In this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network.

In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices.

Key Talking Points:

1. Deception Tools and Strategy - Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions.

2. Psychological Influence on Threat Actors - Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors.

3. Real World Case Studies - We discuss impactful examples, including the NSA's deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts.

Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity. 

Deception 2.0: Envisioning the Future of Cybersecurity

"So attackers believe the systems they're using because they've got no reason to believe the computer won't lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don't know what to trust and what not to trust?" Robert Black

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats.

- Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers' speed and decision making.

- Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies.

- Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy.

- A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy.

- Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs.

- Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence.

- Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments.

- Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers' behaviour.

Guest Bios

Robert Black

Rob left the UK government in 2014 after over a decade supporting the development capabilities for British and allied military and cyber operations. Since then, Rob has been a lecturer in Information Activities at Cranfield University, part of the UK Defence Academy and teaches on the UK MoD’s Cyberspace Operations MSc. From 2020 to 2024, Rob was the Director of the UK Cyber 9/12 Strategy Challenge leading on the development of the next generation of cybersecurity leaders. He was also Deputy Director of the UK National Cyber Deception Laboratory since its inception in 2019 to 2022, where he encouraged the development of a proactive approach to cyber defence through the use of deception techniques and other novel measures to confuse and disrupt cyber attackers. He remains involved in shaping policy dialogue on issues such as national security, cyber and intelligence through his role as an Associate Programme Director at Wilton Park, part of the UK Foreign Commonwealth and Development Office, and also acts as a senior adviser to the International Information Integrity Institute (i-4), owned by KPMG. 

Resources Mentioned

- Pimlico Plumbers

- NSA's study on deception

- Stuxnet cyber attack

- LinkedIn (Robert Black's profile)

- Cyber Sentinels Handbook

Other episodes you'll enjoy

The Human Psychology Behind Cybersecurity With Bec McKeown https://www.razorthorn.com/the-human-psychology-behind-cybersecurity-with-bec-mckeown/

Criminal Minds: How the Cyber Crime World Works https://www.razorthorn.com/criminal-minds-how-the-cyber-crime-world-works/ 

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. 

Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.

We discuss: 

1. Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity.

2. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean.

3. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy.

Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines.

“We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense."

David Higgins

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control.

- Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust.

- Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations.

- Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments.

- Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries.

- Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively.

- Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors.

- The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response.

- Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics.

- Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures.

GUEST BIO

David Higgins

David is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with privileged escalation, lateral movement and credential theft and discusses best practices and driving innovation around privileged management processes.

Resources Mentioned

- ISO certification

- SOC certification

- SaaS (Software as a Service)

- GDPR (General Data Protection Regulation)

- BlackKite

- CyberArk Software

Other episodes you'll enjoy

Security vs Privacy: The Ethics of Data Collection https://www.razorthorn.com/security-vs-privacy-the-ethics-of-data-collection/  

The Use Of AI In Cybersecurity – Consultants Roundtable

https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

On this week's edition of the Razorwire podcast, Jim sits down with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy brings her unique entrepreneurial perspective from a non-traditional background, transitioning into cybersecurity.

The conversation provides valuable insights for security leaders as Amy candidly discusses her innovative approach to security awareness training through immersive, gamified escape room experiences. She shares her views on critical issues facing the industry today, such as combating AI-enabled disinformation campaigns, addressing the cybersecurity workforce shortage driven by unrealistic job requirements and improving strategic communication between security teams and business executives.

Amy's experiences building her company and developing engaging training programmes make for a compelling discussion. Security professionals will gain new insights into creative methods for better educating end users and elevating cybersecurity's importance across the organisation. Her frank opinions and fresh mindset provide a thought provoking perspective for security leaders navigating the evolving threat landscape.

Key Talking Points

1. Innovative Security Training: Discover how Amy's company uses escape room experiences to teach important cybersecurity concepts, from phishing to insider threats, making learning engaging and memorable.

2. Changing Threat Landscapes: Hear about the impact of ransomware on businesses big and small, the evolution of insider risks and how AI is shaping the future of information security.

3. The Human Element in Cybersecurity: Gain insight into the importance of strategic leadership in cybersecurity roles and how businesses can navigate the challenges of educating teams and customers about the growing complexity of threats.

Tune in for a fascinating discussion that sheds light on new methods of strengthening cybersecurity awareness and the vital role human factors play in protecting our digital worlds.

"I don't know many people that proactively undertake security awareness training, you know, sitting watching videos and animations and all that kind of thing. I genuinely don't know anyone that does that as a hobby, but I think it's something that's super important."

Amy Stokes-Waters

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Cybersecurity Awareness via Escape Rooms: How immersive escape room experiences can be more beneficial than traditional methods utilised in cybersecurity education.

- Insider Risk Management: Overcoming the challenges businesses face from internal threats and the risks of employees being exploited by ransomware attackers.

- Impact of Cloud Migration on Security: How the shift to cloud computing during the lockdown affected the security of supply chains.

- Artificial Intelligence and Disinformation: The dangers of AI in creating and spreading disinformation in geopolitical contexts and its potential risks in cybersecurity.

- Cybersecurity in Small Businesses: We discuss the vulnerability of small businesses as integral parts of larger supply chains and the specific security challenges they face.

- Career Reflections and Advice: Insights on personal growth in the cybersecurity field and the importance of reflecting on one’s mistakes and learning from them.

- Evolving Role of CISOs: How the role of Chief Information Security Officers is changing.

- Legal and Regulatory Aspects in Cybersecurity: Discussion on the emergence of cyber law, the importance of effective communication during security breaches and the evolving landscape of cybersecurity regulations.

- Challenges in Cybersecurity Hiring Practices: We talk about the issues with unrealistic job descriptions and the unethical behaviours of recruiters in the cybersecurity job market.

- Future of AI in Cybersecurity: A sceptical perspective on relying solely on AI for cybersecurity, stressing the essential need for human supervision and interpretation of AI-generated outputs.

Guest Bios

Amy Stokes-Waters

CEO, Esc - The Cyber Escape Room Co

 Amy has a decade of experience in sales and marketing and now acts as CEO at The Cyber Escape Room Co and CCO at Yellowstone Security. She is a founding member of RINA's Maritime Cyber Security Task Force and an active advocate for gender diversity in the industry.

As a regular guest on podcasts and panels, Amy talks on a variety of topics, including security culture and awareness, personal branding and women in tech.

Resources Mentioned

- Cyber Escape Room company

- Microsoft security stack

- LinkedIn

- Cyber Sentinels Handbook

Other episodes you'll enjoy

Preventing Burnout in Cyber Security

https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/

SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community

https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion.

Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. 

Key Talking Points

Personal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation.

Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate.

-Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout.

Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people.

Embracing Failure for Cybersecurity Improvement: 

"We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’"

Yanya Viskovich

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises.

- Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers.

- Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure.

- Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation.

- Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals.

- Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic.

- Power of Recognition: We discuss the role of recognition and appreciation in mitigating work-related stress and improving employee satisfaction.

- Burnout and Operational Effectiveness: The use of the Critical Incident Technique as a framework for understanding work-related stressors and developing strategies to improve burnout and operational effectiveness.

- Burnout Recovery and Resilience: How individuals can recover from burnout and leverage the experience to grow stronger and more resilient to future stressors.

- Risk and Response to Burnout: Arguments are made for including professional burnout as a significant risk in organisational risk registers and developing multifaceted strategies to prevent and respond to it in the cybersecurity sector.

Guest Bios

Yanya Viskovich

Yanya Viskovich is a cybersecurity expert specialising in the human factor. A TEDx and Fortune 500 keynote speaker and Senior Manager in Security Consulting at Accenture Switzerland, Yanya advises and presents to CISOs, C-Suites and Boards on how to reduce human security risk and enhance security cultures, and conducts executive cyber crisis simulations. Her March 2023 TEDx talk, "Why Burnout Culture is a Cyber Risk", has been instrumental in raising awareness about the impacts of stress and burnout on organisational cyber risk and resilience. She is a former cybercrime prosecutor, has advised the Australian Federal Privacy Commissioner, trained law enforcement agencies, and held diverse senior in-house roles in large multinationals and international organisations, including the United Nations, where she strategised and implemented crisis plans and data protection policies. Yanya also serves as Chair of Cyber Law & Governance at the Swiss Cyber Institute and as an expert ethics advisor to the European Commission. She regularly guest lectures at Swiss and European universities, and contributes to publications and professional standards on cybersecurity, AI, data protection, privacy, and data ethics. Yanya is an Australian Bar-admitted attorney and holds a Bachelor of Laws, a Bachelor of International Relations, and a Master of Laws from the Australian National University; a Data Protection Officer certification from the European Centre on Privacy and Cybersecurity at Maastricht University; executive certificates in cybersecurity management from MIT Sloan School and the Geneva Centre for Security Policy, and in applied computer science from EPFL. 

Eve Parmiter

Eve works as a therapist, coach, and consultant. She focuses on power, potential, and performance, and the things that get in the way, like the misuse and abuse of power, and the wear and tear of what we choose to do, including workplace burnout.

She runs a successful private practice, and has worked with the military, public, and private sectors, with new recruits to C-suite and founders, and with world-class performers in sports and the arts.

Organisations and individuals work with Eve to make meaningful changes in their teams and lives. Improving performance, developing resilience, and building wellbeing all contribute to achieving high hard goals, rich connection, deep fulfilment, and have a positive impact on the bottom line.

She graduated with a First Class BScEcon in International Relations, and a Master’s Distinction from LSE. She holds a Black Belt in Jeet Kune Do, has worked as a professional actor, and is a trained Cognitive Hypnotherapist, clinical traumatologist, and NLP Master Practitioner.

Resources Mentioned

- Accenture

- United Nations

- UN High Commissioner for Refugees

- International Committee of the Red Cross

- "The Cyber Sentinels Handbook, A Primer for Information Security Professionals"

- World Health Organisation

Other episodes you'll enjoy

Preventing Burnout in Cyber Security

https://www.razorthorn.com/cyber-security-professionals-shortage-burnout-how-to-protect-against-it-razorwire-podcast/

SolarWinds’ CISO Under SEC Scrutiny: The Impact On The Infosec Community

https://www.razorthorn.com/solarwinds-ciso-under-sec-scrutiny-the-impact-on-the-infosec-community/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.

In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!

Key Talking Points:

1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.

2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.

3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.

For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.

“I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” 

- Jack Jones

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.

- Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.

- Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.

- Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.

- Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the new materiality assessment.

- Communication and Misunderstandings: The challenges faced in conveying the principles of FAIR, leading to some recommendations to alter the model and the need for clearer communication.

- Widespread Adoption and Consistency: The pride in the widespread application of the FAIR methodology across different business domains and its consistent framework over time.

- Future Expansions and Applications: The anticipation of new additions to the FAIR model and its application beyond security, including financial, operational and natural disaster risk assessments.

- Automation in Risk Quantification: The evolving trend towards using technology such as AI to automate cyber risk quantification for timelier and mainstream industry applications.

- Resources and Further Engagement: Information on resources for learning more about the FAIR methodology, upcoming publications and ways to connect with thought leaders in the field.

Guest Bio

Jack Jones

Chairman Emeritus of the FAIR Institute

Jack has worked in information security for over 35 years, 10 years of which as a CISO with three different companies, including a Fortune 100 company. His work was recognised in 2006 with the ISSA Excellence in the Field of Security Practices. Jack has received the CSO Compass award for risk management leadership and also had the privilege of participating in the ISACA task force that created the original RiskIT framework and led the development of ISACA’s CRISC certification programme. An adjunct instructor at Carnegie Mellon University, he teaches in the CISO executive programme. Jack also

created the Factor Analysis of Information Risk (FAIR) and FAIR-CAM models which have been adopted as international standards for measuring risk. In 2015, he co-authored a book on FAIR entitled Measuring and Managing Information Risk, a FAIR Approach, which was inducted into the Cyber

Security Canon in 2016.

Resources Mentioned

- FAIR risk methodology

- Jim's recently released book, "The Cyber Sentinels Handbook"

- Kindle Unlimited

- RMI Solutions

- FAIR Institute

- FAIR controls analytics model (Faircam)

Other episodes you'll enjoy

Cybersecurity in 2024: Expert Predictions You Need to Know

https://www.razorthorn.com/cybersecurity-in-2024-expert-predictions-you-need-to-know/

The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfare

https://www.razorthorn.com/the-rise-of-cyber-mercenaries-governments-secret-weapons-in-cyber-warfare/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. 

Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. 

Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. 

Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you.

Key Talking Points:

1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts.

2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach.

3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board.

Don’t miss out on this candid and informative discussion. 

"There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there."

Oliver Rochford

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain.

- Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions.

- Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector.

- Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals.

- Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals

- Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios.

- Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness.

- Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement.

Resources Mentioned

- Lockbit Ransomware Group

- Cyber Volunteer Group (mentioned in relation to COVID-19)

Other episodes you'll enjoy

The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfare

https://www.razorthorn.com/the-rise-of-cyber-mercenaries-governments-secret-weapons-in-cyber-warfare/

Cybersecurity in 2024: Expert Predictions You Need to Know

https://www.razorthorn.com/cybersecurity-in-2024-expert-predictions-you-need-to-know/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

In this episode, we tackle some of the most pressing issues in the convergence of cyber warfare, information security and political strategy. Our guests, Iain and Chris, share their frontline insights on how the digital realm has become a playground for clandestine operations, where cyber mercenaries are the new knights, rooks and perhaps even the kings. 

