Razorwire Cyber Security & InfoSec Insights Titelbild

Razorwire Cyber Security & InfoSec Insights

Razorwire Cyber Security & InfoSec Insights

Von: Razorthorn Security | Cybersecurity & InfoSec
Jetzt kostenlos hören, ohne Abo

Über diesen Titel

 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement. Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development. James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience. The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it. For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.Copyright 2026 Razorthorn Security | Cybersecurity & InfoSec Erfolg im Beruf Politik & Regierungen Ökonomie
Folgen
  • The Rise of CTEM - Why AI Demands a New Approach to Security

    The Rise of CTEM - Why AI Demands a New Approach to Security
    Apr 8 2026
    What happens when your organisation adopts AI faster than your security strategy can keep up?Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, I'm joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst covering the intersection of AI, cybersecurity and identity.We started out planning to talk about the rise of CTEM (Continuous Threat Exposure Management) and why traditional pentesting and vulnerability scanning can't keep up anymore. But the conversation quickly went further than that, into the real security risks of AI agents, prompt injection, vibe coding and the speed at which organisations are adopting AI without thinking about what happens when it goes wrong. Martin shares examples from his red teaming work of how AI agents can be tricked into exfiltrating data and executing malicious code, Jonathan makes the case for why identity needs to become a first class attack surface in any CTEM programme; and all three of us end up genuinely concerned about what happens when CISOs are expected to govern technology that's moving faster than anyone can keep up with. This one ended up not going quite as planned, and it's all the better for it.Three key talking points:Why traditional security testing can't keep up with AI and agent-driven attacks: Annual pentests and periodic vulnerability scans were built for a world where things changed slowly. Martin and Jonathan explain why that model is no longer suitable when new AI vulnerabilities are emerging daily, most of them without a CVE number attached, and why CTEM as a continuous programme rather than a one-off exercise is becoming essential.How prompt injection and invisible exploits are rewriting the rules of risk: Martin shares examples from his red teaming work where AI agents were tricked into exfiltrating data through a fake spellchecker and downloading malicious code disguised as a support tool. He and Jonathan discuss why prompt injections are so difficult to defend against, how they can be hidden in emails, PDFs, code and even voice, and why traditional security tools don't detect them.What CISOs and tech leaders must face as responsibility and risk escalate: Organisations are adopting AI faster than security teams can govern it, and CISOs are caught between being seen as obstructionist if they slow things down or negligent if they let things through. Jonathan and Martin get into the legal grey areas around who's responsible when an AI agent causes harm and why the lack of clear legislation makes this even harder to navigate.If your organisation is adopting AI and your security model hasn't changed to match, this is a conversation worth listening to. On why traditional security testing no longer works:“You have new releases and new technology popping up almost on a daily basis. And you have vulnerabilities popping up on a daily basis as well. The traditional model we have in place with regular penetration testing, once every three months, once every year, that doesn't cut it anymore.”Martin VoelkListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Acceleration of AI Adoption Find out why organisations are pushing AI adoption at a pace that's leaving security teams behind and why the pressure from upper management to automate is creating serious blind spots.Continuous Threat Exposure Management (CTEM) Evolution Learn why CTEM is a programme not a product, how it differs from traditional vulnerability management and why it focuses on what an attacker can actually exploit right now rather than theoretical CVE scores.Limitations of Traditional Security Testing Understand why annual pentests and periodic vulnerability scans were built for a different era and why they can't keep up with a landscape where new AI vulnerabilities emerge daily.The Changing Nature of Exploits Discover why many of the attacks hitting AI systems don't have a CVE associated with them at all, and why the traditional model of scoring and prioritising vulnerabilities is falling short.Prompt Injection Risks Learn how prompt injections work, why they can be embedded in almost anything from emails and PDFs to code comments and voice, and why they're so difficult to defend against compared to traditional injection attacks.Agentic AI and Chained Attacks Find out why compromising a single AI agent in an orchestrated system can have a knock-on effect across the entire ecosystem, and why the blast radius is far greater than with traditional vulnerabilities.Visibility and Explainability Understand why maintaining oversight of AI systems matters, why security teams risk rubber-stamping AI-driven decisions they don't fully understand and why explainability is becoming a critical requirement.Supply Chain and ...
    Mehr anzeigen Weniger anzeigen
    57 Min.
  • All the Gear and No Idea: What's Actually Going Wrong in Security with Gary Hibberd

