47 episodes

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec.

Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before.

This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience.

Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500.

The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences.

For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com

This podcast uses the following third-party services for analysis:

Chartable - https://chartable.com/privacy

Razorwire Cyber Security Razorthorn Security

    • Technology

Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec.

Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before.

This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience.

Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500.

The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences.

For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com

This podcast uses the following third-party services for analysis:

Chartable - https://chartable.com/privacy

    Trust vs Control – Is Zero Trust Inevitable?

    Trust vs Control – Is Zero Trust Inevitable?

    Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. 
    Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.
    We discuss: 
    1. Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity.
    2. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean.
    3. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy.
    Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines.
    “We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense."
    David Higgins
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control.
    - Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust.
    - Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations.
    - Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments.
    - Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries.
    - Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively.
    - Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors.
    - The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response.
    - Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics.
    - Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures.
    GUEST BIODavid HigginsDavid is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with...

    • 44 min
    Hacking Cybersecurity Training: Escape Rooms & Entrepreneurial Thinking with Amy Stokes-Waters

    Hacking Cybersecurity Training: Escape Rooms & Entrepreneurial Thinking with Amy Stokes-Waters

    On this week's edition of the Razorwire podcast, Jim sits down with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy brings her unique entrepreneurial perspective from a non-traditional background, transitioning into cybersecurity.
    The conversation provides valuable insights for security leaders as Amy candidly discusses her innovative approach to security awareness training through immersive, gamified escape room experiences. She shares her views on critical issues facing the industry today, such as combating AI-enabled disinformation campaigns, addressing the cybersecurity workforce shortage driven by unrealistic job requirements and improving strategic communication between security teams and business executives.
    Amy's experiences building her company and developing engaging training programmes make for a compelling discussion. Security professionals will gain new insights into creative methods for better educating end users and elevating cybersecurity's importance across the organisation. Her frank opinions and fresh mindset provide a thought provoking perspective for security leaders navigating the evolving threat landscape.
    Key Talking Points
    1. Innovative Security Training: Discover how Amy's company uses escape room experiences to teach important cybersecurity concepts, from phishing to insider threats, making learning engaging and memorable.
    2. Changing Threat Landscapes: Hear about the impact of ransomware on businesses big and small, the evolution of insider risks and how AI is shaping the future of information security.
    3. The Human Element in Cybersecurity: Gain insight into the importance of strategic leadership in cybersecurity roles and how businesses can navigate the challenges of educating teams and customers about the growing complexity of threats.
    Tune in for a fascinating discussion that sheds light on new methods of strengthening cybersecurity awareness and the vital role human factors play in protecting our digital worlds.


    "I don't know many people that proactively undertake security awareness training, you know, sitting watching videos and animations and all that kind of thing. I genuinely don't know anyone that does that as a hobby, but I think it's something that's super important."
    Amy Stokes-Waters
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Cybersecurity Awareness via Escape Rooms: How immersive escape room experiences can be more beneficial than traditional methods utilised in cybersecurity education.
    - Insider Risk Management: Overcoming the challenges businesses face from internal threats and the risks of employees being exploited by ransomware attackers.
    - Impact of Cloud Migration on Security: How the shift to cloud computing during the lockdown affected the security of supply chains.
    - Artificial Intelligence and Disinformation: The dangers of AI in creating and spreading disinformation in geopolitical contexts and its potential risks in cybersecurity.
    - Cybersecurity in Small Businesses: We discuss the vulnerability of small businesses as integral parts of larger supply chains and the specific security challenges they face.
    - Career Reflections and Advice: Insights on personal growth in the cybersecurity field and the importance of reflecting on one’s mistakes and learning from them.
    - Evolving Role of CISOs: How the role of Chief Information Security Officers is changing.
    - Legal and Regulatory Aspects in Cybersecurity: Discussion on the emergence of cyber law, the importance of effective communication during security...

    • 36 min
    Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter

    Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter

    Welcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion.
    Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. 
    Key Talking Points
    Personal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation.
    Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate.
    -Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout.
    Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people.


    Embracing Failure for Cybersecurity Improvement: 
    "We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’"
    Yanya Viskovich
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises.
    - Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers.
    - Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure.
    - Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation.
    - Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals.
    - Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic.
    - Power of Recognition: We...

