Afleveringen

  • Join us for part one of our two-part series examining the world of Chief Information Security Officers. This episode welcomes back Richard Cassidy, Field CISO at Rubrik, and Oliver Rochford, former Gartner analyst and founder of Cyberfuturist. This episode offers insights that will give you insight into what makes security leadership successful - and what can lead to failure.

    Through real world experiences and practical examples, we explore where CISOs best fit in modern organisations, proven approaches for communicating risk to boards and how to handle increasing personal accountability under new regulations. Our guests share hard won lessons from building security programmes across different business cultures, revealing what works and what doesn't. We also examine why CISO tenures average just 18-24 months, and identify the changes needed to make the role sustainable.

    As cybersecurity becomes a pivotal aspect of business operations, the significance of CISO roles continues to grow - and so do the challenges. From justifying cybersecurity budgets to handling personal accountability for breaches, we take a look at the complexities and evolving duties of today's CISOs. 

    For security professionals, this discussion will help you prepare for senior leadership. For current CISOs, you'll gain strategies for navigating common challenges. And for business leaders, you'll learn how to better support and work with your security teams to protect your organisation effectively.

    Key Talking Points:

    The role and responsibilities of modern CISOs - understand how the Chief Information Security Officer position has transformed from a technical IT role into a complex business leadership position that spans multiple organisational functions 
    Reporting structures and organisational challenges - discover how different reporting relationships (to CEO, CIO, CFO, etc.) impact a CISO's effectiveness and ability to implement security programmes across the business 
    The personal and professional costs of being a CISO - learn about the realities and challenges that CISOs face, from stress and burnout to reputation management and legal liability, providing valuable insights for those considering or currently in the role

    Don't miss out on this deep dive into the cost, both personal and professional, of being a Chief Information Security Officer.

    Evolving Role of the CISO: 

    “A CISO today is essentially a senior executive that is responsible for designing, implementing, and overseeing any organisation's cybersecurity strategy... But it has significantly evolved from what used to be the old IT security director from simply managing technical security operations to actually acting as a key business partner... balancing risk and compliance and security whilst, and this is the hard part, aligning with organisational goals.”

    Richard Cassidy

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:Learn proven approaches for justifying security investments - Discover how to effectively demonstrate the value of preventative security measures and build compelling business cases for cybersecurity budgets Master the language of business risk - Learn how to translate complex cyber risks into clear financial, operational, reputational and regulatory
  • As AI reshapes cybersecurity threats, understanding how scams are evolving has never been more critical.

    Welcome to Razorwire. I'm Jim, and today I'm talking with Noora Ahmed-Moshe, VP of Strategy and Operations at Hoxhunt. We'll explore how AI is transforming cybersecurity threats and what that means for protecting ourselves and our organisations.

    We discuss how traditional scams have changed with AI technology and look at why phishing remains a persistent problem, along with practical ways to make security training more effective. Noora explains her approach to combining smart technology with human awareness and why building a supportive security culture works better than focusing on mistakes. Join us to gain insights into today's cyber threats and take away actionable tips for how organisations can better prepare their teams.

    3 Key Talking Points:

    AI-Enhanced Phishing Techniques: Discover how AI, including tools like ChatGPT, has drastically increased the volume and sophistication of phishing emails, making them harder to detect and more culturally nuanced.Positive Reinforcement in Training: Learn why a supportive, non-punitive approach to security awareness training—using gamification and rewards—can lead to better internalisation of security practices among employees.Deepfake Challenges: Understand the emerging threats posed by deepfake technology, particularly in a remote work environment, and how organisations can adapt their security measures to validate identities effectively.

    Tune in to this vital discussion to stay ahead of cyber threats and foster a culture of security within your organisation.

    Motivating Through Gamification: 

    "It is about motivating people and how you do that. And that's why at Hoxhunt, when we do our training, for example, in terms of social engineering attacks, we reward people anytime they report something. Then they're on a leaderboard, and it's all gamified. So it gives people this real sense of engagement, and that makes it positive."

    Noora Ahmed-Moshe

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:Power up your security training: Learn how to structure effective security training programmes that actually prevent data breaches, based on real-world examples of what works and what doesn't.Master the scammer’s playbook: Understand why "too good to be true" scams continue to succeed by exploring their evolution from the Love Bug virus to modern day frauds, helping you spot timeless patterns in social engineering.Outsmart AI-powered threats: Discover how AI is transforming phishing attempts with sophisticated language and cultural awareness and learn what makes these new attacks so challenging for staff to detect.Stay ahead of QR code attacks: Get ahead of emerging threats by understanding how criminals are exploiting QR codes in innovative ways and learn how to spot these often-overlooked security risks.Unlock human security potential: Understand why human behaviour is at the heart of most security breaches and learn practical ways to address these vulnerabilities in your organisation.Build a confident security culture: Discover why leading organisations are moving away from fear-based security cultures and learn how to create an environment where staff feel confident reporting potential...
  • Zijn er afleveringen die ontbreken?