    All the Gear and No Idea: What's Actually Going Wrong in Security with Gary Hibberd
    Mar 25 2026
    The industry is full of people making security sound complicated so they can sell you the fix. Gary Hibberd and Jim talk about what actually works in cybersecurity.Welcome to Razorwire, where we bring you directly into honest conversations with the minds shaping our industry. I’m your host, Jim, and in this episode, I sit down with Gary Hibberd, co-founder of Consultants Like Us and a veteran of the security, data protection and privacy world.We talk about why so many organisations pour money into security tools and chase compliance without doing the real work underneath, and why it still leaves them exposed. Gary makes the case that one of the biggest security challenges right now is simply speed, that people and organisations are moving too fast to think clearly, and that slowing down is one of the most effective things you can do. We discuss where the industry is heading, why the focus needs to shift from cybersecurity as a purely technical discipline towards genuine organisational resilience and what it takes to cut through the noise of influencers and vendors selling quick fixes that don't exist.We also get into the challenges facing people newer to the industry who are trying to work out who to listen to, why communication and understanding risk matter just as much as technical skills, and why owning your place at the boardroom table is something the security community still needs to get better at.Key Talking Points:Why technical tools and frameworks aren't enough: Gary uses his marathon analogy to explain the issues with buying security kit without doing the work underneath. He and Jim share examples from the field and discuss why leadership and commitment matter more than the software you’ve bought.Beyond cybersecurity: why organisational resilience is the real goal: If your organisation treats security as a purely technical problem, it's missing the bigger picture. Gary and Jim make the case for why the industry needs to move beyond siloed thinking and start building genuine organisational resilience, and what that actually looks like in practice.How to avoid security "false prophets" and spot real expertise: Gary talks about the rise of influencers selling easy compliance that doesn't exist, from GDPR vendors promising a magic fix to people with big platforms and limited experience. He and Jim discuss what to look for in trustworthy voices and why critical thinking still matters more than following whoever shouts the loudest.Join us for an episode filled with real-world insights, practical takeaways, and a reminder that believing in yourself, and your value at the table, is the ultimate career defence.On why products alone won't protect you:"People go, oh, I've got IDS, I've got a SOC, I've got SIEM, I've got this platform, I've got that thing. And you're going, okay, so when was the last time you sat down as a team and talked about what it means to you as a business?"Gary HibberdListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:From IT to Infosec Find out how Gary's path from office admin and Lotus Notes programming through to European crisis management at GE Money shaped his approach to practical security thinking.Hacker Culture & Mindset Explore why the original meaning of "hacker" was never a negative term, and how curiosity and a desire to push technology beyond its limits drove a whole generation into information security.Evolution of Security Challenges Learn why organisations are moving too fast to make good security decisions and why slowing down might be one of the most effective defences available.Impact of Compliance & Frameworks Understand why standards like ISO 27001 and GDPR had to be introduced because organisations weren't securing data on their own and what that tells us about where the industry still falls short.False Prophets in Cyber Find out how the rise of influencers with big platforms and limited experience are making it harder for newcomers and established professionals alike to find reliable advice.Misconceptions About Tools & Compliance Discover why buying security products is no substitute for doing the real work, and why so many organisations still confuse having the tools with actually being secure.Organisational Resilience as the Goal Find out why we should be treating governance, risk, compliance, business continuity and security as one conversation.Communication & Soft Skills Learn why communication, understanding people and managing risk are just as important as technical skills for anyone working in security.Resources Mentioned Consultants Like UsISO 27001ISO 22301FortranCC++Lotus NotesLotus DominoMicrosoft Certified Systems EngineerGDPR (General Data Protection Regulation)Data Protection ActPCI DSSReal Cyber AwardsConnect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber ...
    Mehr anzeigen Weniger anzeigen
    39 Min.
  • Trust Nothing: The Rise of Deepfakes in Cybercrime

