What Actually Works in Cybersecurity (And What Doesn't)

Are you making career moves in cybersecurity or is cybersecurity making moves around you?

Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.

Summary:

Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.

From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.

We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.

Key Talking Points:

1. The Truth About Career Pathways:
2. We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.
3. Security Culture and Human Factors:
4. We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.
5. AI, Emerging Threats and Resilience:
6. Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.

Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.

The Future of AI in Software Development: 

“Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.
• Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.
• Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why the sexy-sounding jobs aren't where beginners should aim.
• Stop buying tools to solve people problems: Why organisations waste money chasing technology instead of fixing processes and how this approach guarantees poor security outcomes.
• Recognise that compliance doesn't mean you're secure: How mistaking audit requirements for actual protection leaves your business exposed and why ticking boxes won't stop breaches.
• Build a security culture that works: Why punishing people for clicking phishing links backfires and how rewarding reporting creates collaboration instead of fear.
• Question autonomous AI in security: Why removing humans from security decisions is riskier than most people realise and what happens when AI makes critical choices without oversight.
• Shift from firefighting to prevention: How to identify root causes instead of just responding to incidents and why this approach saves time and money.
• Use your network to accelerate your career: Why the relationships you build in the infosec community matter and how asking for help from people who've solved your problems before is a professional skill, not a weakness.

Resources Mentioned 

• MP Cybersecurity
• Cyber Diaries Podcast
• Ctrl Alt Defend (YouTube channel)
• CompTIA Security+
• CompTIA Network+
• CompTIA A+
• ISO
• SOC2
• Cyber Sentinels Handbook
• Microsoft Copilot
• Montinu
• Greg van der Gaast
• Jack Jones
• Jane Frankland

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

All rights reserved. © Razorthorn Security LTD 2025