    Klik hier om de feed te vernieuwen.

  • Are layoffs increasing your cybersecurity risk and driving your team to burnout? This episode looks into the psychological underpinnings of infosec to navigate turbulent times at work.

    Welcome to Razorwire, the podcast that cuts through the complexities of information security with sharp insights and expert discussions. In this episode, I’m joined by Lisa Ventura (MBE), founder of Cybersecurity Unity, and Bec McKeown, a psychologist specialising in high-risk environments. Together, we explore the hidden psychological factors that shape cybersecurity practices and discuss essential strategies to safeguard your organisation.

    Join us as we discuss the impact of economic layoffs on cybersecurity, the efficacy and ethical concerns surrounding psychological profiling, and the sophisticated tactics employed by malicious actors in today's digital arena. Lisa, Bec, and I also unpack the importance of organisational culture in mitigating human error, the role of mental health in cybersecurity, and how to implement targeted security measures without overwhelming your team. This episode is a must-listen for professionals seeking to understand the human dynamics behind infosec challenges and cultivate a supportive, resilient security culture.

    3 Key Takeaways:

    Protect Your Organisation Without Crossing Privacy Linesï»ż. Want to strengthen your security approach without relying on controversial psychological profiling? Discover practical, ethical alternatives as Bec McKeown walks you through smarter ways to assess and mitigate insider risks whilst preserving employee trust and privacy.Prevent Data Theft During Company Transitions. Is your organisation facing changes? Learn how to protect your critical assets during turbulent times. Lisa Ventura reveals proven strategies to identify and secure your most valuable data, particularly when your company is experiencing workforce changes or economic pressure.Build a Stronger, More Resilient Security Team. Ready to boost both your security effectiveness AND team morale? Get hands-on techniques from Bec McKeown to create an environment where your security professionals thrive. Walk away with practical steps to reduce burnout, increase psychological safety and build a high-performing team that stays sharp and engaged.

    Tune in to Razorwire for actionable advice and expert perspectives to fortify your cybersecurity strategy amid challenging times.

    On Psychological Safety & Blame Culture:

    "If people are constantly told off for not doing things in the right way, whether that's cybersecurity training or otherwise, they're never gonna fess up to it... if you haven't got that psychological safety within the culture, then these things are probably more likely to happen because it's not in the person's best interest to hold their hand up."

    Bec McKeown 

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    Understanding Layoff Security Risks: Explore why workforce changes increase data theft risks and why organisations need heightened awareness during these transitions.

    Beyond Psychological Profiling: Learn more effective and ethical ways to assess security risks without compromising employee privacy - practical alternatives you can implement today.

    High-Value Target Protection: Understanding why certain roles face increased targeting and need additional security...

  • Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire!

    Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all. 

    My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures. 

    We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols.

    Key takeaways:

    Strengthen Your Third Party Risk Management

    Implement contractual audit rights early in vendor relationshipsDevelop resilience plans for vendor service failuresUnderstand the risks of supply chain dependencies (third parties of third parties)Plan for scenarios where key service providers might fail or be compromised

    Understand and Mitigate Insider Threats

    Identify different types of insider threats (accidental, disgruntled employees, corporate espionage)Monitor for behavioural changes and suspicious activity patternsImplement ongoing background checks and security clearance reviewsBalance monitoring with employee privacy and company culture considerations

    Address Modern Security Challenges

    Evaluate the cost-benefit trade-offs between in-house and outsourced servicesImplement monitoring solutions that correlate data from multiple sourcesDevelop security strategies that account for both human and technical factorsCreate comprehensive risk assessments that include both internal and external threats

    Join us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences.

    On the inevitability and scale of third-party breaches: 

    "It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach." 

    Iain Pye

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we discuss:

    ● Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins.

    ● Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities.

    ● Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls.

    ● Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them.

    ● Managing Employee-Related Risks: Develop strategies to...

  • How to Optimise Your GRC Tools

    Improving Value, Efficiency & True Risk Management

    Are your GRC tools really managing risk, or just creating noise?

    Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity world to deliver actionable insights. 

    I'm your host, Jim, and in this episode, we're discussing the multifaceted challenges and opportunities surrounding Governance, Risk and Compliance (GRC) tools with none other than Jack Jones, creator of the FAIR risk model and a seasoned security professional with nearly 40 years’ experience.

    In our conversation, Jack and I explore the intricate landscape of GRC tools, questioning their effectiveness in truly managing risk. We talk about the difference between controlling efficiencies and understanding genuine risks, shedding light on the often misleading contents of risk registers. 

    In this episode, you'll learn invaluable insights that could transform how you approach risk management and compliance. From navigating price range vs efficiency, to the idea of developing a more effective and affordable GRC solution, this episode offers a treasure trove of useful takeaways for anyone in the cybersecurity field. 