    • 1 hr 15 min
    The Impact of FAIR on Risk Management with Jack Jones

    The Impact of FAIR on Risk Management with Jack Jones

    Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.
    In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!
    Key Talking Points:
    1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.
    2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.
    3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.
    For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.

    “I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” 
    - Jack Jones

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:- Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.
      
    - Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.
      
    - Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.
      
    - Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.
      
    - Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the...

    • 41 min
    The Real Impact of the Lockbit Ransomware Takedown

    The Real Impact of the Lockbit Ransomware Takedown

    Welcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. 
    Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. 

    Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. 

    Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you.

    Key Talking Points:
    1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts.
    2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach.
    3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board.

    Don’t miss out on this candid and informative discussion. 

    "There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there."
    Oliver Rochford

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:
    - Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain.
    - Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions.
    - Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector.
    - Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals.
    - Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals
    - Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios.
    - Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness.

    - Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement.

    Resources Mentioneda href="https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group" rel="noopener noreferrer"...

    • 51 min
    The Rise of Cyber Mercenaries: Governments' Secret Weapons in Cyber Warfare

    The Rise of Cyber Mercenaries: Governments' Secret Weapons in Cyber Warfare

    In this episode, we tackle some of the most pressing issues in the convergence of cyber warfare, information security and political strategy. Our guests, Iain and Chris, share their frontline insights on how the digital realm has become a playground for clandestine operations, where cyber mercenaries are the new knights, rooks and perhaps even the kings. 
    We examine the repercussions and complexities of engaging third party cyber groups for state-sponsored operations, debate the seemingly lucrative appeal of cybercrime and look at real-world examples where the cyber realm has been militarised. Discussions range from the effect of bot networks on democracies, to the specific roles of organised criminal cyber divisions and the evolution of digital espionage.
    Talking Points:
    1. The Intricate Web of Cyber Mercenaries: Discover the hidden connections between governments, political factions and cyber mercenaries. We unravel the complex tactics and consequences of outsourcing cyber warfare and the ethical lines that get blurred along the way. 

    2. The Business of Cyber Conflict: We talk about the paradoxical profitability of cybercrime versus the costs of robust defence. We discuss the art of balancing offensive strategies and cybersecurity defences, drawing comparisons between private sector incentives and government backed digital warfare. Professionals keen on risk assessment and cyber strategies will find this conversation particularly interesting.

    3. Navigating Cybersecurity Governance: Dive into a crucial debate on managing the cyber mercenary phenomenon, filtration in intelligence gathering, and the quintessential role of governance in preventing operational downfall. As we explore the undeniable need for quality defence mechanisms, the insights shared here are invaluable for any professional aiming to stay ahead of cyber threats.

    Join us on Razorwire, your go-to podcast for cutting through the digital noise, as we delve into a world where cyber conflict is omnipresent and the concept of warfare is forever altered. This is one episode you'll want to replay, decrypt and safeguard in your mental arsenal.


    "It's not like a physical mercenary group where you can see them. They're not blowing anything up. Nothing's going to go bang so people actually notice. So unless a government gets hacked or something happens, unless they shut down the national grid, unless there’s collateral damage that comes with it - they can pretty much hide it away, can't they?"
    Chris Dawson
    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
    In this episode, we covered the following topics:Government and Media Control: Exploring the intersections of government ownership of media and its implications for information security and cyber warfare.Corporate Espionage and Cyber Warfare: Debating the ethical and strategic considerations of engaging in corporate espionage and cyber warfare.Cyber Mercenaries: Examining the rise of cyber mercenary groups willing to conduct cyber warfare operations for hire.Digital Infrastructure Security: Discussing the technical and strategic challenges associated with detecting and defending against compromises in digital infrastructures.Plausible Deniability and Cyber Attacks: Considering the strategy of plausible deniability and its potential to shield governments from the fallout of cyber operations.Monetisation of Cyber Crime: Analysing the profitability and incentives driving skilled cybercriminals and how crime pays in the cyber realm.Cyber Warfare and Political...

    • 45 min

Top Podcasts In Technology

Acquired
Ben Gilbert and David Rosenthal
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Lex Fridman Podcast
Lex Fridman
Hard Fork
The New York Times
TED Radio Hour
NPR
Darknet Diaries
Jack Rhysider

You Might Also Like