Razorwire Cyber Security

• Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?

  Six months into DORA's implementation, what's actually happening in financial services organisations?Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced.Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.Key Talking Points:From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.On the accountability gap in third party risk:"Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore."Romain DeslorieuxListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists. Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions. Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands. The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of...

  --------  

  56:22

  --------

  56:22
• NHS Cybersecurity Crisis: Who is Actually Protecting Your Medical Records?

  Welcome to Razorwire, where we examine the realities facing cybersecurity professionals on the front lines of digital defence.In this episode, I am joined by Rob Priest, a former NHS insider with 24 years of experience, and returning co-host Richard Cassidy to expose the cybersecurity crisis gripping Britain's healthcare system. From WannaCry's devastating impact to recent ransomware attacks on children's hospitals, our experts reveal why the NHS remains a prime target for cybercriminals despite years of warnings and government promises.Rob shares insights from his transition from running around hospital corridors with paper records to witnessing sophisticated nation-state attacks that can cripple entire trust networks for months. Richard brings his unique perspective as both a cybersecurity professional and working paramedic who experienced firsthand how cyber attacks paralyse emergency services when systems go dark.Whether you're a healthcare professional worried about patient safety, a cybersecurity expert trying to understand why healthcare remains so vulnerable, or a concerned citizen wondering why your medical data isn't better protected, this conversation cuts through the political rhetoric to examine what's actually happening behind NHS firewalls.Tune in for an unvarnished look at legacy systems running on Windows 95, the shortage of qualified CISOs across 213 NHS trusts and why the government's latest cybersecurity mandates might create more problems than they solve.Listen in for:The Hidden Fallout of Cyber Attacks on Patient Care - Understand the cascading impact that ransomware and outages have, not just on IT, but on clinicians, paramedics and everyday patient outcomes. Rob shares first-hand accounts of real NHS incidents and why cyber breaches are, at their core, clinical emergencies.Why Legacy Tech and Fragmented Leadership Leave Us Exposed - Hear why outdated, unsupported systems and a chronic lack of cyber leadership make true resilience so tough in large NHS trusts. We unpack the disconnect between government strategy, local implementation and real world risk.Practical Steps (and Missed Opportunities) for NHS Cyber Resilience - Explore what actually works, from playbooks and clinical 'huddles' to the role of centralised threat intelligence - and where policy too often lags behind reality. If you want to know how to prioritise resilience amid chronic uncertainty, this episode is essential listening.Get ready for a grounded discussion that blends expert perspective with genuine NHS war stories - plus candid thoughts on what really needs to change.On learning from cyber incidents before they happen: "Organisations that understand the impacts of events the best are the ones that have actually gone through it. My question is: does that have to be the case?"Rob Priest, RubrikListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Understanding Escalating Cyber Threats to the NHS - Learn how nation-state actors and cybercriminals are targeting NHS organisations through supply chain weaknesses and vulnerable digital infrastructure. Recognising Legacy Technology and Technical Debt Challenges - Discover why outdated IT systems and unsupported medical devices create persistent security challenges and make patching complex and...

  --------  

  55:54

  --------

  55:54
• How Do You Safeguard AI When Development Outpaces Security? With Ante Gojsalić - SplxAI

  Can we secure generative AI before it outpaces our ability to defend it?Welcome back to Razorwire, where we have our finger on the pulse of cybersecurity’s most urgent dilemmas and future threats. I’m your host, Jim and in this episode, I sit down with Ante Gojsalić, CTO and co-founder of SplxAI, to unpick the tangled challenges of securing the next wave of generative AI before it becomes too integrated, too complex and too risky to control.Generative AI is reshaping everything from business operations to personal lives, but the race to capitalise on its potential leaves us with difficult questions. Are we allowing technological progress to sprint ahead of security? Is anyone putting robust protections at the heart of these new AI systems? Ante shares stories from the frontlines - explaining why both East and West are taking wildly different approaches, why securing AI isn’t as simple as plugging in a new tool and how the real vulnerabilities lie hidden in the everyday systems we’re already beginning to trust.Three key talking points to listen out for:Why securing AI is fundamentally different - and harder - than traditional IT - Ante shares real scenarios where the unpredictable, fast-evolving nature of large language models means old school security techniques simply can’t keep pace. Find out why continuous testing, automation and security-by-design are more critical than ever.Hidden risks as AI agents take on human-like roles in business - We explore where the most pressing security gaps lie as AI agents begin to make decisions, handle confidential data and even manipulate users. Learn how attackers are already exploiting these systems - and what steps organisations can take to avoid catastrophic mistakes.The battle between business priorities and security fundamentals -Hear our thoughts on why commercial pressure and the quest for innovation often override basic security and discover hands on, pragmatic advice for leaders aiming to bake security into AI projects from day one - before it’s too late.Whether you’re a CISO, an AI developer or a cyber strategist, this episode of Razorwire will arm you with practical insights and hard-won lessons on defending against the unknowns of AI.Why Continuous Security Testing Is Essential: "So imagine you do the security evaluation [of AI] on day one, then they change it a hundred times and you don't do another pen test. It's not relevant anymore. So, yeah, the continuous thing is important. Automation is important. And with AI, which is non-deterministic and which is still very changeable day by day, it's different than web security or API security… It's just unstable."- Ante Gojsalić, on why traditional security approaches fail with AI systemsListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Rise of Generative AI - Understand what generative AI actually is and how to assess its rapidly expanding applications within your organisation's threat landscape. Global AI Arms Race - Learn how different regional approaches to AI development affect your security strategy and vendor selection decisions. Security vs Speed in AI Development - Discover practical ways to balance innovation pressure with security requirements without stifling business growth. Emerging Threats to AI Systems - Identify specific...

