Razorwire Cyber Security Insights

• What Actually Works in Cybersecurity (And What Doesn't)

  Are you making career moves in cybersecurity or is cybersecurity making moves around you?Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.Summary:Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.Key Talking Points:The Truth About Career Pathways:We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.Security Culture and Human Factors:We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.AI, Emerging Threats and Resilience:Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.The Future of AI in Software Development: “Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”Marius PoskusListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why

  --------  

  41:06

  --------

  41:06
• The Hidden Costs of Security Stack Consolidation (That Vendors Don't Mention)

  Is your security stack making you safer or just adding to the chaos?Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.Three key reasons to listen:“Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.Welcome to the Future: Solving Problems, Not Just Selling Tools"If you're coming to market, remember the product is only half the game.Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it. If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds...

  --------  

  48:15

  --------

  48:15
• The Psychological Toll of Working in Cybersecurity - When You Can't Unsee What You've Seen

  Are you prepared for the psychological toll that comes with handling disturbing content in the cybersecurity world?Welcome to Razorwire, where today we’re exploring into the realities behind a career in cyber, from technical warfare to the often-overlooked human cost. In this episode, I’m joined by therapist and consultant Eve Parmiter to examine the real psychological impact of repeated exposure to distressing material that many of us face during incident investigations, content moderation and threat research.Eve draws on her background in trauma therapy and real-world experiences both inside and outside of cybersecurity. Together, we discuss why even seasoned professionals struggle to talk about their experiences, how secondary trauma manifests in our daily lives and what can actually help in environments that don’t provide enough support.If you've ever had to investigate colleagues, review disturbing material, or make impossible decisions under pressure, this conversation will resonate. We don't shy away from hard truths, but we do focus on practical ways to build resilience and find some measure of satisfaction in doing the right thing - even when it's difficult.In this episode:1. Understand the true impact of secondary trauma in cyber roles.We break down the difference between stress, burnout and trauma specific to cybersecurity professions, exploring how exposure to disturbing content changes your outlook - and why it’s not a personal weakness.2. Learn why most pros don’t talk about their struggles and how to break the silence.Eve explains why lacking the right language keeps many from processing what they experience and offers insight into building peer support systems and practical organisational responses.3. Discover tested strategies for coping and recovery.You’ll leave with actionable advice straight from the worlds of therapy and cyber on how to protect yourself, when to seek help and the importance of cultivating supportive communities.Tune in for a genuine, valuable discussion that puts the mental health of cybersecurity professionals front and centre and find out how to make a tough job more sustainable for yourself and your team.Why Self Care Isn't Enough for Trauma"You can't self care your way out of trauma. There is no amount of bubble baths or ice baths that are going to remove certain images or certain experiences."Eve ParmiterListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Psychological Impact of Difficult Materials. Why exposure to traumatic or distressing digital content leads to anxiety, depression and long term negative outlooks.Challenges Discussing Trauma in Cybersecurity. How professionals can overcome their reluctance to discuss experiences when they lack the language or organisational support.Primary vs Secondary Traumatic Stress. Learn how to identify when direct and indirect exposure to disturbing content creates real psychological effects that often resemble PTSD.Addressing Vicarious Trauma and Worldview Shifts. How to cope when repeatedly witnessing other people's trauma changes how you perceive the world and interact with your environment.Moral Distress and Injury in Decision Making. Find out how to manage situations where you face ethical dilemmas...