We examine the repercussions and complexities of engaging third party cyber groups for state-sponsored operations, debate the seemingly lucrative appeal of cybercrime and look at real-world examples where the cyber realm has been militarised. Discussions range from the effect of bot networks on democracies, to the specific roles of organised criminal cyber divisions and the evolution of digital espionage.

Talking Points:

1. The Intricate Web of Cyber Mercenaries: Discover the hidden connections between governments, political factions and cyber mercenaries. We unravel the complex tactics and consequences of outsourcing cyber warfare and the ethical lines that get blurred along the way. 

2. The Business of Cyber Conflict: We talk about the paradoxical profitability of cybercrime versus the costs of robust defence. We discuss the art of balancing offensive strategies and cybersecurity defences, drawing comparisons between private sector incentives and government backed digital warfare. Professionals keen on risk assessment and cyber strategies will find this conversation particularly interesting.

3. Navigating Cybersecurity Governance: Dive into a crucial debate on managing the cyber mercenary phenomenon, filtration in intelligence gathering, and the quintessential role of governance in preventing operational downfall. As we explore the undeniable need for quality defence mechanisms, the insights shared here are invaluable for any professional aiming to stay ahead of cyber threats.

Join us on Razorwire, your go-to podcast for cutting through the digital noise, as we delve into a world where cyber conflict is omnipresent and the concept of warfare is forever altered. This is one episode you'll want to replay, decrypt and safeguard in your mental arsenal.

"It's not like a physical mercenary group where you can see them. They're not blowing anything up. Nothing's going to go bang so people actually notice. So unless a government gets hacked or something happens, unless they shut down the national grid, unless there’s collateral damage that comes with it - they can pretty much hide it away, can't they?"

Chris Dawson

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• Government and Media Control: Exploring the intersections of government ownership of media and its implications for information security and cyber warfare.
• Corporate Espionage and Cyber Warfare: Debating the ethical and strategic considerations of engaging in corporate espionage and cyber warfare.
• Cyber Mercenaries: Examining the rise of cyber mercenary groups willing to conduct cyber warfare operations for hire.
• Digital Infrastructure Security: Discussing the technical and strategic challenges associated with detecting and defending against compromises in digital infrastructures.
• Plausible Deniability and Cyber Attacks: Considering the strategy of plausible deniability and its potential to shield governments from the fallout of cyber operations.
• Monetisation of Cyber Crime: Analysing the profitability and incentives driving skilled cybercriminals and how crime pays in the cyber realm.
• Cyber Warfare and Political Influence: Delving into how cyber warfare can be a tool for political manipulation and influence, referencing historical and recent events.
• Mercenary Tactics in Cyberspace: Comparing the operations of traditional mercenary groups to digital equivalents and their impact on modern conflicts.
• Legal and Ethical Challenges of Cyber Warfare: Discussing the complex legal and ethical landscape of cyber warfare, including the difficulty in predicting outcomes and avoiding collateral damage.
• Defence and Upskilling in Cyber Mercenary Groups: Highlighting the importance of continuous training and developing trust to scale commercial cyber mercenary operations effectively.

Resources Mentioned

- Vulkan files

- Colonial Pipeline attack

- Dark Side - Hacking group

- Wagner Group

- Cambridge Analytica

- Cozy Bear

- APT 29

- NHS (National Health Service)

Other episodes you'll enjoy

The reality of cyber warfare

https://www.razorthorn.com/the-reality-of-cyber-warfare/

The Impact of Compliance and Legislation

https://www.razorthorn.com/strengthening-cyber-security-the-impact-of-compliance-and-legislation/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Hello Razorwire listeners! It's your host Jim here, and in today's fascinating episode, we sit down with cybersecurity veteran Simon Moffatt. With two decades under his belt in the dynamic field of identity and access management, Simon unpacks the complexities of cyber protection in our modern age. From the evolution of technology to the murky waters of liability and insurance in cybersecurity, Simon's insights shed light on the challenges and trends we face. 

As the founder of The Cyber Hut, Simon taps into his experience with giants like Oracle and ForgeRock and his startup stints to guide organisations through the labyrinth of cybersecurity strategies. 

We talk about the seismic shifts in industry practices, highlighting the advent of cloud technologies and "as a service" models and the post pandemic rise of remote work. We explore the forefront of passwordless technology, the challenges of IoT security, and the critical nature of defence in depth strategies.

You’ll hear about a significant legal battle that a sizable organisation won against its insurers, highlighting the larger uncertainties in cyber liability insurance. Find out about Simon's predictions for the industry's trajectory, combined with his first hand accounts of working in various sectors of the tech world, to provide a rare glimpse into the past, present and future of cybersecurity.

Key Talking Points:

1. The Transformation of Cyber Liability Insurance: Discover why a major organisation's legal victory signals a critical juncture for cyber liability coverage and what this means for businesses navigating today's risk landscape.

2. Passwordless Futures and Biometric Booms: Tune in as Simon forecasts the rise of biometric authentication over the next few years, discussing how behaviour tracking could redefine threat detection and response.

3. Cloud Confusion and Shared Responsibilities: Uncover the intricacies of cloud service models and how shifting boundaries have resulted in complex challenges for CISOs and CIOs in pinpointing control and ownership amidst a virtual landscape.

Ready for a deep dive into cybersecurity's evolving realm with Simon Moffatt? Join us on Razorwire to unravel the enigma of cyber protection in our interconnected world.

“Cyber's a top priority, maybe even more so than it was 3 or 4 years ago. By that, I mean people are quite familiar with protecting their own identities, or PII protection. People are aware of hackers, you know, the bad guys, nation state threats."

Simon Moffatt

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• Concerns and challenges surrounding data protection liability
• The problems of uncertainty due to the constantly changing landscape of cyber liability insurance
• Incomplete picture of cybersecurity with third party intelligence companies
• The limitations of third party intelligence companies in the cybersecurity space 
• Trends in identity and access management 
• Introduction to The Cyber Hut, a business focused on tracking cyber trends and aiding organisations in navigating the cybersecurity landscape
• The shift towards cloud technology, remote work and changes in software delivery
• The blurred lines of responsibility in cloud services are explored, raising questions about data ownership and control
• The need for agility, modularity and preparedness in systems following the pandemic

GUEST BIO

Simon Moffatt

Simon is a recognised expert in the fields of digital identity, access and information security who assists organisations in the venture capitalist, public, private and government sectors with the selection, use and design of products and strategies to help keep information assets secure. He is also the Founder of The Cyber Hut - a global cyber security industry analysis and advisory practice based out of the UK.

With over 20 years’ experience in a broad array of security design and architecture domains, Simon has a deep specialism within identity and access management. Simon is a published author, contributor to standards at NIST and the IETF and is a regular keynote speaker. He holds several accolades including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and is a Fellow of the Chartered Institute of Information Security (F.CIIS). He also holds a Post Graduate Diploma from the GCHQ certified Information Security Group at Royal Holloway, University of London.

Resources Mentioned

Oracle

ForgeRock 

The Cyber Hut 

Sun Microsystems 

Azure 

Google Cloud 

SaaS applications 

Vayu 

Sarbanes-Oxley (SOX) 

PCI DSS (Payment Card Industry Data Security Standard) 

IoT (Internet of Things) 

GDPR (General Data Protection Regulation)

CCPA (California Consumer Privacy Act)

Other episodes you'll enjoy

Breaking Into Cybersecurity: Essential Tips for Newbies

https://www.razorthorn.com/breaking-into-cybersecurity-essential-tips-for-newbies/

What To Do If You Are A Victim Cybercrime: The Anatomy Of High Profile Incident

https://www.razorthorn.com/what-to-do-if-you-are-a-victim-cybercrime-the-anatomy-of-high-profile-incident/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security, from seasoned professionals with years of experience, triumphs, and lessons learned under their belt, to those in relatively early stages of their careers, offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals, providing insights, news, and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss, email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

LinkedIn: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I'm your host, Jim, and in today's episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos.

In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications.

Key Talking Points:

1. The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation.

2. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments.

3. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation.

“We can't let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it's a distraction, I think, from real security."

Steve Applegate - Dragos

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation.
• Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls.
• Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs.
• Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats.
• Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks.
• Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes.
• Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency.
• Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC.
• Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology.
• Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry.

Resources Mentioned

- Dragos

- Sellafield

- Azure Active Directory (AD)

- Microsoft Active Directory

Other episodes you'll enjoy

DORA Compliance Made Clear: Essential Training for Safeguarding Financial Institutions w Paul Dwyer

https://www.razorthorn.com/dora-compliance-made-clear-essential-training-for-safeguarding-financial-institutions-w-paul-dwyer/

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast for all things cybersecurity and information security. I'm your host, Jim, and today we have a thought-provoking discussion with industry experts Iain Pye and Chris Dawson about emerging cybersecurity threats and trends to watch out for in 2024.

In this episode, we dive into three key talking points that are essential for cybersecurity professionals to listen in on:

1. The accelerating risk of ransomware and data breaches, including the increasing need for continuous security testing and the challenges of balancing security tool costs with limited budgets and the speed required to adapt.
2. The use, impact and potential threats of artificial intelligence on major global events including the elections coming up in 2024, in the context of societal and political manipulation, as well as the rising risks of identity theft, sophisticated disinformation and deep fake technology.
3. The importance of operational resilience plans, the challenges of compliance and auditing processes, and the need for improved cybersecurity standards and training.

Tune in to gain insights from leading experts in the field on how organisations can prepare for the cybersecurity challenges of 2024. 

"What's your operational resiliency plan? How is your organisation going to have to learn the hard truths? Take a really hard look at what you're doing and go: if that falls over or it gets breached, can we keep running our business?"

Iain Pye

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Technology vs. training: security advancements outpacing public knowledge

- Complex compliance: regulation challenges for smaller organisations

- Cybersecurity testing shift: from annual to continuous

- Offensive and defensive AI use anticipated to increase in 2024

- Reviewing technical security solutions and policies

- Budget struggles: balancing security tools and costs

- Call for government prioritisation in security training

- Importance of basic security measures

- Mistrust in mainstream media and information sources

- Artificial intelligence: potential risks and benefits

Resources Mentioned

GDPR

SEC

AI

Cyber Essentials

CSFI

Other episodes you'll enjoy

The Use Of AI In Cybersecurity – Consultants Roundtable

https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Hey there, Razorwire listener! In this episode, we welcome back cybersecurity experts Richard Cassidy and Oliver Rochford to follow up on our AI podcast back in November. Join us for spirited debates on the current state of AI capabilities, their imminent impacts on society and business, and thought-provoking speculation on the future of AI and its existential promise and perils.

We tackle AI topics ranging from innovations like large language models to the role of quantum computing, governance challenges and regulatory responses, workforce disruptions, and the potential for artificial general intelligence. You'll come away with an insider's perspective on AI progress and get beyond the hype to understand real-world limitations and applications.

From actionable business advice to philosophical discussions on the human condition, the Razorwire podcast offers incredible insights from industry veterans Oliver and Richard. Learn about investments, cybersecurity issues, ethical considerations, the AI "arms race," and transhumanist ideals spanning neural implants to robot bodies.

Whether you're making strategic decisions in your company, tracking public policy issues, or just want to sound informed on emerging tech, the Razorwire podcast delivers the context and perspectives needed to evaluate AI's present impact and future potential with wisdom. Tune in for enlightening analysis you won't get from sensationalised media reports. Every episode offers rare clarity to think smarter about technological forces shaping society.

"I don’t believe we know humanity is not ready for AGI. We haven’t evolved in the way that we think, and as I said, our colloquial, war-minded economics today to actually even have AGI benefit the planet."

Richard Cassidy

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• AI Development Accessibility: The current challenges of the development of AI technology.
• The future of artificial general intelligence (AGI): The conversation delves into the future of AGI and its potential impact on society.
• Ethical and Existential Concerns: AI's potential implications for society, humanity, and the labour force raise ethical and existential concerns.
• Business Responsibility: Business leaders are responsible for managing AI technology and should view it as augmenting the workforce.
• AI for Global Solutions: AI technology has the potential to address serious global problems if used responsibly.
• Advancements in Human Health: Some advocate for the use of AI to develop new technologies to improve human health and capabilities.
• Lack of Global Legislation for AI: Concerns are raised about the lack of global legislation for AI and its potential implications for businesses.
• AI in Military and Autonomous Robots: We discuss the potential implications and ethical concerns of AI technology for building autonomous robots and weapons.
• AI Regulation and Consequences: We explore the fear of and potential consequences of regulating AI technology.

Resources Mentioned

Moore's Law

Neuralink

Fermi's Paradox

GPT

LLM-based products

Other episodes you'll enjoy

The Use Of AI In Cybersecurity: Consultants Roundtable

https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast where we cut through the tangled web of cybersecurity to bring you the latest insights and expert analysis. Victor Acin and Oliver Rochford, two esteemed guests, are with me in today's episode.

In this episode, we’re exploring the dangerous world of cybercrime as a service and its implications for individuals, organisations, and even nation-states.

Join us this week as we unveil the dark side of cybercrime. Victor, the Head of Threat Intelligence at Outpost 24, shares his expertise on the rise of cybercrime as a service. Discover how cybercriminals have adapted their tactics, the motivations driving their actions, and the alarming ease with which they operate.