  --------  

  46:11

  --------

  46:11
• How To Get Your Staff to Actually Care About Cybersecurity

  Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.In this episode, James Rees is joined by security awareness specialists Amy Stokes-Waters and Jemma to dismantle outdated approaches to security training. From click-through fatigue to the critical importance of culture change, our experts explore why traditional computer-based training fails to make organisations truly secure.Listen as Amy and Jemma share their expertise on transforming security awareness from a box-ticking exercise into meaningful behaviour change. Their refreshingly honest assessment of the "80% compliance myth" and why focusing on business impact rather than personal consequences undermines effectiveness will have security professionals nodding in recognition.Whether you're a CISO struggling with training completion rates, an IT professional tired of being ignored, or someone who's repeatedly clicked "next" through mandatory security modules wondering if there's a better way, this conversation offers practical alternatives to the stale CBT approach that dominates the industry.Tune in for a candid discussion that feels like eavesdropping on three security professionals brainstorming how to fix what's broken in security awareness while acknowledging the realities of human behaviour.3 Key Talking Points:Why Traditional Security Training Fails Everyone Discover the fundamental flaws in conventional security awareness approaches that waste both time and budgets. When Amy reveals that "less than 1% [of IT budgets] is spent on humans" while "95% of incidents are caused by humans," you'll understand why throwing money at technical solutions while neglecting human factors is a losing strategy. Listen for actionable insights on avoiding the compliance trap that leaves organisations vulnerable despite ticking all the regulatory boxes.The McDonald's Approach to Security Awareness Learn why successful security awareness should mirror effective marketing campaigns rather than dreaded annual training sessions. Our experts break down how security teams should adopt McDonald's persistent, multi-channel strategy instead of expecting one-off sessions to change behaviour. You'll gain practical strategies for implementing "security by osmosis" that keeps protective measures visible and top-of-mind without creating training fatigue or resistance.Measuring What Actually Matters Transform how you evaluate security awareness effectiveness with metrics that genuinely reflect improved security. When Jemma dismantles the "80% of people scored 80%" myth, you'll understand why completion rates and phishing test results fail to indicate real security improvements. Listen for concrete guidance on tracking meaningful engagement metrics like security team contact, proactive reporting, and actual incident reduction that demonstrate true cultural change rather than superficial compliance."What a lot of people are doing is security training for compliance, but they're not actually doing anything around the culture. They're hitting the compliance metrics. Brilliant. But the actual culture of the organization is still inherently insecure."- Amy Stokes-Waters, on the difference between compliance and cultural changeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Budget Reality Check: Learn why organisations spending less than 1% of IT budgets on human factors whilst 95% of incidents are...

  --------  

  39:45

  --------

  39:45
• Security Gone Mad: The Fine Art of Overdoing It

  Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.In this brilliantly unfiltered episode, we're joined by security professionals Iain Pye and Chris Dawson for a no-holds-barred discussion about security measures that cross the line from prudent to preposterous. From biometric authentication dilemmas to the maddening theatre of airport security, our experts dissect the fine balance between protecting assets and actually getting things done.Listen as Chris and Iain lock horns on what constitutes "reasonable" security, with Chris arguing for Fort Knox-level protection while Iain advocates for practicality, whilst your host Jim attempts to referee. Their real-world examples of security absurdity, including trapping thieves in revolving doors and putting warning signs in car parks, will have you nodding in recognition or shaking your head in disbelief.Whether you're a battle-scarred security professional or maybe just someone who's stood impatiently in endless security queues wondering why your belt buckle is suddenly a threat to national security, this conversation offers both genuine insight and proper laughs about the sometimes bizarre world of overzealous security controls.Tune in for a refreshingly honest chat that feels like overhearing three security experts having a pint down the pub whilst debating the madness that sometimes defines our industry.3 Key Talking Points:The Security vs Practicality TightropeListen as our experts dissect the eternal balancing act between locked-down security and business functionality. When Chris boldly claims he'd implement "seven layers of security" for critical infrastructure while Iain argues for practicality, you'll gain valuable perspective on finding that sweet spot where protection doesn't become paralysis.The Psychology Behind Security ResistanceDiscover why people willingly hand over biometric data to tech giants yet baulk at the same requests from employers. Our conversation uncovers the fascinating psychological disconnect between consumer and corporate security acceptance, offering insights you can apply immediately to your own security implementation strategies.Beyond Bureaucracy: When Risk Management Goes WrongExperience the painful yet hilarious reality of security bureaucracy gone mad, from needless warning signs in car parks to the absurdity of airport security theatre. You'll leave with a clearer understanding of how to champion meaningful security measures while avoiding the trap of controls that exist merely to tick compliance boxes."Information security professionals the world over, in various different cultures and various different parts of the world have had the words echoing through the halls: ‘Isn't that a bit much?’"- James Rees, Razorthorn SecurityListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Finding the Balance: Discover how to navigate the tension between robust security measures and practical business operations without alienating your colleaguesBiometric Backlash: Understand why people readily surrender their biometrics to tech giants but resist providing the same data to employersSecurity Theatre: Learn to identify when security measures serve more as performance than protection, particularly in public spaces like airportsRisk Management Revelations: Gain insights into creating...

  --------  

  41:41

  --------

  41:41

More Business podcasts

Trending Business podcasts

About Razorwire Cyber Security