    Key takeawaysThe Real Cost of GRC Tools: Jack and I discuss the hidden expenses and renewal price hikes associated with existing GRC tools. If you're feeling the financial strain of your current GRC solutions, this segment is a must-listen to understand the true cost and value proposition of these tools.Redefining Risk Management: We talk about the importance of differentiating between real risks and mere efficiencies and how many organisations can get this wrong. Learn how to avoid the ‘noise’ in your risk register to focus on genuine risk scenarios that matter to your business.The Path to Better GRC Solutions: Tune in to hear our thoughts on the pressing need for innovation in GRC tool design. If you're looking for practical, cost effective solutions tailored to meet your risk management needs, you'll want to hear our insights and future plans.

    Don't miss this conversation that could reshape your perspective on GRC tools and risk management.

    "If I thought the [GRC tool] technology is actually provided anywhere near the value of their potential
 if the GRC products and their implementations were actually doing the job they're intended to do, they should cost a lot of money because they would be providing a ton of value." - Jack Jones


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:Cybersecurity Responsibilities Debate: We debate whether cybersecurity should fall under IT or infosec departments.Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it.GRC Tool Costs: Maximising GRC Tool ROI: Gain insights on how to assess and optimise your GRC tool's value proposition through regular utilisation and cost reviews.Identifying GRC Tool Shortcomings: Understand the common pitfalls of popular GRC tools in addressing real world risks, enabling better tool selection and implementation.Proper Risk Register Management: Learn to distinguish between genuine risks and audit deficiencies for more accurate and useful risk registers.Third-Party Risk Management: Learn strategies for effectively managing the challenges posed by third party risks in modern business environments.Effective Risk Communication: Master...
  • Welcome to Razorwire, the podcast where I, James Rees, cover the cybersecurity topics that matter with expert guests from across the industry. We aim to help cybersecurity professionals enhance their skills, improve their work performance, and boost their overall quality of life in this demanding field.

    The illustrious Lisa Ventura, MBE, award winning cyber security specialist and the founder of Cyber Security Unity, joins me in this episode. We talk about the pressing issues that cybersecurity professionals face on a daily basis, from mental health struggles to dealing with industry narcissists.

    Lisa shares her insights on current industry developments and uses her personal experiences to offer practical advice and knowledge for cybersecurity professionals at all career stages.

    Join us as we talk about:

    1. Burnout and Mental Health in Cybersecurity: We talk about the root causes of burnout and mental health issues among cybersecurity professionals, and share practical strategies to protect your wellbeing in a high stress environment.

    2. Navigating Industry Narcissism: Gain insights on how to identify and handle narcissistic behaviours in the workplace, and work towards a healthier and more supportive professional atmosphere.

    3. Cyber Skills Gap and Industry Trends: Lisa's shares her thoughts on the role of AI and VC money, and the ongoing challenge of closing the cyber skills gap, especially in smaller organisations.

    Tune in to Razorwire and empower yourself with the knowledge and resilience essential for thriving in the cybersecurity arena.

    Lisa on handling narcissists in the workplace: 

    "If it gets too much, I have only one bit of advice. And it's not a good bit of advice to say, and that is to find something new as soon as you possibly can and leave because those individuals will never change."

    Lisa Ventura, MBE

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:Burnout and Mental Health: Discover strategies for managing burnout and maintaining mental health in cybersecurity.Cyber Skills Gap: Learn about the factors contributing to the cyber skills gap and how this can be addressed.Responsibility and Fear: Understand the psychological impact of responsibility and blame in security roles.Budget Reductions and Layoffs: Find out how budget cuts and layoffs are affecting the industry post-pandemic.Handling Narcissistic Individuals: Get practical advice on dealing with narcissistic individuals in the workplace.Infosec Industry Trends: Explore current and future trends in information security, including AI misuse.Legislation and C-Suite Attention: Learn how new legislation is increasing executive-level focus on cybersecurity.Experiences in Infosec: Hear firsthand accounts of dealing with negative behaviours in the industry.Targeting and Narcissism Among Women: Uncover insights on targeting and hypocrisy, even among diversity advocates.Challenges for Young Professionals: Find out how mentorship can help newcomers overcome challenges and impostor syndrome.
    Resources MentionedCyber Sentinels...
  • Unlock the truth about using Large Language Models (LLMs) in cybersecurity - are they the next big thing or just another trend?

    In this episode of Razorwire, your host, James Rees, brings together cybersecurity expert Richard Cassidy and data scientist Josh Neil to talk about the use of AI and large language models (LLMs) in cybersecurity and their role in threat detection and security. Join us for a discussion on the capabilities and limitations of these technologies, sparked by a controversial LinkedIn post. 

    We bring you expert insights into AI in security applications and a frank discussion on always being open to learning and correcting misconceptions. Hear about real world examples and practical advice on how to integrate AI tools effectively without falling into common traps. This episode delivers a balanced, in depth look at an often misunderstood but crucial topic in modern cybersecurity.

