Razorwire Cyber Security

• Human Risk Intelligence: Is Behavioural Data the New Defence?

  How do we measure and manage the human element of cyber risk beyond technology and basic security training?Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.3 Key Talking Points:Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.On Moving Beyond Traditional Training: "Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."Flavius PlesuListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.Accidental vs....

  --------  

  38:01

  --------

  38:01
• Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?

  Six months into DORA's implementation, what's actually happening in financial services organisations?Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced.Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.Key Talking Points:From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.On the accountability gap in third party risk:"Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore."Romain DeslorieuxListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists. Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions. Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands. The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of...

  --------  

  56:22

  --------

  56:22
• NHS Cybersecurity Crisis: Who is Actually Protecting Your Medical Records?

  Welcome to Razorwire, where we examine the realities facing cybersecurity professionals on the front lines of digital defence.In this episode, I am joined by Rob Priest, a former NHS insider with 24 years of experience, and returning co-host Richard Cassidy to expose the cybersecurity crisis gripping Britain's healthcare system. From WannaCry's devastating impact to recent ransomware attacks on children's hospitals, our experts reveal why the NHS remains a prime target for cybercriminals despite years of warnings and government promises.Rob shares insights from his transition from running around hospital corridors with paper records to witnessing sophisticated nation-state attacks that can cripple entire trust networks for months. Richard brings his unique perspective as both a cybersecurity professional and working paramedic who experienced firsthand how cyber attacks paralyse emergency services when systems go dark.Whether you're a healthcare professional worried about patient safety, a cybersecurity expert trying to understand why healthcare remains so vulnerable, or a concerned citizen wondering why your medical data isn't better protected, this conversation cuts through the political rhetoric to examine what's actually happening behind NHS firewalls.Tune in for an unvarnished look at legacy systems running on Windows 95, the shortage of qualified CISOs across 213 NHS trusts and why the government's latest cybersecurity mandates might create more problems than they solve.Listen in for:The Hidden Fallout of Cyber Attacks on Patient Care - Understand the cascading impact that ransomware and outages have, not just on IT, but on clinicians, paramedics and everyday patient outcomes. Rob shares first-hand accounts of real NHS incidents and why cyber breaches are, at their core, clinical emergencies.Why Legacy Tech and Fragmented Leadership Leave Us Exposed - Hear why outdated, unsupported systems and a chronic lack of cyber leadership make true resilience so tough in large NHS trusts. We unpack the disconnect between government strategy, local implementation and real world risk.Practical Steps (and Missed Opportunities) for NHS Cyber Resilience - Explore what actually works, from playbooks and clinical 'huddles' to the role of centralised threat intelligence - and where policy too often lags behind reality. If you want to know how to prioritise resilience amid chronic uncertainty, this episode is essential listening.Get ready for a grounded discussion that blends expert perspective with genuine NHS war stories - plus candid thoughts on what really needs to change.On learning from cyber incidents before they happen: "Organisations that understand the impacts of events the best are the ones that have actually gone through it. My question is: does that have to be the case?"Rob Priest, RubrikListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Escalating Cyber Threats to the NHS - Learn how nation-state actors and cybercriminals are targeting NHS organisations through supply chain weaknesses and vulnerable digital infrastructure. Recognising Legacy Technology and Technical Debt Challenges - Discover why outdated IT systems and unsupported medical devices create persistent security challenges and make patching complex and...

  --------  

  55:54

  --------

  55:54
• How Do You Safeguard AI When Development Outpaces Security? With Ante Gojsalić - SplxAI

