Razorwire Cyber Security Insights

Razorthorn Security
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

  1. OCT 1

    The Hidden Costs of Security Stack Consolidation (That Vendors Don't Mention)

    Is your security stack making you safer or just adding to the chaos? Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers. In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain. Three key reasons to listen: “Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market. If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time. Welcome to the Future: Solving Problems, Not Just Selling Tools "If you're coming to market, remember the product is only half the game. Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it.  If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future. Richard Cassidy Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds...

    48 min

  2. SEP 17

    The Psychological Toll of Working in Cybersecurity - When You Can't Unsee What You've Seen

    Are you prepared for the psychological toll that comes with handling disturbing content in the cybersecurity world? Welcome to Razorwire, where today we’re exploring into the realities behind a career in cyber, from technical warfare to the often-overlooked human cost.  In this episode, I’m joined by therapist and consultant Eve Parmiter to examine the real psychological impact of repeated exposure to distressing material that many of us face during incident investigations, content moderation and threat research. Eve draws on her background in trauma therapy and real-world experiences both inside and outside of cybersecurity. Together, we discuss why even seasoned professionals struggle to talk about their experiences, how secondary trauma manifests in our daily lives and what can actually help in environments that don’t provide enough support. If you've ever had to investigate colleagues, review disturbing material, or make impossible decisions under pressure, this conversation will resonate. We don't shy away from hard truths, but we do focus on practical ways to build resilience and find some measure of satisfaction in doing the right thing - even when it's difficult. In this episode:1. Understand the true impact of secondary trauma in cyber roles. We break down the difference between stress, burnout and trauma specific to cybersecurity professions, exploring how exposure to disturbing content changes your outlook - and why it’s not a personal weakness. 2. Learn why most pros don’t talk about their struggles and how to break the silence. Eve explains why lacking the right language keeps many from processing what they experience and offers insight into building peer support systems and practical organisational responses. 3. Discover tested strategies for coping and recovery. You’ll leave with actionable advice straight from the worlds of therapy and cyber on how to protect yourself, when to seek help and the importance of cultivating supportive communities. Tune in for a genuine, valuable discussion that puts the mental health of cybersecurity professionals front and centre and find out how to make a tough job more sustainable for yourself and your team. Why Self Care Isn't Enough for Trauma "You can't self care your way out of trauma. There is no amount of bubble baths or ice baths that are going to remove certain images or certain experiences." Eve Parmiter Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Psychological Impact of Difficult Materials. Why exposure to traumatic or distressing digital content leads to anxiety, depression and long term negative outlooks.Challenges Discussing Trauma in Cybersecurity. How professionals can overcome their reluctance to discuss experiences when they lack the language or organisational support.Primary vs Secondary Traumatic Stress. Learn how to identify when direct and indirect exposure to disturbing content creates real psychological effects that often resemble PTSD.Addressing Vicarious Trauma and Worldview Shifts. How to cope when repeatedly witnessing other people's trauma changes how you perceive the world and interact with your environment.Moral Distress and Injury in Decision Making. Find out how to manage situations where you face ethical dilemmas...

    57 min

  3. SEP 3

    Hacking AI: The Risks for Businesses

    Understanding AI security threats before they become your next crisis On this episode of Razorwire, I explore the emerging frontier of AI security with leading experts Jonathan Care and Martin Voelk. We examine the latest risks, show you how adversaries are exploiting AI systems and share practical advice for professionals working with these rapidly advancing technologies. We move past the marketing speak to reveal how attackers are using generative AI, what it really takes to test these complex systems and what the rise of agentic, self-operating AI means for defenders. Security leaders, penetration testers and anyone implementing business technology need to understand these threats before committing to new AI solutions. This conversation addresses real incidents, examines practical realities and highlights why many enterprises are dangerously unprepared for what's ahead in AI security. Key Topics Inside the Mind of the Attacker: Learn how both ethical hackers and financially motivated criminals are already using AI to automate attacks, spread misinformation and create new vulnerabilities. Martin and Jonathan share examples of prompt injection, data poisoning and “model jailbreaking” - all tactics reshaping the cyber threat landscape right now.Pen Testing AI: What’s Different and What’s Still the Same: Go behind the scenes with insights into penetration testing for large language models and agentic AI. The episode discusses fresh attack surfaces, why classic testing skills are still vital and the new OWASP Top 10 for LLMs. If you’re considering buying AI-powered tools, take away concrete advice on how to stress-test these systems before attackers do.Business Risk, Legal Headaches and What to Demand from Vendors: With AI now touching everything from customer bots giving dodgy medical advice to autonomous agents able to cause chaos, the conversation gives practical advice about reputational, legal and operational risks. Listen for the must-ask questions every business should take to their vendors as well as new regulatory requirements that mean robust AI testing can’t be left as an afterthought. If you want to stay ahead of AI and cybersecurity developments and avoid building tomorrow's biggest headache, this episode is essential listening. AI Model Bias Debate:  " 77% of enterprises are reporting at least one AI related security incident. 62% of enterprises lack any dedicated testing programme.” Jonathan Care Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Test Your AI Before Attackers Do - With 77% of enterprises already hit by AI security incidents but 62% lacking testing programmes, discover what specific vulnerabilities to check for and how to implement proper AI red teaming.Stop AI Hallucinations From Damaging Your Business - Understand how AI systems fabricate information and create legal liability, plus practical steps to identify and mitigate these risks before they affect customers or operations.Protect Against Medical and Legal AI Disasters - Learn from real cases where AI gave dangerous advice and created legal obligations, including what liability questions you need to address with vendors and internal teams.Secure Agentic AI That Can Take Real Actions - Discover why AI agents that can invoke APIs, modify data