Stay ahead of the game with insider knowledge from Oliver's research, where he discusses the striking similarities between cybercrime services and legitimate tech services. Learn about the techniques used by cybercriminals to infiltrate organisations and exploit their vulnerabilities. 

Whether you're a seasoned professional or just starting your cybersecurity journey, this episode offers some excellent, practical advice for strengthening your defences. We share some effective ways to protect against credential theft, insider threats, and targeted attacks. Hear about tried and trusted remedies recommended by our experts that can make a significant impact on securing your organisation.

So, if you're a cybersecurity professional looking to expand your knowledge and sharpen your skills, join us on Razorwire as we unravel the intricate world of cybercrime as a service.

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following:

• The evolution of cybercrime into an as-a-service model, where specialised services and infrastructure are available to carry out different elements of cyberattacks

• The low barriers to entry for new cybercriminals of this business-like model

• The recent rise in credential theft through the use of simple malware toolkits, which allow even unskilled cybercriminals to distribute malware and steal credentials at scale

• Established cybercrime groups that offer ransomware and even entire cyberattack infrastructure in an as-a-service model. This comes complete with support services for affiliates conducting attacks

• The flexibility offered to cybercriminals from a modular services model, which offers mix-and-match attack components from different providers specialising in access, malware, ransomware, money laundering, etc. 

• How cybercriminals choose or decide against their victims

• How the rise of untraceable cryptocurrencies has removed obstacles to monetising and laundering profits from cybercrime, fueling growth

• Whether or not having easy access to cybercrime services could facilitate corporate espionage and what examples we have

• The importance of threat intelligence—understanding the motives, tools and trends in cybercrime—is vital context for effectively securing against the evolving threat landscape

GUEST BIOS

Oliver Rochford

Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner,  Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing.

Victor Acin

Victor Acin has been working in threat intelligence since 2016 and is now leading the Kraken Labs unit at Outpost24, performing tasks related to the generation of threat intelligence (mainly reverse engineering of malicious samples and research of global actors) and the development of the department's internal products, such as the malware analysis sandbox. In addition, he has also worked as an ethical hacker, performing penetration tests against web applications, external and internal infrastructure, and mobile devices.  

Resources Mentioned

Outpost 24

NSO

ISO standard

Amazon

Microsoft

Other episodes you'll enjoy

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Cyber Insurance: Does It Create More Problems than it Solves?

https://www.razorthorn.com/cyber-insurance-does-it-create-more-problems-than-it-solves/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast where we cut through the noise to bring you incisive discussions on all things cybersecurity. I'm your host, Jim, and in today's episode, we delve into the SEC charges against SolarWinds CISO, a case that has sent shockwaves through the infosec community.

In this episode, our guests Iain Pye and Chris Dawson discuss the hype surrounding the trial, its impact on the infosec community, and the potential consequences for all Chief Information Security Officers (CISOs). 

We also explore the uncertainties surrounding the CISO's responsibilities and actions within the organisation regarding addressing security vulnerabilities, as well as the potential implications of the SEC ruling on CISOs' risk aversion and self-interest.

Lastly, we talk about the dynamics of security compliance certifications and the potential manipulation involved in obtaining them.

If you're a cybersecurity professional, join us as we dissect the complexities of CISO responsibilities, the SEC's pursuit of individuals over organisations, and the implications of legal actions on the infosec landscape. 

Tune in for an insightful discussion that will challenge your perspectives and keep you on the cutting-edge of cybersecurity issues.

"Companies are now telling victimised organisations not to produce an incident response report or similar or any type of report. Any such report should be delivered verbally or kept off any electronic or paper documents as much as possible as they could be subpoenaed in future lawsuits and may reveal that the company to be at fault."

Iain Pye

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we cover the following topics:

- The aftermath of the SEC charges against SolarWinds CISO and the debate surrounding the implications for the infosec community

- The challenges and potential issues surrounding auditors' understanding of risk management and cybersecurity processes

- Discussion of internal messaging about cybersecurity vulnerabilities within SolarWinds and potential misrepresentation of cybersecurity practices

- The impact of underfunding on information security departments and the challenges faced in training and securing environments

- The potential for individuals to whistleblow on security vulnerabilities and the SEC's regulatory role to hold organisations accountable

- The debate on the extent of the CISO's authority within the organisation and the support required from the board in addressing security vulnerabilities

- The potential impact of the SEC ruling on CISO decision making and the resulting risk averse behaviour

- The potential impact of pressure from insurance companies and the SEC's focus on shareholder rights and company ethics

- Suspicions of misrepresentation and potential manipulation in obtaining security compliance certifications and ISO audits

- The role of CEOs and senior management priorities in influencing cybersecurity practises and certifications

Resources Mentioned

- SolarWinds

- SEC (U.S. Securities and Exchange Commission)

- ISO 27,001

- Cybersecurity certifications

- Ransomware

- CISO (Chief Information Security Officer)

- Compliance certifications

- Incident response reports

Other episodes you'll enjoy

The Use Of AI In Cybersecurity – Consultants Roundtable

https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

In the latest episode of the Razorwire podcast, I am delighted to welcome back our esteemed cybersecurity professionals, Oliver Rochford and Richard Cassidy. Today, we delve into the fascinating realm of generative AI and its applications in the cybersecurity landscape.

We kick the episode off with an overview of generative AI. We discuss how it works and its training on extensive datasets to infer statistical relationships between words and concepts. While major cybersecurity vendors such as Google, CrowdStrike, SentinelOne, and Microsoft have announced integrations with generative AI, Oliver issues a cautionary note, highlighting that its capabilities are often subject to overhype.

We discuss the accuracy of generative AI's representation in the business community. Listen in to hear our consensus: Is it possible for generative AI to live up to the advanced AI depicted in science fiction?

Delving into practical cybersecurity use cases and exploring risks associated with explainability, trustworthiness of outputs, and potential regulatory implications

The aim of this episode is to give you valuable advice for venturing into the realm of generative AI. Tune in to the Razorwire podcast for an in-depth exploration of this evolving technology.

Andrés Horowitz has said that 80% of all of the investment in the generative AI startup goes on compute costs. They worked out that one training run on GPT, I think, 3.5 costs somewhere between half a million to $3,800,000. Is it even affordable?"

 Oliver Rochford

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- Big Tech's control over the conversation and concerns about AI

- Inconsistencies in the guidelines and censorship policies of platforms like Spotify, Apple, and YouTube limit what can be discussed and criticised.

- The limitations and potential dangers of Artificial Generative Intelligence 

- The different opinions and viewpoints surrounding NFT technology and its impact and significance

- Importance of not overhyping NFTs and allowing for experimentation and exploration of new use cases

- Limitations of Gen AI tools, particularly in terms of explainability, interpretability, and trustworthiness of data

- Advising caution when utilising AI tools for security purposes and the importance of trust and verification

- How AI tools can help with paralysis and confusion in data analysis

- Examining the high valuation of OpenAI and people's unrealistic expectations of AI due to Hollywood portrayals

- Exploring the potential of AI-powered language models like Chat GPT, their integration into various products, and the need to avoid false information

GUEST BIOS

Oliver Rochford

Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner,  Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing.  

Richard Cassidy

Richard Cassidy has been consulting to businesses on cyber security strategies and programs for more than two decades, working across highly regulated industries including finance, insurance, retail, manufacturing, government and military. During his career Richard has been heavily engaged in the design and implementation of infrastructure & cyber security solutions, helping organisations in evolving security, compliance, risk management, data assurance, automation, orchestration & breach response practices. 

Richard’s security operations experience includes managing CERT, breach response teams, threat intelligence & hunting teams, as well as educating the industry on how data and assets are targeted by cyber-criminal groups, which in return supports effective security practices and mitigation strategies. Richard has led major breach investigations across CNI (Critical National Infrastructure), Finance, Military and Educational institutions over the past decade, with a specific expertise in financial fraud investigations on SWIFT payment networks and OT Manufacturing environments, helping align technical investigation processes to business risk analysis to better serve breach response plans 

Combining hands on experience of the technologies and services that have evolved over the past two decades, with a detailed perspective on end user security risks, Richard focuses on delivering thought leadership tracks that help decision makers define practical security, compliance and data assurance strategies. He is well versed in showing organisations how to better navigate a highly complex and automated threat landscape, in tandem with achieving (and maintaining) regulatory, compliance and data assurance mandates that business leaders face in today’s technology landscape. 

Richard is an active industry contributor, regularly delivering speaker sessions at events including for SANS, BlackHat, IP Expo, InfoSec, FSISAC and security seminars EMEA wide, not least many article publications in the arena of cybersecurity, compliance, industrial control and emerging technology matters. 

Resources Mentioned

RSA

Google Sec PaLM

Crowdstrike Charlotte AI

Sentinel One Purple AI

Microsoft Security CoPilot

Jason Kierstead IBM

Picus Security AI Test

Chat GPT Open AI

SQL

Hitchhiker's Guide To The Galaxy

Dall-e 2

Other episodes you'll enjoy

ChatGPT Reveals Top 5 Cybersecurity Concerns for Businesses

https://www.razorthorn.com/chatgpt-reveals-top-5-cybersecurity-concerns-for-businesses/

Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI

https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Hello and welcome to Razorwire, the podcast where we delve into the world of cybersecurity with top experts and industry leaders. I'm your host, James Rees, and I can't wait to share this episode with you. As a PCI DSS QSA, I’m delighted to have PCI expert Jeff Hall as my guest today.

This episode will give you a unique perspective on how security has evolved from early mainframe days to today's interconnected, risk-focused practises. Jeff tells us about his hard-won lessons and wisdom gathered over decades steering information security programmes, including the need for compliance to work alongside overall security and not hinder it, and why auditors should be viewed as allies, not adversaries.

We give you some unique insights on the upcoming PCI DSS v4, the changes we can expect, and what we should be prepared for. We also talk about the issues that shortened CISO tenures create and how this can hinder long-term security progress. Learn why it’s important to focus on the big picture when it comes to security goals rather than getting distracted by minutiae.

We cover a wide range of subjects throughout this episode, with some really useful takeaways. One of the key points, and I really must agree, is the importance of matching security priorities to business risk, not compliance checklists. Jeff gives us his advice on focusing on the appropriate controls for what you aim to protect. 

For CISOs, security leaders, and practitioners at all levels, you’ll gain insight into building effective programmes that deliver real protection. Tune in to level up your approach with advice from this industry luminary and compliance guru.

So, if you're ready to up your cybersecurity game, join us on Razorwire. Stay informed, connected, and inspired. Together, we can build a safer digital world. Let's get started!

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

- The importance of cybersecurity in e-commerce

- Identifying the main problems of managing website vulnerabilities

- Discussing the need for implementing specific tools to comply with regulations

- Exploring concerns about customer data security, effectively monitoring alerts and meeting requirements

- How the increasing costs and complexity of audits could lead to organisations rejecting compliance requirements

- How to streamline security programmes and focus on essentials

- The challenges of security and deployment in cloud environments

- How to prioritise the overall security programme and how not to get lost in minor details or problems

- The lack of leadership in the information security industry and the short tenure of CISOs

- The shortage of qualified infosec professionals and why we should be supporting mentorship and apprenticeship

GUEST BIOS

Jeff Hall

Jeff Hall is a principal security consultant at Truvantis, Inc.  Jeff has over 30 years of technology and compliance project experience.  Jeff has done a significant amount of work in financial institutions, health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation.  Jeff is part of the PCI Dream Team, a co-author of ‘The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management’ and the writer of the PCI Guru blog (http://pciguru.blog).

Resources Mentioned

Razorthorn’s PCI DSS Consulting Service

The PCI DSS standard

PCI Guru Blog

PCI DSS Dream Team

trustedsec.com

GDPR

Armor cards

Novell Directory

Sarbanes Oxley

CICD

Ansible

Jenkins

Jira

Other episodes you'll enjoy

Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/

Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst?

https://www.razorthorn.com/critical-infrastructure/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Hello, and welcome to Razorwire. This week, I've had a great time discussing the fascinating topic of artificial intelligence (AI) and its potential impact on our industry, with my esteemed Razorthorn consultants, Tom, Jamie and Michael. We explore the different types of AI, including machine learning and chatbots, and discuss the challenges of achieving a low false positive rate and high general application.

You'll gain valuable insights into the evolution of AI and why we MUST take seriously the very real potential for malicious actors to use it for nefarious purposes. We'll also be highlighting the significance of incorporating security measures into AI development and the need for responsible implementation.

By the end of this episode, you'll have a comprehensive overview of AI and its potential risks and benefits in the future of cybersecurity. So join me as we explore this exciting and important topic, and take away key insights that will help you stay ahead in the ever-changing world of cybersecurity.

"The reality of it is AI is a set of predefined algorithms for a compute standard to take in data, process that data, and then come out with a prediction, and that is impacted number one by the data that's being put into it but also the algorithms and controls that are set by the human factor programming that in."

Tom Mills

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

Overview of AI in Information Security

Michael gives us an overview of different types of AI, including machine learning and chatbots, and how they are implemented in information security.

Difference between True AI and Current State of AI

We talk about difference between true AI and machine learning.

Challenges of Achieving Low False Positive Rate and High General Application and how to improve accuracy.