  --------  

  57:20

  --------

  57:20
• Hacking AI: The Risks for Businesses

  Understanding AI security threats before they become your next crisisOn this episode of Razorwire, I explore the emerging frontier of AI security with leading experts Jonathan Care and Martin Voelk. We examine the latest risks, show you how adversaries are exploiting AI systems and share practical advice for professionals working with these rapidly advancing technologies.We move past the marketing speak to reveal how attackers are using generative AI, what it really takes to test these complex systems and what the rise of agentic, self-operating AI means for defenders. Security leaders, penetration testers and anyone implementing business technology need to understand these threats before committing to new AI solutions.This conversation addresses real incidents, examines practical realities and highlights why many enterprises are dangerously unprepared for what's ahead in AI security.Key TopicsInside the Mind of the Attacker: Learn how both ethical hackers and financially motivated criminals are already using AI to automate attacks, spread misinformation and create new vulnerabilities. Martin and Jonathan share examples of prompt injection, data poisoning and “model jailbreaking” - all tactics reshaping the cyber threat landscape right now.Pen Testing AI: What’s Different and What’s Still the Same: Go behind the scenes with insights into penetration testing for large language models and agentic AI. The episode discusses fresh attack surfaces, why classic testing skills are still vital and the new OWASP Top 10 for LLMs. If you’re considering buying AI-powered tools, take away concrete advice on how to stress-test these systems before attackers do.Business Risk, Legal Headaches and What to Demand from Vendors: With AI now touching everything from customer bots giving dodgy medical advice to autonomous agents able to cause chaos, the conversation gives practical advice about reputational, legal and operational risks. Listen for the must-ask questions every business should take to their vendors as well as new regulatory requirements that mean robust AI testing can’t be left as an afterthought.If you want to stay ahead of AI and cybersecurity developments and avoid building tomorrow's biggest headache, this episode is essential listening.AI Model Bias Debate: " 77% of enterprises are reporting at least one AI related security incident. 62% of enterprises lack any dedicated testing programme.”Jonathan CareListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Test Your AI Before Attackers Do - With 77% of enterprises already hit by AI security incidents but 62% lacking testing programmes, discover what specific vulnerabilities to check for and how to implement proper AI red teaming.Stop AI Hallucinations From Damaging Your Business - Understand how AI systems fabricate information and create legal liability, plus practical steps to identify and mitigate these risks before they affect customers or operations.Protect Against Medical and Legal AI Disasters - Learn from real cases where AI gave dangerous advice and created legal obligations, including what liability questions you need to address with vendors and internal teams.Secure Agentic AI That Can Take Real Actions - Discover why AI agents that can invoke APIs, modify data

  --------  

  56:28

  --------

  56:28
• Streamlining the Compliance Journey - An End-to-End Approach

  Is your compliance strategy making life easier or just adding more chaos?Welcome to Razorwire, where we take you to the heart of cybersecurity with voices that have seen it all. I’m Jim, your host and in this episode, I’m joined by Martin Davies (Audit Alliance Manager at Drata) and Patrick Sullivan (VP of Strategy and Innovation at A-LIGN). Together, we explore how to cut the compliance overhead, eliminate duplication across multiple frameworks and turn compliance into a competitive advantage that actually speeds up sales cycles.Compliance is rarely anyone’s favourite topic, yet it’s unavoidable and organisations are under more pressure than ever to do it well. We explore why compliance keeps getting more complex, what’s actually driving value and how the right blend of people, processes and technology can transform it from a painful cost centre into a genuine strategic asset.Key topics:Cutting Compliance Overhead: Discover practical ways to avoid duplication of effort, map overlapping controls across frameworks and use technology to bring order to compliance chaos.Compliance as a Value Generator, Not Just a Cost: Hear real world perspectives on shifting the mindset around compliance, from being a necessary evil to a competitive differentiator that can support new business, speed up sales cycles and add commercial value.The Road Ahead: Continuous Monitoring and Emerging Pressures: Explore the shift from annual audits to ongoing assurance, the impact of AI on compliance frameworks and the new reality of management liability in regulations like DORA and NIS2.If you’re ready to rethink compliance and turn it into a source of strategic advantage, this is an episode you won’t want to miss.On duplication of effort: "The words ‘compliance overhead’ - when I hear that, I hear duplication of effort. If someone's doing the same control twice, that's objectively a bad thing." Martin DaviesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:How to tackle the complexity of compliance - Understand why compliance requirements keep growing and discover strategies for managing multiple frameworks without getting overwhelmed.How to turn compliance from cost centre to value generator - Learn practical approaches for positioning compliance as a competitive advantage that can speed up sales cycles and create business value.Practical ways to streamline your compliance processes - Discover methods to eliminate duplication of effort, reduce time waste and support more agile business operations.How to identify and eliminate overlap across frameworks - Learn techniques for mapping overlapping standards and consolidating controls to avoid doing the same work twice.How to leverage technology and GRC tools effectively - Understand how platforms like Drata can transform evidence management, reduce audit stress and bring order to compliance chaos.What auditors actually look for during assessments - Learn why auditors focus on intent and sound processes rather than box-ticking, and how to prepare effectively for audits.When to shift from annual to continuous monitoring -...

  --------  

  58:15

  --------

  58:15

More Business podcasts

Trending Business podcasts

About Razorwire Cyber Security Insights