    56 min

  4. AUG 20

    Streamlining the Compliance Journey - An End-to-End Approach

    Is your compliance strategy making life easier or just adding more chaos? Welcome to Razorwire, where we take you to the heart of cybersecurity with voices that have seen it all. I’m Jim, your host and in this episode, I’m joined by Martin Davies (Audit Alliance Manager at Drata) and Patrick Sullivan (VP of Strategy and Innovation at A-LIGN). Together, we explore how to cut the compliance overhead, eliminate duplication across multiple frameworks and turn compliance into a competitive advantage that actually speeds up sales cycles. Compliance is rarely anyone’s favourite topic, yet it’s unavoidable and organisations are under more pressure than ever to do it well. We explore why compliance keeps getting more complex, what’s actually driving value and how the right blend of people, processes and technology can transform it from a painful cost centre into a genuine strategic asset. Key topics: Cutting Compliance Overhead: Discover practical ways to avoid duplication of effort, map overlapping controls across frameworks and use technology to bring order to compliance chaos.Compliance as a Value Generator, Not Just a Cost: Hear real world perspectives on shifting the mindset around compliance, from being a necessary evil to a competitive differentiator that can support new business, speed up sales cycles and add commercial value.The Road Ahead: Continuous Monitoring and Emerging Pressures: Explore the shift from annual audits to ongoing assurance, the impact of AI on compliance frameworks and the new reality of management liability in regulations like DORA and NIS2. If you’re ready to rethink compliance and turn it into a source of strategic advantage, this is an episode you won’t want to miss. On duplication of effort:  "The words ‘compliance overhead’ - when I hear that, I hear duplication of effort. If someone's doing the same control twice, that's objectively a bad thing."  Martin Davies Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:How to tackle the complexity of compliance - Understand why compliance requirements keep growing and discover strategies for managing multiple frameworks without getting overwhelmed.How to turn compliance from cost centre to value generator - Learn practical approaches for positioning compliance as a competitive advantage that can speed up sales cycles and create business value.Practical ways to streamline your compliance processes - Discover methods to eliminate duplication of effort, reduce time waste and support more agile business operations.How to identify and eliminate overlap across frameworks - Learn techniques for mapping overlapping standards and consolidating controls to avoid doing the same work twice.How to leverage technology and GRC tools effectively - Understand how platforms like Drata can transform evidence management, reduce audit stress and bring order to compliance chaos.What auditors actually look for during assessments - Learn why auditors focus on intent and sound processes rather than box-ticking, and how to prepare effectively for audits.When to shift from annual to continuous monitoring -...

    58 min

  5. AUG 6

    Venture Capital's Cybersecurity Crisis: No Money, No Innovation, No Future?

    Why venture capitalists have abandoned cybersecurity and what this means for real innovation Welcome to Razorwire, the podcast where we go beyond the headlines to dig into what really matters in information security. I'm your host, James Rees and this week we're pulling back the curtain on the world of venture capital in cybersecurity. The brutal truth is that VC money has dried up, innovation has stalled and according to this week’s special guest, we're mostly seeing "the same crap with AI on it." VCs are having layoffs, funds are frozen at 13-14 years with no exits and genuine breakthroughs are nowhere to be found. In this episode, I sit down with cybersecurity expert Oliver Rochford to dissect the state of VC investment in information security in 2025. We break down why funding is tightening, where the "innovation" is really happening (or not) and how security start-ups can survive in a changing landscape. If you're tired of jargon and want to know what's really happening behind the scenes, from market consolidation through to the real world impact on practitioners and products, this one's for you. 3 key talking points you won’t want to miss: Why VC money is slowing and what that means for innovationWe explore the shifting strategies of venture capital in the security industry: what’s drying up, where the smart bets are moving and whether this environment is strangling real progress.The reality behind “consolidation” and the myth of the mega-vendorOliver unpicks the idea of market consolidation and explains why, despite the headlines, the security market remains fragmented and why there’s unlikely to be a handful of companies owning it all.What start-ups really need to survive in the current marketWe talk through the pitfalls, survival tactics and realities facing new security vendors. From the importance of business fundamentals to why flashy tech might not be enough, you’ll get practical insight into turning great ideas into sustainable businesses. Tune in for a realistic look at the business side of cybersecurity, packed with lessons directly from the experts. The Startup Funding Struggle: "No one's getting any money. Not the investors, not the VCs. They've had rounds of layoffs in the VC industry, which you can imagine, the people with money have had layoffs." Oliver Rochford Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, you’ll learn:Why VC Funding Has Hit Crisis Point: Discover why venture capital investment has frozen in cybersecurity, with VC funds now at 13-14 years (well beyond the typical 10-year lifecycle) and no viable exits in sight and why even VCs themselves are having layoffs. How Major Vendors Are Replacing Traditional VCs: Learn why Cisco, Okta and Zscaler have established their own investment arms and how this shift is concentrating power whilst reducing diversity in startup selection. What's Really Happening Behind the Scenes: Understand how silent fire sales are occurring and why limited partners are refusing to invest further, stalling new cybersecurity ventures. Why "Consolidation" Is Actually a Myth: Learn why the cybersecurity vendor landscape remains highly fragmented despite headlines suggesting otherwise and why no single vendor will ever dominate. How Cybersecurity Compares to Other Tech Markets: Discover why the total...