AI Implementation

The consultants discuss ways of reducing risk and false positives in data discovery and leakage solutions.

Evolution of AI

The evolution of technology and the reality of whether AI will really replace jobs.

AI and Malicious Actors

The consultants discuss how AI has increased the pool of unsophisticated threat actors who can use AI engines to conduct successful attacks.

Behavioural Analysis Tools

Discussion on the use of behavioural analysis tools in detecting breaches and how they work.

Chat GPT and its Limitations

Discussion on the limitations of chat GPT and the potential for it to be used maliciously, as well as the potential for AI to develop biases based on the data it is trained on.

Quality Data for AI

The importance of quality data for AI and the process of stripping out unnecessary information to train AI models.

Ethics and Limitations of AI

The limitations of AI and the ethical considerations surrounding the data sets used to train AI models.

Regulatory Compliance Standards for AI

The lack of regulatory compliance standards for controlling AI and the potential consequences of malicious actors using AI for cyber attacks

The need for a kill switch

The importance of having a kill switch in AI to prevent it from going rogue and causing harm.

The possibility of true AI

The consultants talk about the possibility of achieving true AI, which is self-aware and can disable a kill switch.

Advice on utilising and protecting from AI

The consultants provide advice on how to best utilise AI and how to potentially best protect oneself from AI.

Interview with Chat GPT

Jim mentions his interview with Chat GPT about its views on information security.

Resources Mentioned

Behavioural analysis tools

Machine learning and threat detection

Scene products with behavioural analysis

Limitations on chat GPT

Ethics of AI system

Chat GPT political bias

Microsoft's AI becoming racist and sexist

The Singularity is Near by Ray Kurzweil

Elon Musk's chip for brain to computer interactivity

Rules for AI development

Three Rules of Robotics

Tool for identifying SQL injection using AI

Other episodes you'll enjoy

ChatGPT Reveals Top 5 Cybersecurity Concerns for Businesses

https://www.razorthorn.com/chatgpt-reveals-top-5-cybersecurity-concerns-for-businesses/

Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI

https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, where we and our expert guests tackle the issues and opportunities in the world of cybersecurity. In this episode, we explore the challenges and issues faced by the cyber liability insurance industry.  

This podcast looks into the complex challenges surrounding cyber insurance, an increasingly crucial topic for security leaders and organisations. Join your host James Rees and cybersecurity specialists Chris and Iain, as they engage in an enlightening discussion about the problems with cyber insurance.  

Learn why the dynamic nature of cyber risk has left insurers playing catchup, leading to unfavourable policy terms, skyrocketing premiums and growing frustration for customers. Gain insights into the systemic impacts of ransomware attacks on insurers along with the immense stresses faced by CISOs navigating insurance responsibilities. Discover innovative ideas like continuous security ratings and improved regulations that could transform the broken cyber insurance model.  

Whether you're a business leader, security professional or just interested in staying informed, this podcast delivers an array of useful take aways to understand the cyber insurance quagmire. Expect an insightful and engaging discussion on this mission-critical topic. Tune in now to stay ahead of the game in the ever-evolving world of cybersecurity. 

And that’s why you’re better off insuring yourself!  

Iain Pye 

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen 

In this episode, we covered the following topics: 

• The challenges insurance companies face in properly assessing and pricing cyber risk due to its constantly evolving nature. 
• How restrictive policy terms around "acts of war" have made it difficult for companies to receive payouts after attacks. 
• The lack of cybersecurity expertise and rigorous due diligence conducted by many insurance firms before issuing policies. 
• The skyrocketing cost of cyber insurance premiums and difficulty obtaining comprehensive coverage. 
• The problem of companies being unable to get insured after a breach has already occurred. 
• How the increase in ransomware attacks creates systemic risk for insurers paying out multiple policies. 
• The stress and burnout faced by CISOs and cybersecurity leaders related to insurance coverage responsibilities. 
• The importance of cyber defence planning beyond just having an insurance policy. 
• How continuous security assessment models could help provide better assurance to underwriters. 
• The need for improved security regulations and standards for the insurance industry to base policies on. 
• The benefits of self-insuring cyber risks versus relying solely on external insurance. 

GUEST BIOS 

Iain Pye 

Iain is a Cybersecurity, Data Protection and Risk Specialist with over 20 years of experience in the public and private sectors. Iain has worked in a range of industries from finance, legal, security and government. When Iain is not fighting fires or arguing personal data ethics, Iain likes exploring the world with his family and occasionally going for a run through the Fens with the dog. If the dog is up for it, which she is usually not.  

Chris Dawson 

Chris Dawson is a former Royal Marine of 11 years. He moved into the private security sector in 2012 taking up various roles across the globe, from hostile environments to the corporate world, advising and implementing security protocols in multiple sectors while gathering and learning as much as possible along the way.   

Resources Mentioned 

UK National Cybersecurity Centre 

Merck insurance payout 

Lloyds of London 

One Trust 

Georgia Cyber Attacks 

AON 

Razors Edge Continuous Pen Testing 

Vulcan Files 

Fair Risk Methodology 

Other episodes you'll enjoy 

Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI 

https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ 

Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst? 

https://www.razorthorn.com/critical-infrastructure/ 

Connect with your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. 

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. 

For more information about us or if you have any questions you would like us to discuss email [email protected]. 

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. 

Linkedin: Razorthorn Security 

Youtube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com 

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, the podcast that explores the intricate world of cybersecurity. I'm Jim, your host, and on this episode, we have a fascinating guest joining us: Bec McKeown, a renowned expert in the psychology behind security. This episode is a must-listen for cybersecurity professionals for three key reasons:

Firstly, Bec delves into the challenges of conducting investigations and spotting deception in the cybersecurity field. Her insights will equip you with the tools to identify suspicious behaviour, such as stealing or leaking sensitive information.

Secondly, she addresses the crucial skill of effectively communicating risks to higher-level executives without instilling fear. Understanding the psychology behind this communication is vital for cybersecurity professionals seeking to navigate the boardroom and gain support for their security measures.

Lastly, Bec sheds light on building trust within the cybersecurity community, dispelling fears of punishment for reporting mistakes or risks. Her expertise in psychological techniques and team building will give you valuable strategies for fostering an environment of collaboration and trust.

So, cybersecurity professionals, get ready to dive into the fascinating world of the psychology behind security with Bec McKeown on this episode of Razorwire.

“… for me, it's all part of this cognitive fitness thing that you have the agile thinking and the cognitive techniques to do decision making and that sort of thing. But there's also understanding yourself. Where are you as a person? What are your strengths, what are your weaknesses, development needs or the areas where you're not so great at things.” 

Bec McKeown

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

● Complex cybersecurity and agile thinking skills

● Influence, language and understanding for effective communication

● Investigation challenges, spotting deception and overcoming fear

● Understanding different groups for effective collaboration

● Learning how to engage with different individuals 

● The two ways in which the brain works: system one (fast, instinctive) and system two (rational)

● How cognitive narrowing during a cybersecurity crisis affects confidence

● Tips for managing and handling crises effectively

● Burnout risks and how to avoid them in high-stress infosec careers

● Building resilience: individual and organisational responsibilities

● The importance of recognising symptoms, empathy and self-awareness

● Teaching critical thinking and mentoring effectively

● How to use stories for knowledge application and understanding

.

GUEST BIO

Bec McKeown

Bec McKeown is a Chartered Psychologist with twenty years’ experience of researching and evaluating human performance in high-risk, high-stakes industries, including the UK Ministry of Defence. The knowledge and insights gained from this research have given Bec a unique perspective on the ways humans react in times of crisis, and she is an experienced speaker and thought leader on the psychology of human performance in cybersecurity. 

In 2019, Bec established Mind Science, an organisation dedicated to assisting companies at both operational and strategic levels. Her primary focus revolves around leveraging psychological principles to enhance situational awareness, decision-making, and problem-solving for teams operating in complex environments. With a proven track record, Bec continues to make significant contributions in shaping the landscape of human performance psychology. 

Resources Mentioned

VUCA

Prof Debi Ashenden - Adelaide University

Daniel Kahneman - Thinking Fast & Slow

British Psychological Society

Burnout Culture is a Cyber Risk | Yanya Viskovich | TEDxZurich

mindscienceltd.co.uk

Other episodes you'll enjoy

What To Do If You Are A Victim Cybercrime: The Anatomy Of High Profile Incident

https://www.razorthorn.com/what-to-do-if-you-are-a-victim-cybercrime-the-anatomy-of-high-profile-incident/

Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Welcome to Razorwire, the podcast that cuts through the noise and delivers the sharpest insights in the industry. I'm your host, Jim, and I am thrilled to have you join us for another episode packed with cutting-edge information.

Now, I know you're constantly bombarded with countless podcasts and resources vying for your attention, but let me give you three compelling reasons why Razorwire should be at the top of your playlist.

Firstly, we have a very special guest today: Paul C Dwyer. Paul is a leading expert in the field and will be sharing his expertise on DORA, the Digital Operational Resilience Act. He'll be diving deep into the testing requirements outlined in DORA, for organisations of different sizes. This is crucial information for staying ahead of the game and ensuring your organisation is resilient in the face of cyber threats.

Secondly, we will shed light on the presence of "snake oil" salespeople in the security industry and the importance of credible expertise. With the ever-increasing complexity of cybersecurity, it's essential to navigate through the noise and rely on trustworthy guidance to meet DORA requirements effectively.

And last but not least, Paul tells us about his own academy called DORA Training EU, offering non-technical, business-led training courses aligned with EU strategy. He tells us about the highly popular DORA Certified Compliance Specialist course and the bonus module that will equip you with practical implementation knowledge using the NIST cybersecurity framework. This is a fantastic opportunity to enhance your skill set and gain a competitive edge in the industry.

So there you have it, cybersecurity professionals! Join us on Razorwire as we delve into the world of DORA, unravel the complexities of compliance, and equip you with the knowledge and skills needed to protect your organisation from data breaches and attacks. Get ready for an enlightening episode filled with actionable insights. 

“There needs to be a mindset change when it comes to this digital society and digital economy that we operate in. Cybersecurity and cyber risk management is an investment, not a cost.”

Paul C Dwyer

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• DORA testing requirements: Discussion on the testing requirements outlined in DORA for financial organisations.

• Differences for small organisations: How do the testing requirements differ for small organisations compared to larger ones?

• Importance of Resilience: Emphasis on the importance of resilience and the ability to identify and respond to data breaches and attacks.

• Opportunity for Improvement: What opportunities does DORA presents for the financial sector to improve and become more efficient?

• Beware of "Snake Oil" Salespeople: Warning about the presence of unreliable salespeople in the security industry and the need for credible expertise.

• Training Courses for DORA Compliance: Discussion on the training courses available, including the DORA Certified Compliance Specialist course.

• Online Delivery and Constant Updates: An explanation of how the training courses are delivered online and the importance of staying up to date.

• Leveraging the Cybersecurity Industry: Emphasising the importance of leveraging the expertise of the cybersecurity industry appropriately.

• Compliance is not Just Regulation: Discussion on how compliance is about protecting the business and its customers, not just meeting regulations.

GUEST BIOS

Paul C Dwyer

Paul C Dwyer stands among the world’s leading cybersecurity, risk, and compliance authorities. As CEO of Cyber Risk International, he excels in corporate and enterprise security, crafting cyber defence programmes, and safeguarding business operations for clients. He also serves as the founder and President of the ICTTF International Cyber Threat Task Force, leading a community of over 30,000 professionals in their mission to combat cyber threats and promote industry diversity.

Resources Mentioned

DORA legislation

Competent Authority

Team Cyber - Secure Your Future

DORAtraining.eu

Eucyberacademy.com

Cyberriskacademy.com

ISO-2701

PCI DSS

Cyber Risk International

NIST Cyber Security Framework

Other episodes you'll enjoy

Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/

A Snapshot in Time: Why Penetration Testing Is Critical for Cyber Security

https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

Welcome to the Razorwire podcast, where we explore the latest trends and insights in the world of cybersecurity.

In this episode, we delve into the topic of defence in the post pandemic world with our esteemed guests, Jonathan Care and Christopher Fielder. We talked about why it’s more important than ever for organisations to adequately adapt their cybersecurity capabilities to meet the requirements of remote working and why it’s essential to have multiple layers of security to detect and respond to threats before they reach critical endpoints. 

During our conversation, we discussed the importance of due diligence when considering a cloud-first approach or involving a detailed supply chain. We also highlighted the challenges faced by security teams and departments during the pandemic, as well as the rise of ransomware groups and the use of AI in cybersecurity. 

"The pandemic has really shown that we need to be more agile and more adaptable."

Jonathan Care

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The breakdown of the traditional network perimeter.
• Changes in management styles and the need for a radical reset.
• The impact of the pandemic on different sectors, such as retail and finance, and the dramatic shift in consumer behaviour.
• Transition to remote work [00:09:17] Discussion on the impact of the pandemic on the traditional network perimeter and the shift to remote work, including the subordinate relationship between security and IT teams.
• The focus on AI and machine learning to compensate for the lack of skilled infosec professionals.
• The impact of AI on defence in depth and the risks of implementing AI within an organisation without considering security.
• The flaws in relying solely on endpoint security 
• How working from home has exposed flaws in security architectures and highlighted the rise of cyber threats.
• What is the traditional approach to defence in depth, and how has it been adapted to changes in technology and working environments.
• What are the difficulties organisations face when it comes to re-engineering defence in depth, such as budget, and how to overcome them.
• The importance of due diligence in cloud and supply chain security 
• An example of a defence in depth breakdown.
• Asset-based security and the importance of 2FA.