    3 Key Takeaways:

    Anomaly Detection Challenges: We break down why traditional time series models are still king when it comes to anomaly detection, highlighting the limitations of LLMs. Learn why these models are better suited for identifying real threats without drowning in false positives.

    Role of Critical Thinking in Cybersecurity: Richard Cassidy emphasises the irreplaceable value of human expertise in threat detection. Discover why relying too heavily on AI could stifle critical thinking and skill development, especially for junior analysts, potentially weakening your security team in the long run.

    Practical Applications and Misconceptions: Hear a candid conversation about the real strengths and weaknesses of LLMs in cybersecurity. Both guests share practical advice on how LLMs can augment, but not replace, human-driven methods to ensure stronger, more reliable security measures.

    Tune in to Razorwire for an episode that cuts through the hype and delivers actionable insights for cybersecurity professionals navigating the evolving landscape of AI in security.

    The Downside of AI in the Workplace: 

    "My concern with AI assistants or co-pilots with quick and easy answers, the junior analysts aren't learning the critical thinking required to become senior analysts, and therefore we're losing our bench. And we're going to end up with unskilled senior analysts that don't know when the LLM doesn't know what to do. Neither does the human."

    Josh Neil


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    ●      Anomaly Detection Challenges: Find out how experts approach the complex task of identifying unusual patterns in cybersecurity data.

    ●      LLMs vs. Traditional Methods: We explore different approaches to anomaly detection, comparing cutting-edge AI with established statistical techniques.

    ●      Organisational Understanding: Listen to insights on the importance of deep knowledge about critical systems for effective threat detection.

    ●      Surgical vs. Brute Force Approaches: Discover the debate surrounding different methodologies in cybersecurity, and the role of human expertise.

    ●      Training and Critical Thinking: We examine how the increasing use of AI tools might impact skill development in the cybersecurity workforce.

    ●      Evolution of Threat Detection:...

  • Are you ready for DORA and NIS2? Discover how these regulations could transform your security strategy!

    Welcome back to another episode of Razorwire! Today we unpack the DORA and NIS2 regulations with esteemed cybersecurity expert Richard Cassidy. I’m your host, Jim Rees, and I’ll be guiding the conversation for anyone navigating the evolving landscape of digital security in the financial sector.

    In this information-packed episode:

    Discover why organisations are dangerously behind in DORA and NIS2 preparationLearn how these EU regulations could impact global operations, including US companiesExplore the potential for hefty fines and personal liability for executivesUnderstand the critical role of third party providers in complianceGet practical advice on assessing your organisation's readinessUncover the challenges of implementing cross border information sharingGain insights on budget planning and vendor alignment for compliance

    Whether you're a CISO, IT professional or business leader, this episode offers crucial information to help you stay ahead of regulatory changes. Don't miss Richard's expert analysis and insider tips on preparing effectively for compliance. This episode is packed with invaluable insights you won't want to miss.

    " Don't be looking at this, head in your hands and worry that you haven't got the stack. You most likely do have the capabilities. Now you've just got to understand how you go about aligning to DORA." 

    Richard Cassidy


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:Regulatory Gap Analysis: Why organisations should start by analysing gaps between current performance and DORA and NIS2 regulations.Vendor Involvement: Why it’s essential to involve vendors and ensure they align with new regulations.Global Impact: Learn how DORA and NIS2 will impact organisations worldwide, especially those within the EU financial industry.Budget Implications: Advice on beginning regulatory analysis before budget renewal, for better allocation of resources.Contract Renegotiation: How to navigate the lengthy process and challenges of renegotiating contracts for compliance with new regulations.Third Party Security: Why we need to include audit rights and fine clauses in contracts with third party service providers.C-suite Accountability: Learn about the personal responsibility of the c-suite under DORA, including potential legal consequences.CISO Role Evolution: Find out how the CISO role is likely to gain more prominence and may replace the CIO in the future.Information Sharing Challenges: We discuss the difficulties organisations might face in sharing cybersecurity information.Implementation Recommendations: How to implement a simplified approach to aligning with DORA by assessing maturity and targeting domain-level improvements.

    Resources MentionedDORA (Digital Operational Resilience Act)NIS2 (Network and Information Systems 2)
  • Welcome back to Razorwire! I'm Jim, your host, and joining me today are cybersecurity experts Richard Cassidy and Oliver Rochford.  

    Following on from our last episode of Razorwire, where Oliver and I discussed the key issues that cyber professionals need to focus on in 2024, this episode centres on key takeaways from recent security conferences, particularly RSA and Infosecurity Europe, and explores the shift towards contextual security as highlighted in Byron Acohido's recent report. 

    The conversation covers several critical topics: 

    The potential transformation of long term cybersecurity planning Emerging trends in integration and standardisation among security solutions Fresh perspectives on supply chain risk management The debate over vendor accountability for security vulnerabilities Innovative approaches to security budgeting and prioritisation 

    We discuss the necessity of proactive security approaches, the value of contextual information in threat detection and response, and the importance of considering customer impact when assessing security risks. They also touch on the potential implications of AI advancements for cybersecurity strategies. 