    43 min

  6. JUL 23

    The SME Cybersecurity Revolution: How Coro Cracked the Code

    Are small and medium-sized businesses finally getting the cybersecurity solutions they deserve - or is the market still leaving them exposed? Welcome back to Razorwire, the podcast where I investigate the real world challenges and breakthroughs in cybersecurity, bringing you the stories and advice of the industry’s leading minds. I’m Jim, and in this episode, I’m sitting down with Piers Morgan - no, not that Piers Morgan - who serves as Senior Vice President and General Manager for EMEA at Coro cybersecurity. We’re exploring the future of endpoint security for small and medium-sized businesses and why this sector is seeing a big shift in how security is delivered, priced and managed. In our conversation, we get frank about the tangled mess of security tools, why dashboards are driving everyone mad and how the industry’s obsession with complexity has left the “forgotten” mid-market crying out for help. Piers shares how Coro is shaking up the space with unified, affordable security, without the vendor lock-in and upsell traps that so often sting growing businesses. Key Talking Points: The end of the dashboard nightmare: Discover why having “one pane of glass” for your entire security stack has become more than just marketing hype for smaller firms, and how Coro is actually delivering on this long standing promise.Security without breaking the bank: We dig into the true cost of endpoint protection and how most businesses are burning cash on complex tools they barely use. Learn what a flat rate, scalable approach really looks like in practice.What’s next in SME security: Hear how Coro’s approach to AI and automation is giving small businesses access to enterprise-grade defences, along with Piers’ view on where the market is heading, the threats reshaping mid-sized risk and why managed services are becoming the new frontline for the channel. If you’re a cybersecurity professional, consultant or MSP grappling with SME security demands, you’ll hear practical insights  and perhaps question a few of your own assumptions about what’s possible for the “forgotten middle” of our industry. On the cost burden for smaller businesses: "It can go up to fifteen hundred dollars a seat a year. Now, when you're timesing that by a few hundred licences and users, that's a significant amount of cash. We can manage it in one single platform... we can do it up to a tenth of the cost of what they're currently using today." Piers Morgan (Coro) Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:Escape the multiple dashboard trap Learn why juggling numerous disconnected security platforms creates operational chaos and discover practical approaches to streamline your security operations. Right-size security solutions for smaller organisations Understand how to match your security investments to your actual needs and resources, avoiding the enterprise-focused tools that often overwhelm smaller teams. Implement unified security platforms effectively Discover how to evaluate and deploy consolidated security solutions that deliver enterprise-grade protection without the complexity or cost. Calculate the true cost of your security stack Learn to audit your current security spending and identify where you're paying for unused capabilities or redundant tools. Adapt your security strategy to...

    40 min

  7. JUL 9

    Human Risk Intelligence: Is Behavioural Data the New Defence?

    How do we measure and manage the human element of cyber risk beyond technology and basic security training?Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset. For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening. 3 Key Talking Points: Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation. Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out. On Moving Beyond Traditional Training:  "Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive." Flavius Plesu Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.Accidental vs....

    38 min

  8. JUN 25

    Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?

    Six months into DORA's implementation, what's actually happening in financial services organisations? Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice. Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced. Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail. If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need. Key Talking Points: From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem. Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today. On the accountability gap in third party risk: "Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore." Romain Deslorieux Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists. Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions. Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands. The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of...

    56 min
See All (82)

Trailer

About

Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.

Information

  • Creator
    Razorthorn Security
  • Years Active
    2022 - 2025
  • Episodes
    82
  • Rating
    Explicit
  • Copyright
    © Copyright 2025 Razorthorn Security
  • Show Website
    Razorwire Cyber Security Insights

You Might Also Like