GUEST BIOS

Jonathan Care

Jonathan Care is a recognised expert in the field of cybersecurity & fraud detection. A former top-rated Gartner analyst, Care was responsible for defining the Fraud market, and leading Gartner’s Insider Threat and Risk research. He regularly advises cybersecurity industry leaders on strategic growth and has worked with key figures in industry and government across the globe. He is a lead contributor for Dark Reading, an industry-defining publication. He has testified in court as an expert witness and forensic investigator and is a Fellow of the British Computer Society. He also fuels his creative passion as a composer of film/TV music.  

Social media: @jonathanhcare & https://linkedin.com/in/computercrime  

Chris Fielder

Christopher Fielder has been in the cybersecurity world for over 20 years, with experience in a range of military, government, and corporate environments. From this background, Christopher holds 18 industry certifications along with a Master's Degree in Information Security.

While much of his career has involved traditional hands-on keyboard security roles that covered offensive, defensive, and analytics security positions, today he is the Field CTO for Arctic Wolf. This position allows him to research emerging security topics and remain at the forefront of highlighting the expertise of the entire Arctic Wolf team.

Resources Mentioned

Arctic Wolf Security 

Gartner

LionFish Security 

Dark Reading 

Other episodes you'll enjoy

Threat Intelligence & Collaboration

https://www.razorthorn.com/threat-intelligence-why-awareness-is-critical-and-collaboration-is-essential-razorwire-podcast/

A Snapshot in Time: Why Penetration Testing Is Critical for Cybersecurity

https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to this episode of the Razorwire podcast, where my guest, renowned cyber security expert Oliver Rochford, and I explore the impact of economic downturns on the cybersecurity industry and how it affects professionals in the field.

We discuss the current economic climate and the challenges it poses for the industry, with inflation on the rise and smaller banks struggling to keep up. We also examine the effects of previous economic downturns and how they impacted the industry, along with what we should have learned from them.

We also discuss the trend of vendor consolidation in the industry, the shortage of cyber security professionals, and the emergence of financial operations, and how to turn these to your advantage.

We also touch on the impact of COVID-19 on the industry and the importance of adapting to changing economic conditions.

So, if you're a cybersecurity professional looking to stay ahead of the game, this episode is a must-listen.

"We've had a long period of really cheap money. We've had really high exits, and that money needs to seek a return. If you've just made a hundred million dollars and you put it in the bank, you're basically going to get eaten up by inflation. So you need to invest it into something, right?"

Oliver Rochford  

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen 

In this episode, we covered the following topics:

• The impact of economic downturns on the cybersecurity industry 

• The effects of a downturn in spending on cloud-related security: why many organisations are looking to reduce cloud and SaaS licencing spend 
• What we should have learned from past economic crises, including the dot-com bubble and the 2007-2008 credit crunch 

• Why organisations are consolidating vendors in this economic downturn 

• The financial challenges faced by mid-size companies looking for cybersecurity solutions  

• The shortage of experienced infosec professionals and the impact of the great recession on the industry during economic turmoil

• The opportunities that technological advancements offer to refocus your career and why you need to get ahead of the curve

• Seizing the opportunity to start your own company

• The benefits of standardisation in the industry and the shift towards more sustainable business models

• Advice on efficient budget allocation in a time where budgets are being squeezed, including consolidation and being smarter with technology

• How to overcome the challenges of complying with security standards on a smaller budget

• Embracing automation in cybersecurity

GUEST BIOS 

Oliver Rochford 

Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online, and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation, and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner,  Tenable, and Securonix and is currently Chief Strategist at Tenzir, where he works on product strategy and marketing.

Other episodes you'll enjoy 

Navigating the Turbulent Waters of Cybersecurity: Nationalism, Economics And AI 

https://www.razorthorn.com/navigating-the-turbulent-waters-of-cybersecurity-nationalism-economics-and-ai/ 

Trust and Culture as Cornerstones of Cyber Security with Paul Dwyer 

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ 

Connect with your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring experience and expertise from a range of disciplines and at different career stages. We give you various viewpoints for improving your cyber security, from seasoned professionals with years of experience, triumphs, and lessons learned under their belt to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals, providing insights, news, and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss, email [email protected].

If you need consultation, visit www.razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

LinkedIn: Razorthorn Security 

YouTube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com 

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to this episode of Razorwire, where my guest, Stefania Chaplin, and I jump into the topic of cybersecurity for newbies.

Starting a new career in any industry can be a baptism of fire, but there are definitely certain things that can help you in cybersecurity. Today, we explore the key skills all good cyber recruits should be aware of as well as what constitutes a good security mindset. We highlight three key takeaways from the podcast that will be valuable for not only new recruits, but all cybersecurity professionals.  

We discuss the importance of effective communication with different audiences and how to gain buy-in from team members when implementing security policies.  

We also cover the changing landscape of work in the cybersecurity field, the importance of resilience and positivity in the face of rejection, and the potential consequences of losing credibility in the industry.  

We talk about the benefits of gaining experience and expertise in different areas of cybersecurity and the broad range of roles available beyond technical positions. Tune in to this episode to gain valuable insights and enhance your skills in the field of cybersecurity. 

I really struggled with it when I started out in my career as a young woman in IT. I was so hesitant and reluctant to make a mistake or to put myself out there because I'm like, but if I put myself out there and then I get it wrong, like my credibility is destroyed. 

Stefania Chaplin 

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen 

In this episode, we covered the following topics: 

• Tips for Security Newbies - Discussing tips for those new to the infosec space, including what to watch out for and what you need to know to progress. 

• Stefania's Journey into Cybersecurity – Stefania tells us about how she fell into the cybersecurity field and how she knew it was for her. 

• Importance of Communication Skills in Cybersecurity – How to improve your communication skills and use them effectively with different teams/levels within the organisation.  

• Understanding Psychology - we discuss the importance of understanding psychology in cybersecurity, including personality types, power dynamics, and how to spot who has the power in a room. 

• Baby Steps: Advice for those new to cybersecurity, including the benefits of taking baby steps, finding bug bounty programmes and learning from your colleagues. 

• How important are certifications? We discuss the pros and cons of certifications vs personal skills, along with identifying your motivations for pursuing certifications, such as for a specific skill or knowledge. 

• Dealing with rejection - we share some tips for dealing with rejection in the job search process. 

• Using LinkedIn to Find a Job - Sharing experience of using LinkedIn to get jobs and build a network in cybersecurity, emphasising the importance of being professional and engaging with industry leaders. 

• Engaging Developers and IT Professionals: - We share some tips for engaging developers and IT professionals in cybersecurity projects. 

• Credibility within the industry – Stefania shares her experience of struggling with credibility as a young woman in the industry and the importance of coaching. 

• Non-technical aspects of security – finally, we talk about the importance of non-technical aspects of security, including as finance and policy, and recommending that newbies stay non-specialised for the first five years of their career. 

GUEST BIOS 

Stefania Chaplin 

Stefania’s (aka @DevStefOps) experience as a Solutions Architect within DevSecOps, Security Awareness and Software Supply Chain Management means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting and automating processes and creating integrations. She is a member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants.  

Resources Mentioned 

ISO 27001 auditor cert and CISSP or preferably a CISM 

AWS Solutions Architect Associate cert  

Certificate for Ethical Hacking (CH)  

Other episodes you'll enjoy 

Trust & Culture as Cornerstones of Cybersecurity with Paul Dwyer 

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/ 

Women in Cybersecurity 

https://www.razorthorn.com/women-in-cyber-security-razorwire-podcast/ 

Connect with your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. 

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. 

For more information about us or if you have any questions you would like us to discuss email [email protected]. 

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. 

Linkedin: Razorthorn Security 

Youtube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com 

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to the latest episode of Razorwire, where we delve into the world of cybersecurity and the challenges faced by experts in the field. Our guests today, Joe Hancock, and Paul Hemmings, work together at Mishcon, and I’m delighted to be able to share their expertise with you today. We’re discussing high profile cybersecurity incidents and how they are handled by the experts. 

We talk about the best ways to prepare for these incidents and the best approach strategies to handle them along with what to include in your organisation’s procedure. We also discuss the changing tactics of malicious actors and what threats we need to be aware of. 

We talk about the many motivations behind cybercrime and how to prepare yourself for increasingly complex and strategic attacks from highly organised malicious actors and groups. We also discuss the best practice for the most effective incident response plans. 

Join us as we explore the world of cybersecurity and the challenges faced by experts in the field. 

I always believe that you want to be intelligence-led. To a certain degree, if you're looking for the needle in a haystack, it's good to have a really good idea of what needles look like, to kind of really stretch analogy. 

Joe Hancock  

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen 

In this episode, we covered the following topics: 

• When High Profile Incidents Occur - we discuss the timing of high profile incidents, and what times of the day or year we tend to see the highest number of attacks taking place 

• Dealing with Crisis Management – in crisis situations, who are the best people and what are the best skill sets to have immediately to hand?  

• The Business Response – should the way we deal with high profile attacks differ depending on corporate priorities? What has been shown to be effective? 

• The Importance of a Broad Skill Set – what skills are required when dealing with a cybersecurity incident and how can it help establish a strategy and a plan. 

• Standard Playbooks and Approaches – why every organisation should have standard playbooks and approaches for different incident types and how to follow the standard model to analyse, contain, eradicate and recover. 

• Threat Intelligence and Incident Response – we talk about why threat intelligence is essential in informing incident response and the criticality of early access to information. 

• Dealing with Cyber Criminals – who exactly are we up against? The speakers talk about the different types of cyber criminals, organised and disorganised, and how to approach negotiations and payments, including the use of cryptocurrency. 

• Malicious Insider Incidents - how do we deal with incidents involving malicious insiders that are still present within the organisation and potentially monitoring the response efforts? 

• Increasingly Sophisticated Social Engineering - attackers are upping their game in social engineering, targeting individuals using social media – how can we avoid being played? 

• The rise of organised cyber crime – what we should learn from this 

• Interactions with cyber criminals – so you’ve been hacked. What’s it like dealing or negotiating with cyber criminals?  

• Joe tells us about a UK based organised crime group that he’s dealt with on several occasions 

• High-End War Gaming – what is value of high-end war gaming and how is it used to prepare for high-profile incidents? 

• C-suite support and decision-making – what is required from the C-suite (and other levels in the organisation) during a cybersecurity incident? 

GUEST BIOS 

Joe Hancock 

Joe is a non-lawyer Partner and the Head of MDR Cyber, the cybersecurity and investigations practice at Mishcon de Reya. Joe works across a varied practice of risk management issues from cyber incidents to investigations and asset tracing. His works with clients who need broad risk and crisis management expertise, leaning heavily on his experience as a cyber security specialist. 

His experience ranges from crypto-currency tracing, asset recovery investigations or major cyber incidents, combined with deep technology and risk management skills. He has a wide range of expertise in cyber risk and security, data protection, and resilience, and first-hand experience with some of the UK’s largest cyber incidents. Joe is a specialist at the nexus of cyber-security issues and legal responses and is the Head Consultant for our NCSC accredited services. 

Paul Hemmings 

Paul is the Commercial Director for MDR Cyber, within the Mishcon de Reya Litigation Team. He has 25 years commercial experience and domain knowledge from several senior leadership roles held within Private and Public organisations. These have been within the Energy, Defence, Homeland Security, and Unified Communications sectors, and has specialised in cyber security, secure communications and large systems integration services. 

He has successfully designed, and implemented growth and client engagement strategies for EMEA, North America and APAC, that have included innovative global partner-alliance programs, contract and framework development, key client account and stakeholder management at Board and C-suite levels. 

Resources Mentioned 

Mischon de Reya 

Gartner: 70% of organisations now have a CISO at board level - News 

Other episodes you'll enjoy 

Trust & Culture as Cornerstones of Cybersecurity with Paul Dwyer 

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer 

Cybersecurity and Critical Infrastructure: Are We Prepared for the Worst? 

https://www.razorthorn.com/critical-infrastructure/ 

Connect with your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult. 

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. 

For more information about us or if you have any questions you would like us to discuss email [email protected]. 

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. 

Linkedin: Razorthorn Security 

Youtube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com 

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to the Razorwire podcast. In this episode, we explore cyber warfare. We discuss the challenges of defending against cyber attacks and the power imbalance between nations in the cyber domain. We have some fantastic guests on this week who know a thing or two about this: Oliver Rochford and Victor Acin shed some light on the issue of plausible deniability and the potential consequences of our lack of preparedness for defence in critical infrastructure. We also touch on the psychological and information manipulation aspects of cyber warfare and the difficulties of defending against cyber attacks in a commercial environment. We talk about what needs to be done to incentivise organisations to invest in better protection and if there’s anything that can be done to make the prospect of attacks less appealing to malicious actors. Join us as we explore the reality of cyber warfare!

“No country is able to defend very well in the moment except if you're not very dependent on your digital infrastructure. Or if you start decoupling. And that, I think, is the thing that we're seeing with decoupling, and how that will impact future cyber wars is a completely different question as well.”