    We give you an overview of current industry trends, challenges and potential future directions. We challenge conventional ways of thinking and offer insights that may help reshape how listeners approach cybersecurity strategies so you come away with actionable insights and strategies. 

    The Overwhelming Complexity of Choice at Tech Events 

    "It's just unbelievable that at every stand you go to [the vendor says] “we're the best in application security.” “We are the best in UEBA.” And I try to put the customer hat on when I go to these events and go, oh my goodness, how does anybody make a decision in the midst of all of this complexity?" 

     Richard Cassidy 

     

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen 

     


    In this episode, we covered the following topics: 

    Data Growth Management: Addressing the growing need for truly effective data management to secure the projected increase in data volume in the coming years. Communication Challenges: The difficulties in communicating long term infosec plans to the C-suite, who focus on shorter term financial goals. Cultural Shift: How the infosec industry has been impacted by post-lockdown advancements in technology as well as cultural changes. Cybercrime Costs: The predicted increase in the financial cost of cyber attacks is likely to be a more significant financial threat than physical crimes by 2025. Financial Challenges: Current investments in cybersecurity are not keeping pace with the evolving threat landscape. New Strategies: Why we need to move from rules-based to contextual-based security. Integration: How interoperability and synergy between vendors can help address evolving threats. Cyber Senescence: Why we need a longer-term approach to cybersecurity planning. C-Suite Communication: Why infosec professionals need to communicate risk and the importance of security investment to the c-suite effectively. Vendor Relations: The challenges of vendor lock-in, tool...
  • Welcome to Razorwire, the podcast that cuts through the noise of the information security industry. I'm your host, Jim, and today we're talking a look at the state of the infosec industry so far in 2024 with our guest, Oliver Rochford. If you're a cybersecurity professional taking on the evolving threats and challenges of our field, you won't want to miss this discussion.

    From the rapid consolidation within the tech sector to the challenges of supply chain security and the limitations of today's infosec tools, we leave no stone unturned. We also discuss the role of AI in simplifying complex security solutions and whether current market trends are truly addressing the core needs of security teams.

    Key Talking Points 

    1. Tech Industry Consolidation: Discover how the acquisition spree by cybersecurity giants like CrowdStrike and Palo Alto is reshaping the industry landscape and what it means for smaller, niche security companies.

    2. Supply Chain Security: Hear about the latest risks posed by third party involvement and how to ensure robust security tracking and management using various tools and solutions.

    3. AI and Security Solutions: Oliver tells us how we can make use of AI to streamline and simplify the overly complex and jargon-filled security tools market, offering a fresh perspective on future developments.

    Tune in to this thought-provoking episode of Razorwire for valuable insights that every cybersecurity professional needs to stay ahead in 2024.

    The Future of Cybersecurity: 

    "I expect there to be diversification under the formation of multiple markets with individual giants within these markets, because you can't be good at everything."

    Oliver Rochford


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Tech Industry Consolidation: Discussion on the recent acquisition of smaller tech companies by larger firms and the impact of this on the industry.

    - Growth and Specialisation Limits: Prognosis on large portfolio providers and the constraints imposed by specialisation and market share retention.

    - Cyber Attack Speed and Aggressiveness: Examination of the increasing speed and aggressiveness of cyber attacks and how to prepare for the challenges they present.

    - Supply Chain Security: How we can secure the supply chain and the inconsistencies in infosec vendor messaging.

    - Complex Security Solutions: How to make use of AI to critique the complexity and confusing terminology in security solutions.

    - AI and Core Security Issues: Exploration of the risks tied to AI, budget constraints and the persistent core security challenges.

    - Affordability and Effectiveness: Highlighting the need for organisations to thoroughly investigate the most effective tools to make the most of tight budgets.

    - Data Privacy and Encryption: Examination of growing encryption usage and questions over control and management of encryption keys.

    - Disconnect in the Cybersecurity Market: Addressing the disconnect between user needs and market offerings, focusing on AI and the latest technologies.

    - Economic and Regulatory Concerns: How financial and regulatory challenges are impacting security investments and implementations.



    Resources Mentioned

    Events:

    Infosec conferenceRSA
  • The deadline for financial entities is looming – get actionable information and advice on DORA compliance with industry expert Paul Dwyer!

    Welcome to Razorwire, your go-to podcast for cutting edge insights and expert analysis in the world of information security. I'm your host, Jim, and in today's episode, we have the privilege of speaking with Paul Dwyer, returning Razorwire guest and veteran in cybersecurity risk and compliance, with over 30 years of experience and the head of the International Cyber Threat Task Force (ICTTF). 

    In this episode, Paul and I discuss the operational resilience required by DORA legislation, touching upon substantial fines for compliance failures and the shift towards personal accountability at the business and boardroom levels. We cover the nuances of DORA and its intersections with NIS2, and talk about the importance of better communication within organisations and the growing responsibility of governing bodies and the c-suite. 

