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next. Summary We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale. Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable. Key Talking Points  The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage. On the security of key documentation:  "Attackers aren't breaking in anymore, they're logging in." David Higgins, CyberArk Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.Zero Standing Privilege as the New Normal How organisations are moving away from permanent permissions toward just-in-time access, why no one should have standing privileges anymore and how this approach aligns with modern cloud environments.The Passwordless Movement Goes Mainstream What's changed to make passwordless authentication viable now, why passkeys are moving from hype to implementation and the real challenges of rolling out modern authentication to millions of users.Third Party and Non-Human Identity Challenges The growing problem of managing identities for contractors, suppliers, automated systems and AI and why this volume of identities is creating new security and access control headaches.Continuous Authentication and Risk-Based Approaches Why logging in once isn't enough anymore, how behavioural analysis can detect when an owned identity is being misused and why risk-based authentication is making a comeback after years of being overlooked.The Help Desk as Attack Vector How attackers are purchasing stolen credentials then simply calling help desks to reset MFA tokens, why context matters as much as credentials and what this means for authentication strategies.Balancing Security Friction with User Acceptance Why completely frictionless security is impossible, how to find the right balance between protection and productivity and why users will find workarounds if authentication becomes too painful.Privilege Access Management Evolution How PAM has evolved from simple credential vaulting to addressing root causes, why managing secrets at scale remains challenging and the shift toward eliminating standing privileges entirely.The Privacy vs Security Dilemma Concerns around government databases for digital ID verification, the risks of centralised identity storage and why securing authentication data is becoming more critical as we move toward digital-first validation. Resources Mentioned CyberArk OneSpan  Gartner Hype Cycle for Digital Identity  FIDO Alliance Principle of Least Privilege AWS (Amazon Web Services) Microsoft Azure  Google Cloud Platform (GCP) WebAuthn  CTAP (Client to Authenticator Protocol) UK Digital ID Verification Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. LinkedIn: Razorthorn Security YouTube: Razorthorn Security TikTok: Razorwire Podcast Instagram: Razorwire Podcast Twitter:   @RazorThornLTD Website: www.razorthorn.com All rights reserved. © Razorthorn Security LTD 2025

    55 min
See All (93)

Trailer

About

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

Information

  • Creator
    Razorthorn Security
  • Years Active
    2022 - 2026
  • Episodes
    93
  • Rating
    Explicit
  • Copyright
    © Copyright 2026 Razorthorn Security
  • Show Website
    Razorwire Cyber Security Insights