    Trust Nothing: The Rise of Deepfakes in Cybercrime
    Mar 11 2026
    Are you confident you could spot a deepfake in your next meeting, or could someone be using your identity without you knowing?Welcome back to Razorwire, the cybersecurity podcast where we explore the challenges professionals face at the cutting edge of threat intelligence. In this episode, I sit down with Alexandra Jorissen, a specialist in deepfake detection and digital identity safeguards. We discuss the explosive rise of deepfake technology, where it's already being used and what it means for personal and professional security.SummaryIt’s no longer science fiction: deepfakes have become both a tool for petty fraud and a devastating weapon for sophisticated cybercriminals. Together, Alex and I discuss how rapidly these impersonations have improved, from laughable scams to well-orchestrated attacks inside global organisations. We get into how deepfakes are now being used for document fraud, insurance scams and internal expense fraud, and why most people still think they'd be able to spot one. Alex shares inside knowledge from her work with IdentifAI, reveals how detection technology is developing, and offers practical advice for anyone safeguarding digital identities, documents, and core business processes.Key Talking Points & Reasons to ListenInside Real-Life Deepfake Attacks Hear how a single convincing deepfake Teams meeting led to a $25 million loss at engineering firm Arup, why even well-trained employees followed standard processes and still got fooled and what this tells us about how far social engineering has come.How Deepfakes Bypass Everyday Security Find out how deepfakes are being used far beyond fake videos, from altered salary slips and AI-generated taxi receipts to fraudulent insurance claims, faked passports that pass KYC checks and criminals impersonating executives in remote meetings. Learn why one company discovered its internal expense fraud was three times worse than expected.Detection, Zero Trust and Practical Defence Learn how IdentifAI's forensic detection analyses images pixel by pixel in nanoseconds, why a zero trust mindset needs to extend to identity verification in everyday business and what simple, practical steps like secret questions and duress codes can do to protect against impersonation right now.This is a must-listen for anyone who wants to understand the new deepfake threat landscape, and pick up the actionable intelligence to defend against it.Verifying Identities in Online Meetings: "A lot of people I speak to, they seem to think deepfakes aren't there yet. Like they would still be able to spot them. And that's a very false presumption."Alex JorissenListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:The Evolution of Deepfakes See how deepfake technology has gone from laughable early efforts like the Will Smith spaghetti video to highly convincing fakes that even experienced professionals struggle to detect.Social Engineering and Deepfakes Learn how deepfakes are supercharging traditional social engineering tactics, making phishing and impersonation attacks far harder to spot than they used to be.Real-World Deepfake Scams Hear about actual cases where organisations have been deceived, including the Arup finance manager who transferred $25 million after a fake Teams call and companies that accidentally hired North Korean engineers using deepfaked identities.Abuse of Deepfakes for Fraud and Blackmail Find out how criminals are using AI to create compromising content of real people, using faked media to ransom victims or threaten reputational damage.Document and Identity Fraud Discover how deepfakes now extend to digital documents and IDs, with faked passports passing standard KYC checks and altered salary slips being used to secure larger loans.Breach of Age and Access Controls Learn how people, including minors, are using deepfaked images and identities to get around age verification and other digital barriers.Insider Threats and Employee Fraud Explore how easy it has become to create fake receipts and invoices using tools like ChatGPT, and why one company found its internal expense fraud was three times worse than it expected.Detection Technology and Limitations Understand how forensic AI analyses images pixel by pixel to detect manipulation, where the technology performs well and where limitations like screenshots and overlaid text still create challenges.The Importance of Zero Trust and Verification Find out why a zero trust mindset needs to apply to identity verification in everyday work, from checking badges to using secret questions and duress codes for high-risk communications.The Challenge of Awareness and Organisational Culture Hear why many organisations still believe deepfakes wouldn't fool them, and how deploying detection technology acts as both a defence and a deterrent that changes behaviour.Resources Mentioned Technical University of EindhovenDelft ...
    Mehr anzeigen Weniger anzeigen
    47 Min.
Noch keine Rezensionen vorhanden