    Paul shares invaluable insights on the risk-based approach that's overtaking traditional compliance methods, the business opportunities awaiting smaller players in the DORA compliance space, and the essential need for thorough and continuous training programmes.

    Key Takeaways

    1. Discover compelling real world examples of how compliance failures have led to significant fines for large organisations and why personal accountability at the boardroom level is becoming crucial.

    2. Learn how DORA and NIS2 regulations are evolving to include a risk based approach and are pushing for proportionality in implementing controls, shifting the focus from mere compliance to a truly risk-centric perspective.

    3. Find out about the new business opportunities that DORA presents for small and midsize players in the market, including offering compliance services and challenging large cloud providers. 

    The Era of Accountability in Management: 

    "Anybody can fill out a little compliance spreadsheet, oh, there we go tick, tick, tick, we're doing all that, it goes through. But those days are gone because you need to trust, verify everything, you need to get the evidence."

     Paul Dwyer


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Operational Resilience: Find out about fines and individual accountability for compliance failures under DORA and NIS2.

    - Governance Focus: We talk about increased attention on cybersecurity from governing bodies and the c-suite.

    - Risk Based Approach: Why the regulations’ emphasis is on proportional, risk centric controls over mere compliance.

    - Business Opportunities: Identifying opportunities for small and midsize players in offering compliance services against large cloud providers.

    - Regulatory Adaptability: Why we need DORA regulations to be adaptable to various organisational risks.

    - Training and Awareness: Addressing the crucial need for thorough DORA awareness programmes for all levels of staff, especially non-tech leaders.

    - Compliance Tools: Introducing tools like CyberPrism and AI-based solutions for assisting organisations in DORA compliance.

    - Information Sharing: Discussing the importance of peer-to-peer intelligence sharing and distinguishing it from mere information sharing.

    - Leadership Evolution: Emphasising the need for CISOs and other leaders to possess hybrid skills tying cybersecurity with business strategy and legal...

  • Unlock the secrets to successfully navigating the cybersecurity business landscape with insights from industry legend Jane Frankland on this episode of Razorwire.

    Welcome to Razorwire, I'm your host, Jim and in today’s episode, we have the privilege of discussing the intricacies of running a successful cybersecurity business with none other than Jane Frankland. With over 26 years in the industry, Jane has built and sold businesses, influenced trends and mentored the next generation of cybersecurity professionals. 

    In this episode, I chat with Jane Frankland about the challenges and most rewarding experiences of running a cybersecurity business. Jane tells us about her journey from the early days of cybersecurity in the 90s to becoming a prominent influencer and entrepreneur. We explore topics like managing growth, the shift towards freelance work and the importance of humility and mentorship in the industry. 

    3 Key Talking Points:

    1. Managing Business Growth: Jane shares her strategies for managing growth through the use of associates and outsourcing non-core functions. Learn how to scale your business efficiently while keeping your core operations robust.

    2. Navigating Industry Trends: We talk about the increasing amount of freelance work in information security, the importance of a reliable pool of pentesters and the risks of crowdsourced pentesting companies. Gain insight on how to adapt your business model to include evolving industry practices.

    3. The Role of Mentorship and Humility: Jane and I discuss why mentorship for young professionals is so important and the significance of humility in leadership. Discover why ditching egos and maintaining an approachable demeanour is crucial for building a successful cybersecurity business.

    Don't miss out on these pearls of wisdom from one of cybersecurity's most respected voices. 

    The Reality of Running a Business: 

    "You are literally flying by the seats in your pants and navigating your company, at the helm, which is very, very stressful. Very stressful. And yet it is exciting and it is fun."

     Jane Frankland


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Business Growth Strategies: Discussing the challenges and careful expansion required to grow a cybersecurity business.

    - Outsourcing and Associates: Managing growth by outsourcing non-core functions like marketing and accountancy and using associates.

    - Pentesting Workforce: The shift towards freelance pentesters and the challenges of maintaining a reliable pool of talent.

    - Revenue Diversification: The importance of diversifying revenue streams and adapting business focus to market changes.

    - Industry Egos: Addressing the rise of egos in the information security industry and the importance of humility.

    - Emotional and Mental Challenges: Exploring the emotional rollercoaster and loneliness experienced by business owners.

    - Mentorship and Support: Highlighting the importance of mentors and coaches for guidance, especially during the early stages of business.

    - Client Acquisition and Recruitment: The complexities of recruiting staff, especially pentesters and salespeople and the challenges of client acquisition.

    - Financial Management: The critical importance of managing finances accurately and the common pitfalls at the tax level.

    - Encouraging Young Talent: The significance of mentoring young professionals and actively supporting their entrance and growth in the cybersecurity industry.



    Other episodes you'll...
  • In a landscape where cyber attacks are constantly evolving, is your business insurance keeping pace?