Oliver Rochford

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• How warfare has developed through the ages, from primitive times to modern day, including the development of new weaponry and the inevitable rise of cyber warfare
• The power imbalance within cyber warfare, which makes it easier for larger states to attack smaller ones
• Plausible deniability in cyber warfare and the difficulty in attributing attacks to specific nation states 
• Cyber warfare vs. ground invasion
• The potential for cyber attacks to destabilise a populace through social engineering and disinformation campaigns
• The dangers of echo chambers and the manipulation of information through social media
• The role of big tech in information manipulation and the lack of trust in media and technology
• The power of manipulating people and the issue of mistrust in motivating a population during the pandemic
• The difficulty of gaining investment in national security from investors without an external mechanism to justify it
• The legality of cyber insurance payouts and the responsibility of businesses in cyber warfare: we question what constitutes an act of war and what happens if the insurance won't pay out
• The responsibility of the state to defend private companies from advanced nations in cyber warfare 
• The need for a unified front between government and business, and the responsibility to provide guidance 

Disclaimer: Please be advised that in the course of our discussion, we would like to clarify that the company mentioned as being breached and subsequently acquired is Panopta, rather than Panoply as previously stated.

GUEST BIOS

Oliver Rochford

Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner,  Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing. 

Victor Acin

Victor Acin has been working in threat intelligence since 2016 and is now leading the Kraken Labs unit at Outpost24, performing tasks related to the generation of threat intelligence (mainly reverse engineering of malicious samples and research of global actors), and the development of the department's internal products, such as the malware analysis sandbox. In addition, he has also worked as an ethical hacker, performing penetration tests against web applications, external and internal infrastructure, and mobile devices.  

Resources Mentioned

Sun Tzu - Art of War

Facebook report on campaigns targeting army officers from Ukraine

Cambridge Analytica Legal Case

TikTok Ban USA

Other episodes you'll enjoy

Defence In Depth: Strengthening Your Cyber Security Strategy

https://www.razorthorn.com/defence-in-depth-strengthening-your-cyber-security-strategy/

Cyber security and Critical Infrastructure: Are We Prepared for the Worst?

https://www.razorthorn.com/critical-infrastructure/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

In this episode of Razorwire, we delve into the ongoing debate between privacy and security in the world of cyber security. 

Our guests this week, Iain Pye and Chris Dawson, offer different perspectives on this issue, exploring the meaning of privacy, the significance of security and the accumulation of data. Our discussion also touches on topics such as government surveillance, commercial tracking and the use of AI to compile reports. While we agree that technology is advancing too quickly for privacy, we also believe that it's crucial to strike a balance between privacy and security. Tune in to gain valuable insights into the ongoing tension between privacy and security in the digital age.

"I think the difference between privacy and security is that privacy involves how your data is used and security is there to protect that. One can live without the other, the other can't live without the other one. So security can exist without privacy but the reverse is not true in my eyes."

Iain Pye

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The difference between privacy and information privacy, and what cultural differences we encounter. 
• Government surveillance and commercial tracking – are they necessary for security purposes? What role does AI play?
• Privacy and the Stifling Effect – does constant surveillance limit people's willingness to do anything controversial or experimental?
• The debate over government surveillance and the idea of having a backdoor through encryption
• Privacy rights and the use of CCTV
• The potential for using AI to compile reports to prevent human operators having access to private data
• The privacy concerns surrounding facial recognition technology
• The use of AI for monitoring protests 
• The debate over whether we need body cameras and CCTV for constant monitoring, for use in emergency situations
• Whether we should use technology to monitor individuals to flag suspicious and dangerous patterns of behaviour
• How we can prevent the misuse of information

GUEST BIOS

Iain Pye

Iain is a Cyber Security, Data Protection and Risk Specialist with over 20 years of experience in the public and private sectors. Iain has worked in a range of industries from finance, legal, security and government. When Iain is not fighting fires or arguing personal data ethics, Iain likes exploring the world with his family and occasionally going for a run through the Fens with the dog. If the dog is up for it, which she is usually not. 

Chris Dawson

Chris Dawson is a former Royal Marine of 11 years. He moved into the private security sector in 2012 taking up various roles across the globe, from hostile environments to the corporate world, advising and implementing security protocols in multiple sectors while gathering and learning as much as possible along the way.  

Resources Mentioned

Edward Snowden

Ashley Madison

Palantir

Ring Doorbell

ICO Website

Wikileaks

Cambridge Analytica

Other episodes you'll enjoy

Data Protection and Ethical Standards in Cyber Security

https://www.razorthorn.com/the-business-of-biometrics-data-protection-and-ethical-standards-in-cyber-security/

The Impact of Compliance and Legislation

https://www.razorthorn.com/strengthening-cyber-security-the-impact-of-complIaince-and-legislation/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to the Razorwire podcast. In this episode, I delve into the turbulent waters of cyber security with Razorwire favourite, Oliver Rochford. We'll be discussing a range of topics that are currently shaping the industry, including economic challenges, nationalism and the continuing impact of the pandemic.

We'll also be exploring the use of acronyms, consolidation and rationalisation in the vendor space, and the development and potential dangers of AI. But that's not all! We'll also be taking a closer look at the weaponisation of security, the need for active security and moving target defence, and the potential for mergers and acquisitions in the industry.

So sit back, relax and get ready for some valuable insights into the challenges and opportunities facing the cyber security industry. 

"Planning a security project over two years is far too long. It's ludicrous, you've missed the moving target by the time you're finished. What you've done - it’s outdated."

Oliver Rochford

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered:

• The economic challenges in the information security space, including the waves of layoffs and the continuing impact of the pandemic on the industry

• The overhype of cloud usage and companies spending their entire security budget on cloud and data costs

• The impact of new legislation on security costs and the potential consequences of not securing to the required level

• The dangers of AI and the lack of global consensus on its development

• The impact of nationalism on cyber security and the use of technology from certain countries

• The potential weaponisation of security and the impact on cyber insurance

• The economic challenges in the information security industry

• The evolution of pen testing, combining automation and the need for continuous assurance

• The need for better standards in the industry to enable easier mixing and matching of technologies

• How the future of cyber operations would look if we have to go into a low power mode

GUEST BIOS

Oliver Rochford

Oliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. He has been interviewed, cited, and quoted by the media, think tanks, and academia. He has written for Securityweek, CSO Online, and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation, and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP market. Prior to joining Securonix, Oliver worked for Qualys, Verizon, Gartner,  Tenable, and Securonix. Oliver is the Chief Furitist at Tenzir, where he works on product strategy and marketing. 

Resources Mentioned

Tenzir

NSA Snowdon Files

Chat GPT

Tiktok

Razors Edge - Continuous Pen Testing

Vulcan Papers

Ray Kurzweil - Singularity Is Near (book)

Other episodes you'll enjoy

A Snapshot in Time: Why Penetration Testing Is Critical for Cyber Security

https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/

The Cyber Security Skills Shortage

https://www.razorthorn.com/the-cyber-security-skills-shortage/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to a special edition of Razorwire, where I had the pleasure of interviewing AI language model, ChatGPT. Our discussion revolved around various topics related to information security and cybersecurity. ChatGPT shared valuable insights on how AI can assist in securing organisations against cyber attacks but also emphasised that it should be considered just one tool in a broader cybersecurity strategy. We delved into the future of cybersecurity, key technologies for a defence in depth approach, and the advantages of continuous penetration testing. Our conversation highlighted the importance of being agile, adaptable and proactive in tackling cybersecurity challenges. 

So sit back and enjoy this enlightening episode of Razorwire.

The collaboration between human cybersecurity professionals and AI technology has the potential to significantly improve the effectiveness and efficiency of cybersecurity operations and provide a more robust defence against cyber threats.

ChatGPT

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• Importance of cybersecurity - ChatGPT explains the importance of cybersecurity for both public and private businesses today, based on industry reports and trend

• Top 5 cybersecurity concerns - ChatGPT lists the top 5 cybersecurity concerns that organisations should have, based on current trends and threats.

• Effectiveness of cybersecurity - ChatGPT suggests measures that businesses can take to improve their cybersecurity effectiveness

• AI in cybersecurity - how AI can help detect and respond to cyber threats, anticipate and prevent cyber attacks, detect and prevent fraud, monitor user behaviour and automate routine cybersecurity tasks

• Human professionals vs AI -  can AI replace human cybersecurity professionals? We discuss the collaboration between human cybersecurity professionals and AI technology and the potential to improve the effectiveness and efficiency of cybersecurity operations

• Securing AI systems – we discuss the recommendations ChatGPT makes for securing AI systems

• The future of cybersecurity - a discussion on the trends that will shape the future of cybersecurity, including the increasing use of AI and machine learning, the growing importance of data privacy and the shift towards a more holistic approach to cybersecurity

• ChatGPT’s top tips for cybersecurity for organisations looking to secure themselves from cybercrime

• Continuous penetration testing - the importance of regularly testing information security countermeasures, the benefits of continuous penetration testing, and how it can provide an extra layer of security for organisations

GUEST BIOS

ChatGPT v4

ChatGPT is a sophisticated language model developed by OpenAI. Based on the groundbreaking GPT-4 architecture, ChatGPT has been trained on an extensive array of internet text, enabling it to generate intelligent, human-like text in response to a variety of prompts.

A remarkable tool for a diverse range of applications, ChatGPT has proven its mettle in contexts ranging from drafting emails and writing code, to creative content generation and customer engagement. Although it doesn't possess beliefs or opinions, it leverages its training to provide factual information, answer queries and hold natural-sounding conversations.

While ChatGPT showcases a fascinating instance of advanced AI capabilities, it remains a tool developed and maintained by a team of dedicated humans. It represents a significant step forward in the realm of AI communication and is a powerful ally for any business looking to harness the power of artificial intelligence.

Written by ChatGPT

Resources Mentioned

Cybersecurity tools and technologies:

Firewall 

Intrusion detection and prevention system 

Secure email gateway

Data loss prevention 

Endpoint protection

Security information and event management

Multifactor authentication 

Other episodes you'll enjoy

Trust & Culture as Cornerstones of Cybersecurity with Paul Dwyer

https://www.razorthorn.com/trust-culture-as-cornerstones-of-cyber-security-with-paul-dwyer/

Defence In Depth: Strengthening Your Cybersecurity Strategy

https://www.razorthorn.com/defence-in-depth-strengthening-your-cyber-security-strategy/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cybersecurity – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cybersecurity enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome to Razorwire, where I have the pleasure of interviewing cyber security legend Paul Dwyer, president of the International Cyber Threat Task Force and CEO of Cyber Risk International. 

In this episode, we delve into a variety of topics within cyber security. Paul shares his extensive background and experience in the industry, highlighting the need for a cultural shift towards cyber security. 

We discuss the challenges of regulating and controlling the metaverse, as well as the devastating effects of cybercrime on individuals and organisations. Throughout the interview, Paul emphasises the importance of trust in organisations and people, as well as the significance of education and policy in combating cyber threats. 

Whether you're a seasoned professional or just starting out in the industry, this episode provides valuable insights into the latest trends and developments in the world of cyber security.

We need to get back to the basics. We need to make sure all our people understand the risks around security and cyber security so they can have that cyber savviness, that security savviness, to know what's dangerous what's not dangerous.

Paul Dwyer

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The importance of having a generalist vs specific skill set

• The need for ethics and morality to be built into AI development as well as the importance of quality code in preventing cyber attacks

• The vulnerabilities of IoT devices and the lack of security standards and regulations

• The need for updated and practical cyber security education and training, and the lack of background checks for cyber security professionals

• The importance of policy in shaping the culture of cyber security, and the need for faster dissemination of information to governments

• The potential security threats that may arise in the metaverse and the lack of regulation and control over it

• Exploration of the criminal ecosystem that supports cybercrime and the lack of accountability for social networking sites and other businesses that enable it

• Concerns over the threat of disinformation and deep fakes, and the potential consequences of eroding trust in information sources

• The control of information by companies like Facebook and the consequences of providing false information to people

• Predictions for the future of cyber security and the need for real leadership and trust in organisations

• The psychological impact of cybercrime on victims, especially in romance scams, and the importance of working together to defeat evil.

GUEST BIOS

Paul Dwyer

Paul C Dwyer stands among the world’s leading cybersecurity, risk, and compliance authorities. As CEO of Cyber Risk International, he excels in corporate and enterprise security, crafting cyber defence programs, and safeguarding business operations for clients. He also serves as the founder and President of the ICTTF International Cyber Threat Task Force, leading a community of over 30,000 professionals in their mission to combat cyber threats and promote industry diversity.

Boasting over 30 years of experience, Paul has worked extensively with military, law enforcement, and commercial sectors across the globe. His impressive credentials include certifications from the International Information Security Certification Consortium (ISC2) and the Information System Audit and Control Association (ISACA), as well as approvals from the National Crime Faculty and the HTCN High Tech Crime Network.

Throughout his illustrious career, Paul has taken on diverse roles, such as President of the ICTTF International Cyber Threat Task Force, Co-Chairman of the UK NCA National Crime Agency Industry Group, Advisor to NATO on Countering Hybrid Cyber Threats, and Interim Global CISO for multiple multinational organisations. Additionally, he has advised various governments and intelligence agencies.