  Can we secure generative AI before it outpaces our ability to defend it?Welcome back to Razorwire, where we have our finger on the pulse of cybersecurity’s most urgent dilemmas and future threats. I’m your host, Jim and in this episode, I sit down with Ante Gojsalić, CTO and co-founder of SplxAI, to unpick the tangled challenges of securing the next wave of generative AI before it becomes too integrated, too complex and too risky to control.Generative AI is reshaping everything from business operations to personal lives, but the race to capitalise on its potential leaves us with difficult questions. Are we allowing technological progress to sprint ahead of security? Is anyone putting robust protections at the heart of these new AI systems? Ante shares stories from the frontlines - explaining why both East and West are taking wildly different approaches, why securing AI isn’t as simple as plugging in a new tool and how the real vulnerabilities lie hidden in the everyday systems we’re already beginning to trust.Three key talking points to listen out for:Why securing AI is fundamentally different - and harder - than traditional IT - Ante shares real scenarios where the unpredictable, fast-evolving nature of large language models means old school security techniques simply can’t keep pace. Find out why continuous testing, automation and security-by-design are more critical than ever.Hidden risks as AI agents take on human-like roles in business - We explore where the most pressing security gaps lie as AI agents begin to make decisions, handle confidential data and even manipulate users. Learn how attackers are already exploiting these systems - and what steps organisations can take to avoid catastrophic mistakes.The battle between business priorities and security fundamentals -Hear our thoughts on why commercial pressure and the quest for innovation often override basic security and discover hands on, pragmatic advice for leaders aiming to bake security into AI projects from day one - before it’s too late.Whether you’re a CISO, an AI developer or a cyber strategist, this episode of Razorwire will arm you with practical insights and hard-won lessons on defending against the unknowns of AI.Why Continuous Security Testing Is Essential: "So imagine you do the security evaluation [of AI] on day one, then they change it a hundred times and you don't do another pen test. It's not relevant anymore. So, yeah, the continuous thing is important. Automation is important. And with AI, which is non-deterministic and which is still very changeable day by day, it's different than web security or API security… It's just unstable."- Ante Gojsalić, on why traditional security approaches fail with AI systemsListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Rise of Generative AI - Understand what generative AI actually is and how to assess its rapidly expanding applications within your organisation's threat landscape. Global AI Arms Race - Learn how different regional approaches to AI development affect your security strategy and vendor selection decisions. Security vs Speed in AI Development - Discover practical ways to balance innovation pressure with security requirements without stifling business growth. Emerging Threats to AI Systems - Identify specific...

  --------  

  46:11

  --------

  46:11
• How To Get Your Staff to Actually Care About Cybersecurity

  Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.In this episode, James Rees is joined by security awareness specialists Amy Stokes-Waters and Jemma to dismantle outdated approaches to security training. From click-through fatigue to the critical importance of culture change, our experts explore why traditional computer-based training fails to make organisations truly secure.Listen as Amy and Jemma share their expertise on transforming security awareness from a box-ticking exercise into meaningful behaviour change. Their refreshingly honest assessment of the "80% compliance myth" and why focusing on business impact rather than personal consequences undermines effectiveness will have security professionals nodding in recognition.Whether you're a CISO struggling with training completion rates, an IT professional tired of being ignored, or someone who's repeatedly clicked "next" through mandatory security modules wondering if there's a better way, this conversation offers practical alternatives to the stale CBT approach that dominates the industry.Tune in for a candid discussion that feels like eavesdropping on three security professionals brainstorming how to fix what's broken in security awareness while acknowledging the realities of human behaviour.3 Key Talking Points:Why Traditional Security Training Fails Everyone Discover the fundamental flaws in conventional security awareness approaches that waste both time and budgets. When Amy reveals that "less than 1% [of IT budgets] is spent on humans" while "95% of incidents are caused by humans," you'll understand why throwing money at technical solutions while neglecting human factors is a losing strategy. Listen for actionable insights on avoiding the compliance trap that leaves organisations vulnerable despite ticking all the regulatory boxes.The McDonald's Approach to Security Awareness Learn why successful security awareness should mirror effective marketing campaigns rather than dreaded annual training sessions. Our experts break down how security teams should adopt McDonald's persistent, multi-channel strategy instead of expecting one-off sessions to change behaviour. You'll gain practical strategies for implementing "security by osmosis" that keeps protective measures visible and top-of-mind without creating training fatigue or resistance.Measuring What Actually Matters Transform how you evaluate security awareness effectiveness with metrics that genuinely reflect improved security. When Jemma dismantles the "80% of people scored 80%" myth, you'll understand why completion rates and phishing test results fail to indicate real security improvements. Listen for concrete guidance on tracking meaningful engagement metrics like security team contact, proactive reporting, and actual incident reduction that demonstrate true cultural change rather than superficial compliance."What a lot of people are doing is security training for compliance, but they're not actually doing anything around the culture. They're hitting the compliance metrics. Brilliant. But the actual culture of the organization is still inherently insecure."- Amy Stokes-Waters, on the difference between compliance and cultural changeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Budget Reality Check: Learn why organisations spending less than 1% of IT budgets on human factors whilst 95% of incidents are...

  --------  

  39:45

  --------

  39:45

More Business podcasts

Trending Business podcasts

About Razorwire Cyber Security