    Welcome to another episode of Razorwire! I'm your host, Jim, and today we dive deep into the dynamic world of cyber insurance. Neil Hare-Brown and Matt Clark, two industry experts, are with us to share their wealth of knowledge and insights on how cyber insurance has changed to address today's security challenges. 

    In this episode, we cover the critical role of cyber insurance in modern security strategies, from mitigating the financial impact of cyber incidents to navigating the details of underwriting and premium setting. We also discuss the increasing trend of third party attacks and why companies must prioritise reviewing their vendors and suppliers. By the end of this episode, you'll have a clearer understanding of why cyber insurance is no longer a luxury but a necessity, and how you can leverage it to bolster your organisation's cyber resilience.

    Key Talking Points:

    1. Rising Costs and Frequent Threats: Neil explains why cyber insurance is crucial for mitigating significant financial impact of cyber crime.

    2. Underwriting and Premiums: Matt tells us how insurers use data and tools like ransomware calculators to set premiums and how businesses can proactively improve their cybersecurity posture.

    3. Vetting Third Party Vendors: We discuss why we must thoroughly assess third party providers, with insights into new insurance services and facilities aimed at helping businesses manage and recover from cyber incidents more effectively.

    Tune in to discover how cyber insurance can be an integral part of your organisation's defence strategy and ensure you're prepared for whatever comes your way.

    Cyber Risk Management: 

    "I think there is still quite a long way for businesses to go, for boards to appreciate that cyber risk management is not an operational problem."

     Neil Hare-Brown


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Impact of Cyber Incidents: How to accurately estimate the financial repercussions of cyber attacks.

    - Ransomware and Business Email Compromise: We discuss the current trend for ransomware and business email compromise, and how to protect your organisation from the increased frequency and severity of the attacks. 

    - Double Extortion and Data Breaches: The evolution of cyber threats which includes tactics like double extortion and significant reputational harm.

    - Using Data to Inform Insurance: How data from insured cyber events helps give risk insights for setting premiums.

    - Proactive Cyber Risk Management: Why it’s essential to have a cyber champion on the board.

    - Third Party Risks and Cyber Insurance: Third party attacks can severely impact businesses, highlighting the need for comprehensive cyber insurance.

    - Evolving Insurance Facilities: New offerings such as breach response services are becoming more accessible and affordable.

    - Post-Incident Actions: Breach experiences often lead companies to enhance cybersecurity measures and seek appropriate insurance coverage.

    - SMEs and Cybersecurity: Smaller enterprises struggle with maintaining effective cybersecurity processes and benefit greatly from cyber insurance.

    - Continuous Learning in Cybersecurity: Why we must continue to learn and evolve for effective cybersecurity strategies.





    Resources Mentioned
  • Unmask the reality of the information security world in this week's episode of Razorwire! Join me, Jim, and my guests, Chris Dawson and Iain Pye, as we talk about our daily frustrations working in infosec and the pressing issues facing cybersecurity professionals. We dissect the gripes, pet peeves and laughable clichĂ©s that saturate our industry.

    From the hype of award ceremonies to the absurdity of exaggerated credentials on LinkedIn, this conversation is packed with insights and anecdotes that will resonate with every cybersecurity professional. Stay tuned and subscribe for this candid look at the ups and downs of our industry.

    Key Talking Points:

    1. Real Talk on Compliance and Regulations: Discussing the hype around compliance requirements like GDPR and DORA, we break down the importance of understanding and managing these regulations without falling for marketing gimmicks.

    2. Vendor Exaggerations vs. Reality: Discussing the overblown claims around GDPR and DORA compliance and the serious implications for cybersecurity.

    3. Grandstanding Egos: The rise of self-proclaimed thought leaders and influencers and their role in fuelling fear, uncertainty and doubt within the infosec community.

    Tune in for a frank and entertaining discussion on the gritty realities of information security!

    The Struggles of Simplicity: 

    "Your average user will go out their way to circumnavigate the controls that you've put in place."

    Iain Pye


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Annoying Infosec Practices: This satirical podcast dives into some of the most irritating practices in the infosec industry.

    - Auditor Issues: The frustrations of dealing with auditors. Enough said.

    - Integrity at Work: We talk about significance of acting professionally in workplace settings.

    - Infosec Vendor Marketing: The creative license taken by vendor marketing departments and how to stay wise to exaggerations.

    - Risk Management Complexity: We talk about the overwhelming abundance of acronyms, and the importance of clear communication and documentation.

    - Compliance and Regulations: We look into the implications of compliance requirements such as GDPR and the upcoming DORA.

    - Exaggerated Professional Profiles: We lament the trend of elaborate and often exaggerated LinkedIn profile titles and qualifications.




    Resources Mentioned

    - The Cyber Sentinel’s Handbook

    - GDPR (General Data Protection Regulation)

    - DORA (Digital Operational Resilience Act)

    - LinkedIn

    - Chat GPT





    Other episodes you'll enjoy

    Preventing Burnout in Cyber Security

  • In this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network.