Resources Mentioned

MS-DOS

Novel Network

Norton Utilities

McAfee

Conti Files

Dmitry Golubov “Script”

Vulcan Files

Tim Berners-Lee

EU regulations DORA and Digital Operational Resilience Act

Other episodes you'll enjoy

Ransomware Sanctions: Exploring the Fallout

https://www.razorthorn.com/ransomware-sanctions/

The Cyber Security Skills Shortage

https://www.razorthorn.com/the-cyber-security-skills-shortage/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

In this episode of Razorwire, I had the pleasure of speaking with Phil Tonkin from Dragos about securing critical infrastructure. Phil and I delved into the definition of critical infrastructure, the fragility of supply chains and the importance of preparing for potential attacks. We also talked about the Colonial Pipeline incident and the inextricable link between IT and OT in critical infrastructure.

Phil tells us how we should be advancing the development of defensive capabilities and safeguard civilisation as well as how to overcome the many challenges of managing risks and compliance, the changing perception of IT and cyber security within organisations and how to deal with the increasing sophistication of cyber attacks.

Overall, it was a fascinating discussion that shed light on the critical importance of securing our infrastructure in the most suitable way given the challenges we are facing. I hope you enjoy listening to this episode of Razorwire as much as I enjoyed recording it.

"Don't just chase the newest and sexiest technology. Focus on actual risks and develop capabilities that can manage those risks." 

Phil Tonkin

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The evolution of critical infrastructure and how we can advance our defensive capabilities 
• How the Colonial Pipeline incident changed the perception of critical infrastructure security, and how to prepare for future attacks
• The decision-making processes of critical infrastructure companies during a cyber attack 
• The factors that increase the likelihood of an attack, according to Dragos’ latest research
• The reduction of surplus reserves and the need for governments to identify what to subsidise to increase resilience 
• What are the key concerns Dragos are seeing from customers in critical infrastructure and what do these organisations need to be mindful of
• The problems with securing an organisation simply to meet minimum compliance standards 
• Cyber security budget limitations vs high expectations 

GUEST BIO

Phil Tonkin 

Phil is the Senior Director of Strategy at Dragos and has worked in the power industry for over 20 years. In the last five years, Phil has led the cyber security efforts for operational technology in the UK and US, with experience in securing systems in electricity and gas control centres, communication networks and operational sites. 

Resources Mentioned

Dragos Inc

Solarwinds Cyber Attack

Colonial Pipeline Attack

Other episodes you'll enjoy

Data Protection and Ethical Standards in Cyber Security

https://www.razorthorn.com/the-business-of-biometrics-data-protection-and-ethical-standards-in-cyber-security/

A Snapshot in Time: Why Penetration Testing Is Critical for Cyber Security

https://www.razorthorn.com/a-snapshot-in-time-why-penetration-testing-is-critical-for-cyber-security-razorwire-podcast/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Welcome back to the show! In this episode of the Razorwire podcast, I have the pleasure of discussing defence in depth with Razorthorn’s own illustrious consultants, Jamie Hayward and Tom Mills. During our conversation, we talked about the increasing number of tools and solutions available, the perils of ‘reactive’ budget allocation, as well as the changes we’re seeing in the industry and within our clients’ requirements. 

We also highlighted the need for a holistic approach to defence in depth, the importance of cyber threat intelligence, and the growing requirement for continuous security assurance.

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The importance of defence in depth for security and the need to layer multiple technologies, processes and people

• The plethora of security tools and solutions available and the importance of balancing these with processes and people for effective security.

• The disparity between investment in cyber security and the cost of cybercrime to the world's economy.

• The need for a proactive approach to cyber security budgets and the real cost of cybercrime

• The complexities and considerations of cyber warfare, including the lack of policies and procedures to protect international organisations and entities.

• The requirement for continuous scanning and testing, and the importance of being aware of vulnerabilities and threats as they occur

• The shift towards ongoing security assurance and the requirement for intelligence in frameworks such as ISO 27001, as well as the need for organisations to update and move with the times.

• The role of threat intelligence as the first and last line of defence 

• Updating the Defence in Depth model to include a bar of security assurance and intelligence that permeates through all layers

• The issues surrounding supply chain security

Resources Mentioned

Cyber Security Ventures (Magazine)

WEF - World Economic Forum

Centre Of Army Leadership Podcast

The Grey Zone Podcast

CIDER - organisation overseeing risk balance cases for third-party assurance chain in the military

Other episodes you'll enjoy

Ransomware Sanctions: Exploring the Fallout

https://www.razorthorn.com/ransomware-sanctions/

Threat Intelligence: Why Awareness is Critical, and Collaboration is Essential

https://www.razorthorn.com/threat-intelligence-why-awareness-is-critical-and-collaboration-is-essential-razorwire-podcast/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

When Megan Brown, Jonathan Care, and I explore the world of penetration testing, we uncover the missing links between the testing itself and having a secure organisation and patched vulnerabilities.

In this episode, you will learn how to maximise the potential of your penetration tests and increase the depth of your organisation's cyber security. 

“Pen tests on their own don’t do anything if you don’t have a way of tracking the issues, resolving the issues.” Jonathan Care

We cover the following topics:

• How regularly penetration testing should be carried out to ensure that the organisation is secure as well as compliant
• Driving accountability and how to use the data from pen testing
• Expectations vs outcomes from pen testing
• What additional value do you get with a continuous pen testing (CPT) service?
• How does Razorthorn bridge the gaps between testing, tracking and resolving vulnerabilities with their CPT service, Razor’s Edge?
• How cyber insurance premiums can be reduced through CPT
• Are bug bounties complimentary to pen tests and what benefits and drawbacks do they have? 
• How GRC can support a company following a pen test to increase internal and customer confidence by closing security gaps
• What challenges arise when recruiting and retaining qualified pen testers given the current market conditions?

Megan, Jonathan, and I had an interesting discussion about the current trends in the penetration testing industry. We discuss the various ways organisations are utilising penetration testing, from quarterly snapshots in time to continuous pen testing, with reference to Razorthorn’s new CPT platform, Razor’s Edge.

We talk about how difficult it is to find and retain skilled professionals, when better-paying jobs are dangled like carrots in an industry where there is a notable skills shortage. 

We also talk about how to use intelligence to find new threats on the dark web and how to combine vulnerability scanning with pen testing. 

Find out more about Razor’s Edge here: https://www.razorthorn.com/cyber-security-testing/next-gen-continuous-pen-testing/ 

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

GUEST BIOS

Megan Brown

Megan Brown has spent over 15 years in SAAS and technology leadership roles. For the past 5 years, she has worked alongside the founding team at LogicGate to help scale the Risk Cloud, a next gen GRC workflow automation SaaS platform, around the world. Megan currently works as the Head of International Sales after having developed the Strategic Alliances and Partner Function at LogicGate. Megan leads the international market expansion strategy and sales team covering global markets. In her free time, she loves podcasts and is a host herself - you can hear more from Megan on LogicGate's GRC & Me podcast. She is a live music fan, marathon runner, and mom to a 3 year old daughter. Megan, her husband, and their daughter will be moving to Richmond, UK, this year, a long way from their previous home in Chicago, IL where the company has its US headquarters. 

Jonathan Care

Jonathan Care is a recognised expert in the field of Cybersecurity & Fraud Detection. A former top-rated Gartner analyst, Care was responsible for defining the Fraud market, and leading Gartner’s Insider Threat and Risk research. He regularly advises cybersecurity industry leaders on strategic growth and has worked with key figures in industry and government across the globe. He is a lead contributor for Dark Reading, an industry-defining publication. Jonathan has testified in court as an expert witness and forensic investigator and is a Fellow of the British Computer Society. He also fuels his creative passion as a composer of film/TV music.  

Social media: @jonathanhcare & https://linkedin.com/in/computercrime  

Resources Mentioned

LogicGate Security

Lionfish Security

Push Security

Dark Reading

Black Hat 

Razor’s Edge

Tech Vets

44 Con

Other episodes you'll enjoy

The Cyber Security Skills Shortage | Razorwire Podcast

https://www.razorthorn.com/the-cyber-security-skills-shortage/

Ex-Military Cyber Security Experts: How Military Training Prepares You for a Successful Career in Cybersecurity

https://www.razorthorn.com/ex-military-cyber-security-experts-how-military-training-prepares-you-for-a-successful-career-in-cybersecurity/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

Josh Davies, Keith Christie-Smith, and I dive into the world of legislation and compliance and explore the stark contrast between the need for rigorous security and the burden placed on businesses to comply.

“One of the big problems we have in security is that you spend all this money pre-empting your defence in depth to try to protect you against things that you could perceive could happen to you." Josh Davies

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• What do the changing regulations and compliance requirements in the information security field mean for businesses?
• The advantages of a security first approach
• How being compliant in itself doesn’t necessarily mean your organisation secure
• The irony of having a cyber incident justifying the budget for adequate security measures
• The opposition of legislation vs growth and innovation
• The concept of ‘legislation fatigue’ – is there a danger of having to comply with too many standards?
• The importance of understanding the intent behind the compliance requirement
• What is the difference between too much or too little legislation on security measures?
• The limitations of generic security frameworks vs frameworks targeted to specific industries such as PCI DSS
• The challenges of creating universal standards

GUEST BIOS

Josh Davies

Josh Davies is a Product Manager at Fortra by Alert Logic. Formerly a Security Analyst and Solutions Architect, Josh has hands on experience in incident response and threat hunting activities before working with organisations to identify appropriate security solutions. Josh continues to be closely involved with security operations and threat research.  

Keith Christie-Smith

Keith is a sales director with Claroty, covering the Government, Defence and Healthcare verticals. Keith has worked in the cyber security field for both vendors and resellers. He has been in cyber security for over a decade having worked in IT managed services for almost a decade beforehand.  

Other episodes you'll enjoy

Ransomware Sanctions: Exploring the Fallout

https://www.razorthorn.com/ransomware-sanctions/

Threat Intelligence: Why Awareness is Critical, and Collaboration is Essential

https://www.razorthorn.com/threat-intelligence-why-awareness-is-critical-and-collaboration-is-essential-razorwire-podcast/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2025

In this podcast episode, Jamie Hayward, Tom Mills, Michael Aguilera and I explore the perplexing irony of the UK government's recent proposal to ban payments to Russian ransomware groups. We debate the ethical, legal and financial implications of such a move and challenge organisations to pre-emptively defend against cyber attacks. 

"The best way to defeat exfiltration of your data - one of the best ways, there's a few - is using encryption." - Jamie Hayward 

We were discussing the recent news about new regulations on paying ransomware groups connected to Russia. We explored the implications of this ruling, how it may affect companies and the potential problems and risks it could cause. 

Through the discussion, we talk about the problem of reactive security and the proactive steps organisations can take to protect their data and be prepared for the worst case scenarios. 

While this law is designed to protect businesses, it is not, in itself, a solution to the ransomware problem.  We discuss how likely it might be that ransomware payments may be made illegal across the board and the implications of similar rulings on public, private, national and international organisations.

In this episode, you will learn the following: 

• What are the implications for organisations when the so-called ‘safety net’ of paying a ransom is taken away
• Why reactive cyber security strategies are so risky
• What proactive recommendations we would give for securing an organisation
• The effect the ruling might have on cyber insurance
• The role of cyber education and training 
• How can a universal set of regulations be created for information security? 

If you are a new listener to Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast email [email protected].  

Other episodes you'll enjoy: 

How to Negotiate with Ransomware Groups 

https://www.razorthorn.com/how-to-negotiate-with-ransomware-groups/ 

Threat Intelligence: Why Awareness is Critical, and Collaboration is Essential | Razorwire Podcast 

https://www.razorthorn.com/threat-intelligence-why-awareness-is-critical-and-collaboration-is-essential-razorwire-podcast/ 

Connect with Your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. 

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers. 

Listen to this episode on your favourite podcasting platform and for more information about us or if you have any questions you would like us to discuss on the podcast email [email protected]. 

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. 

Linkedin: Razorthorn Security 

Youtube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com

All rights reserved. © Razorthorn Security LTD 2025

Are you concerned about the recent ransomware attacks? Listen to this episode to learn important things about how hard it is to talk to a ransomware group. 

In this episode, I am joined by cyber security experts, Richard Cassidy and Oliver Rochford, to share their experiences and knowledge to help you understand the impact of ransomware and how best to respond to ransomware groups if you find yourself in that situation.  

In this episode, we covered the following topics: 

• How ransomware became both a technological and economic problem 
• The rise of ransomware in relation to cryptocurrency 
• Examples of a ransomware attacks 
• What to look out for to protect your company from ransomware 
• The measures to take when dealing with a ransomware attack 
• How the government can further improve the authorities’ response to ransomware attacks 
• The preferred skill sets to successfully mitigate the impact of a ransomware attack 
• Having the right people to negotiate with ransomware groups 

Oliver argues that ransomware is not just a technological issue but also a human and economic problem. Richard concurs, noting that having a team with the technical skills to confront ransomware groups is not enough and that it also requires a different type of training and capability. 

This highlights the need to look at ransomware from different angles and to invest in developing skill sets to tackle the problem from all sides. With the right combination of technological, human, and economic skills, the fight against ransomware can be successful. 

Listen to this episode on your favourite podcasting platform. 

If you are a new listener to the Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast email [email protected]. 

GUEST BIOS   

Richard Cassidy 

Richard Cassidy has been consulting to businesses on cyber security strategies and programs for more than two decades, working across highly regulated industries including finance, insurance, retail, manufacturing, government and military. During his career Richard has been heavily engaged in the design and implementation of infrastructure & cyber security solutions, helping organisations in evolving security, compliance, risk management, data assurance, automation, orchestration & breach response practices.  

Richard’s security operations experience includes managing Computer Emergency Response Teams (CERT), breach response teams, threat intelligence and hunting teams, as well as educating the industry on how data and assets are targeted by cyber-criminal groups, which in return supports effective security practices and mitigation strategies. Richard has led major breach investigations across CNI (Critical National Infrastructure), Finance, Military and Educational institutions over the past decade, with specific expertise in financial fraud investigations on SWIFT payment networks and OT Manufacturing environments, helping align technical investigation processes to business risk analysis to better serve breach response plans. 

Combining hands-on experience with the technologies and services that have evolved over the past two decades, with a detailed perspective on end-user security risks, Richard focuses on delivering thought leadership tracks that help decision-makers define practical security, compliance, and data assurance strategies. He is well versed in showing organisations how to better navigate a highly complex and automated threat landscape, in tandem with achieving (and maintaining) regulatory, compliance and data assurance mandates that business leaders face in today’s technology landscape.  

Richard is an active industry contributor, regularly delivering speaker sessions at events including SANS, BlackHat, IP Expo, InfoSec, FSISAC, and security seminars EMEA-wide, not to mention many article publications in the arena of cybersecurity, compliance, industrial control, and emerging technology matters.  

Oliver Rochford 

Oliver Rochford has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. He has been interviewed, cited, and quoted by media, think tanks, and academia, he has written for Securityweek, CSO Online, and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. Prior to joining Securonix, Oliver worked for Qualys, Verizon, Gartner,  Tenable, and Securonix. Oliver is Chief Furitist at Tenzir, where he works on product strategy and marketing.  

Connect with Your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult. 

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers 

Listen to this episode on your favourite podcasting platform and for more information about us or if you have any questions you would like us to discuss on the podcast email [email protected]. 

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion. 

Linkedin: Razorthorn Security 

Youtube: Razorthorn Security 

Twitter:  @RazorThornLTD 

Website: www.razorthorn.com 

All rights reserved. © Razorthorn Security LTD 2025

In this episode, I am joined by Chris Dawson and Iain Pye to talk about the biometric technology, what can be done to improve it,  and how it might be utilised in the future. 

In this episode, we covered the following topics:

• How biometrics has been altered and adapted since its early days
• How biometric data are being stored
• What damage can a personal data breach cause to consumers
• Is personal data at risk of deepfake technology?
• What do we as consumers really know about how our data is stored and secured? 
• The lack of clear guidelines and framework for the use of biometric data
• Who actually owns our biometric data? Individuals or the company collecting it?

We discuss biometrics and the security and management of the data collected, and how the data has been collected and used by the government, the military, and corporations. We also talk about the moral and legal issues of how biometric data is used and stored, and how individuals can be put at risk.

Biometrics is a technology that has always been surrounded by questions about data security and misuse, even though it is undeniably useful. The technology offers many benefits in terms of security, ease of use, and access to different services. However, it also raises important ethical and legal questions. As biometric data is used more and more, we discuss the need for a clear set of rules and guidelines to ensure people's privacy and civil liberties are respected and protected. 

We talk about the potential for abuse or manipulation of personal data as a key reason for the need for advancements in both biometrics as a technology and the management of the data.

Listen to this episode on your favourite podcasting platform.

If you are a new listener to Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast email [email protected].

GUEST BIOS - 

Iain Pye

Iain is a Cyber Security, Data Protection and Risk Specialist with over 20 years of experience in the public and private sectors. Iain has worked in a range of industries from finance, legal, security and government. When Iain is not fighting fires or arguing personal data ethics, Iain likes exploring the world with his family and occasionally going for a run through the Fens with the dog. If the dog is up for it, which she is usually not. 

Connect with Your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

Listen to this episode on your favourite podcasting platform and for more information about us or if you have any questions you would like us to discuss on the podcast email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

All rights reserved. © Razorthorn Security LTD 2025

Today we discuss recruiting in the cyber security field from a forces perspective - what to expect coming out of the military, recruiting people from the forces, and how we can bring people into this particular field to address the cyber security skills gap. 

In this episode, we cover:

• The experience of veterans and services leavers when they came out of the military – what can a leaver expect?
• How to prepare yourself, mentally and practically, for leaving the military
• Causes of underemployment among people from the forces
• Who are TechVets and how does their programme help the forces community
• Crafting a CV that shows your skills for corporate/non-military employment
• Translating experience and soft skills from military training into desirable corporate skills
• Recruitment of people from the forces into the field of cyber security
• How veterans and service leavers can help fill the skills shortage in information security

All our guests in this episode are ex-forces themselves – I’m joined by James Murphy, Claire Davies and Tom Mills to discuss their experiences after leaving the military, as well as how the qualities and skills they gained from their military training can help fill the cyber security skills gap.

Claire talks about how she went from a senior position in the military to a role in commercial security. Tom talks about some of the problems he ran into as he moved from the military to the business world. James tells us about hiring veterans and service members and helping them get jobs after they leave the military. 

When people leave the military and go into business, they often find it easy to port across the skills they learned there. There is a lack of skilled information security people in the job market, so tapping into the potential of veterans and helping them find a place in this field is an excellent way to make use of the skills honed in the forces. 

This episode gives a great guide to moving from the forces into the world of commerce from people who have been through the process themselves.

Listen to this episode on your favourite podcasting platform.

If you are a new listener to Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast, email [email protected].

GUEST BIOS

James Murphy

James joined TechVets from GDS, where he was employed as the Head of Threat Intelligence.  

James served for 19 years in the British Military, deploying to Northern Ireland, East Africa and Afghanistan with the Infantry, receiving lifelong injuries as a result of enemy action. James then served until 2018 in intelligence, delivering support to global Joint Military operations. 

Since becoming CEO, he has used his military experience to build an unrivalled programme of professional tech training, resources, and support for UK veterans and their families. He is an excellent ambassador for the military and has proven his commercial prowess and business excellence by securing strategic partnerships with some of the world's leading tech companies. 

—

Claire Davies MBE 

Claire has over 30 years of experience in the field of intelligence and security.   She cut her teeth within the UK military where she enjoyed a globe-trotting career identifying, assessing, exploiting and ultimately defeating the threat to the security of assets posed by those engaged in terrorism, espionage, sabotage and subversion.  In more recent times, she leads a team of information security and data protection professionals within Arriva Group.  She is particularly passionate about creating momentum around increased awareness of the cyber threat across the industry, mentoring new recruits into the field (so she can retire) and helping to fly the flag in providing a safe and trusted public transport network.      

Tom Mills

Tom Mills is an Information Security Consultant working for Razorthorn Security. Formerly a Counter-Intelligence and Security subject matter expert with the British Army specialising in physical security vulnerability identification and penetration testing, Tom has hands-on experience identifying and managing security threats and risks in a variety of operational environments. Transferring his military experience, he now supports and guides organisations to ensure their information security and cyber defence postures meet national and international regulatory compliance standards along with supporting key organisational outputs for Razorthorn Cyber Defence. Tom actively supports service leavers where possible and is a Member of the Security Institute and pursues CPD opportunities where possible. 

—

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cybersecurity professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security—from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals, providing insights, news, and fresh ideas on protecting your organisation from hackers.

Listen to this episode on your favourite podcasting platform and for more information about us or if you have any questions you would like us to discuss on the podcast, email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Whether you are training to become an information security professional or if you are more seasoned in the cyber security industry, this is an episode you don’t want to miss.

In this episode, I am joined by Josh Davies and Keith Christie-Smith to talk about what the cyber security skills shortage means for the industry and how we can address this. 

Josh explains how the pandemic affected the problem while Keith emphasises how essential people, policies and procedures are in cyber security in addition to the technological tools. We talk about the current situation in the industry and what we can do to bring more talent into it. 

Ultimately, we can begin to address the cyber security skills shortage by actually talking about it. Help us close the skills gap in cyber security by listening to this episode.

In this episode, we covered the following topics:

• Defining cyber security skills shortage and how to address it
• The current situation in the cyber security industry 
• What to expect if you want to be an information security professional
• The importance of people, policies and procedures in cyber security 
• The effect of the pandemic on the cyber security industry
• Closing the knowledge and skills gap in cyber security
• How sparking discussion on addressing the skills shortage and leveraging remote work setup can bring more people into the industry
• Introducing the idea of cyber security in schools and universities with support from the government

If you are a new listener to Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast email [email protected].

GUEST BIOS - 

Josh Davies

Josh Davies is a Product Manager at Fortra by Alert Logic. Formerly a Security Analyst and Solutions Engineer, Josh has hands-on experience in incident response and threat-hunting activities before working with organisations to identify appropriate security solutions. Josh continues to be closely involved with security operations and threat research. 

Keith Christie-Smith

Keith is a sales director with Claroty, covering the Government, Defence and Healthcare verticals. Keith has worked in the cyber security field for both vendors and resellers. He has been in cyber security for over a decade having worked in IT-managed services for almost a decade beforehand. 

Connect with Your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

Listen to this episode on your favourite podcasting platform and for more information about us or if you have any questions you would like us to discuss on the podcast email [email protected].

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

All rights reserved. © Razorthorn Security LTD 2025

Collecting information on cyber threats and analysing data on a regular basis is essential to ensure your defences are tight and to allow you to pre-empt potential attacks. 

Richard Cassidy and Josh Davies, experts in the cyber threat intelligence field, join us today to discuss how collaboration between cyber professionals when it comes to data and intelligence is essential for keeping your environment secure in a world where threats evolve on a daily basis.   

Hear from the experts on the benefits of ‘tribal’ (or shared) or threat intelligence, how it can help your enterprise defend against cyber threats while also giving you better value from your security tools, and why information silos still exist when we know that sharing information makes us stronger.  

What do we cover in this episode? 

• The application and utilisation of threat intelligence in decision making 
• How to use intelligence and threat data to get the most out of your security tools 
• The difficulties of getting threat intelligence and why we are reluctant to share information 
• Great examples of collaboration in fighting threats, e.g. Log4j 
• The importance of the Intelligence Cycle  
• Platforms for intelligence sharing and collaboration 

Have comments about the show? 

Thank you for listening to today’s episode of the Razorwire podcast. Be sure you subscribe to Razorwire and leave a review! Use the social media buttons below and share them with your connections. For topic ideas you want to hear, I’d love to hear from you at [email protected]. 

Guest Bio(s):  

Richard Cassidy 

Richard Cassidy has been consulting businesses on cyber security strategies and programs for over two decades, working across highly regulated industries, including finance, insurance, retail, manufacturing, government, and military. Richard Cassidy has been consulting businesses on cyber security strategies and programs for over two decades, working across highly regulated industries, including finance, insurance, retail, manufacturing, government, and military.  

Josh Davies  

Josh Davies is a Product Manager at Fortra by Alert Logic. Formerly a Security Analyst and Solutions Architect, Josh has hands-on experience in incident response and threat-hunting activities before working with organisations to identify appropriate security solutions. Josh continues to be closely involved with security operations and threat research. 

Connect with Your host James Rees 

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings insights from leading cyber security professionals who dedicate their careers to making a hacker’s life much more difficult. 

Our guests bring you experience and expertise from various disciplines and career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs, and lessons learned under their belt to those in relatively early stages of their careers offering fresh eyes and new insights. 

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news, and fresh ideas on protecting your organisation from hackers. 

Episode Resources:  

1. Razorthorn - Leaders in Cyber Security Consultancy  
2. Linkedin 
3. Twitter 
4. Youtube 

Catch Up On The Most Recent Episodes! Check out these:  

The Future Of Security For Working From Home 

The Evolution Of Cyber Security & Trends To Watch For 

Cyber Security Professionals Shortage, Burnout & How To Protect Against It 

Have comments about the show? 

What do you want us to talk about in our next episode? Reply with your questions you'd like us to cover, or email us at [email protected].  

All rights reserved. © Razorthorn Security LTD 2025

Most businesses will have a plethora of insurances - employer liability, public liability and indemnity, for example - but what about cyber insurance? It is a relatively new area of insurance, although the risk has existed almost since we started using computers and mobile devices. 

According to the UK Government Cyber Security Breaches report, 39% of UK businesses have identified at least one cyber attack in the past 12 months, making cyber insurance more crucial than ever. 

Nobody knows more about risk than people that work in insurance, so I have invited Matt Clark, expert in international risk management and insurance, to join me for this new episode. We discuss how cyber insurance has evolved from solely protecting breaches to covering risks and how insurance companies calculate premiums based on threats in cyberspace.  Further, we cover the expectations of both the company and insurer in the case of a breach and the rising cost of cyber insurance. 

Listen to this episode on your favourite podcasting platform. 

If you are a new listener to Razorwire, we would love to hear from you. For more information about us or if you have any questions you would like us to discuss on the podcast email [email protected]. 

In this episode, we covered the following topics: 

• An overview of cyber insurance and how it has evolved since it was first introduced 
• Who really needs to have cyber insurance?  
• How cyber insurance companies calculate your insurance premiums 
• The challenge of promoting awareness of cyber insurance in companies 
• Do the expectations of the company and the insurer differ in the event of a breach? 
• Is cyber insurance becoming more expensive and what value do you get for your money? 

GUEST BIO  

Matt Clark