    In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices.

    Key Talking Points:

    1. Deception Tools and Strategy - Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions.

    2. Psychological Influence on Threat Actors - Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors.

    3. Real World Case Studies - We discuss impactful examples, including the NSA's deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts.

    Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity. 

    Deception 2.0: Envisioning the Future of Cybersecurity

    "So attackers believe the systems they're using because they've got no reason to believe the computer won't lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don't know what to trust and what not to trust?" Robert Black


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats.

    - Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers' speed and decision making.

    - Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies.

    - Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy.

    - A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy.

    - Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs.

    - Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence.

    - Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments.

    - Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers' behaviour.




    Guest...
  • Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. 

    Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.

    We discuss: 

    1. Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity.

    2. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean.

    3. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy.

    Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines.

    “We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense."

    David Higgins

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:

    - Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control.

    - Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust.

    - Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations.

    - Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments.

    - Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries.

    - Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively.

    - Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors.

    - The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response.

    - Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics.

    - Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures.



    GUEST BIODavid Higgins

    David is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with...

  • On this week's edition of the Razorwire podcast, Jim sits down with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy brings her unique entrepreneurial perspective from a non-traditional background, transitioning into cybersecurity.

    The conversation provides valuable insights for security leaders as Amy candidly discusses her innovative approach to security awareness training through immersive, gamified escape room experiences. She shares her views on critical issues facing the industry today, such as combating AI-enabled disinformation campaigns, addressing the cybersecurity workforce shortage driven by unrealistic job requirements and improving strategic communication between security teams and business executives.

    Amy's experiences building her company and developing engaging training programmes make for a compelling discussion. Security professionals will gain new insights into creative methods for better educating end users and elevating cybersecurity's importance across the organisation. Her frank opinions and fresh mindset provide a thought provoking perspective for security leaders navigating the evolving threat landscape.

    Key Talking Points

    1. Innovative Security Training: Discover how Amy's company uses escape room experiences to teach important cybersecurity concepts, from phishing to insider threats, making learning engaging and memorable.

    2. Changing Threat Landscapes: Hear about the impact of ransomware on businesses big and small, the evolution of insider risks and how AI is shaping the future of information security.

    3. The Human Element in Cybersecurity: Gain insight into the importance of strategic leadership in cybersecurity roles and how businesses can navigate the challenges of educating teams and customers about the growing complexity of threats.

    Tune in for a fascinating discussion that sheds light on new methods of strengthening cybersecurity awareness and the vital role human factors play in protecting our digital worlds.

    "I don't know many people that proactively undertake security awareness training, you know, sitting watching videos and animations and all that kind of thing. I genuinely don't know anyone that does that as a hobby, but I think it's something that's super important."

    Amy Stokes-Waters


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Cybersecurity Awareness via Escape Rooms: How immersive escape room experiences can be more beneficial than traditional methods utilised in cybersecurity education.

    - Insider Risk Management: Overcoming the challenges businesses face from internal threats and the risks of employees being exploited by ransomware attackers.

    - Impact of Cloud Migration on Security: How the shift to cloud computing during the lockdown affected the security of supply chains.

    - Artificial Intelligence and Disinformation: The dangers of AI in creating and spreading disinformation in geopolitical contexts and its potential risks in cybersecurity.

    - Cybersecurity in Small Businesses: We discuss the vulnerability of small businesses as integral parts of larger supply chains and the specific security challenges they face.

    - Career Reflections and Advice: Insights on personal growth in the cybersecurity field and the importance of reflecting on one’s mistakes and learning from them.

    - Evolving Role of CISOs: How the role of Chief Information Security Officers is changing.

    - Legal and Regulatory Aspects in Cybersecurity: Discussion on the emergence of cyber law, the importance of effective communication during security...

  • Welcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion.

    Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. 

    Key Talking Points

    Personal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation.

    Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate.

    -Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout.

    Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people.

    Embracing Failure for Cybersecurity Improvement: 

    "We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’"

    Yanya Viskovich


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises.


    - Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers.


    - Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure.


    - Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation.


    - Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals.


    - Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic.


    - Power of Recognition: We...

  • Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.

    In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!

    Key Talking Points:

    1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.

    2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.

    3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.

    For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.

    “I did get some positive reactions from people in the industry, but I also got an email from someone in the industry 
 with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” 

    - Jack Jones


    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


    In this episode, we covered the following topics:

    - Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.

      

    - Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.

      

    - Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.

      

    - Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.

      

    - Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the...

  • Welcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. 

    Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. 

    Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. 

    Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you.

    Key Talking Points:

    1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts.

    2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach.

    3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board.

    Don’t miss out on this candid and informative discussion. 

    "There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there."

    Oliver Rochford

    Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

    In this episode, we covered the following topics:

    - Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain.

    - Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions.

    - Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector.

    - Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals.

    - Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals

    - Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios.

    - Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness.

    - Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement.

    Resources Mentioned