Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

Understanding Attackers: The Key to Effective Cyber Defence

In this clip, Robert Black emphasises the importance of understanding attackers' decision-making processes. By building networks with the attacker's perspective in mind, organisations can better influence and deter potential threats. Learn why considering the human element in cyber threats is crucial.

Beyond Tech: Shaping Cybersecurity Through Strategic Influence

Robert Black discusses the misconception of cybersecurity as purely a technical issue. He highlights the importance of shaping opinions and strategies, reflecting on the National Cyber Force's cognitive effect strategy. Discover why cybersecurity requires more than just technical expertise.

The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black

**Explore Revolutionary Cybersecurity Tactics on Razorwire with Rob Black** Tune in to this week’s episode of Razorwire where host Jim engages with Rob Black, a former military strategist turned cybersecurity innovator. Rob’s extensive experience, from computer game design to defusing IEDs, provides a unique perspective through which we can understand adversary psychology in cybersecurity. For more information or to ask questions, email podcast@razorthorn.com. Visit for personalised cybersecurity consultation.

Understanding Risk in Cybersecurity: Balancing Cost and Protection

Cybersecurity is a game of risk management, balancing the costs of protection against potential losses. This clip emphasises the importance of quantitative risk assessment to set appropriate budgets and limits. Learn why it's crucial to align security spending with the value of assets being protected, and how to avoid overextending resources.

The Rising Costs of Cybersecurity: Budgets and Priorities

In this clip, the discussion focuses on the increasing costs of cybersecurity and the need for dedicated security budgets separate from IT. With certifications becoming more expensive and vendors raising prices, organisations must navigate tight budgets while ensuring robust security measures. Understand the economic pressures and strategies for maintaining effective security.

From Office to Remote: Adapting Endpoint Security Strategies

As remote work becomes the norm, organisations face new challenges in securing devices outside the office. This clip discusses the return to host-based security and the importance of robust endpoint security measures backed by logs and alerts. Learn how to adapt your security strategies for remote environments where device locations are unknown.

Remote Work Security: Trusting Employees and Protecting Data

With the rise of remote work, ensuring that employees are actually working from secure locations is more crucial than ever. This clip discusses the trust issues and risks associated with employees working from unapproved locations, highlighting the need for robust IT asset management and security protocols to protect sensitive data.

Trust and Control in Third-Party Audits: Navigating the Challenges

This clip explores the delicate balance between trust and control in managing third-party vendors. With only large corporations often able to conduct thorough audits, many organisations must rely on paper audits and trust the provided responses. Understand the limitations and strategies for ensuring security when physical audits aren't feasible.

Balancing Trust and Control: Effective Phishing Protection Strategies

Discover why balancing trust and control is essential in cybersecurity. Our hosts discuss the complexities of protecting against phishing attacks, especially with advanced tools like ChatGPT that make scams harder to detect. Learn how combining trust with effective controls can help detect anomalies and safeguard your organisation against targeted attacks.

User Training vs. Security Controls: Who's to Blame for Phishing Attacks?

In this thought-provoking clip, the hosts debate whether security awareness training is enough to prevent users from falling for phishing scams or if stronger controls are necessary. Drawing on insights from a recent NCSC blog, they explore the ethical dilemma of assigning blame when users, despite training, click on malicious email attachments. Should the onus be on the end user, or is it a failure of security controls? Tune in to understand the complexities of balancing trust and control in cybersecurity.

Trust vs Control - Is Zero Trust Inevitable?

Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.

Why Trust Alone Isn't Enough in Cybersecurity: The Need for Control

In this insightful clip, our host delves into the common misconception that trust in suppliers and staff is sufficient for cybersecurity. Highlighting the adage 'trust is good, but control is better,' the discussion emphasises the necessity of implementing robust controls to detect and manage breaches of trust. Learn why regular assessments and monitoring are critical to safeguarding your organisation from potential failures in this must-watch segment.

AI Awareness Gap: Bridging the Disconnect Between Tech Experts and the Public | Razorthorn Security

Amy Stokes-Waters sheds light on the disconnect between technology enthusiasts and the general public's interest in tech, specifically AI advancements. In this engaging clip, Amy discusses the challenge of communicating complex tech concepts, like AI-generated content, to those outside the IT sphere. She emphasizes the need for better education on technologies that are reshaping our media landscape. Dive into this discussion to understand why simplifying tech talk is essential for broader awareness and acceptance.

Unrealistic Cybersecurity Job Expectations: The Talent Gap Issue | Razorthorn Security

Amy Stokes-Waters critiques the unrealistic expectations in cybersecurity job descriptions, highlighting a significant industry challenge. Discover why demanding expertise in both SOC operations and pen testing for a single role, with insufficient compensation, exacerbates the talent gap. This clip exposes the harsh realities of the cybersecurity job market and the need for more realistic hiring practices to attract and retain skilled professionals.

The Evolving Perception of Cybersecurity: A Funding Gap Analysis | Razorthorn Security

Join Amy Stokes-Waters as she discusses the significant shifts in how cybersecurity is perceived over the last five years, highlighting a persistent challenge in funding. Despite spending $450 billion on information security, the scale of criminal activity, valued at $9.5 trillion, suggests a dire need for increased investment. This clip explores the financial discrepancies and emphasizes why robust funding is crucial to effectively combat cyber threats.

Hidden Risks of Bug Bounty Programmes: Are You Getting the Full Picture? | Razorthorn Security

Explore the critical questions around bug bounty programs with Amy Stokes-Waters in this insightful clip. Amy questions the reliability of crowdsourced pen testing, raising concerns about what might not be reported. Discover why trusting bug bounty programs to reveal all vulnerabilities could leave organizations exposed to cybercriminals like LockBit. This video sheds light on the potential hidden dangers and underscores the importance of comprehensive security audits.

Insider Security Risks: A Pen Testing Reality Check for Large Companies | Razorthorn Security

Amy Stokes-Waters shares a startling anecdote from her pen testing sales experience in this must-watch clip. Learn how a company with 3,000 employees misunderstood the real risks of insider threats. Amy highlights the common oversight where businesses assume 'nice' means 'safe,' exposing them to potential cyberattacks. This video underscores the critical need for rigorous network security and vigilant monitoring of internal threats.

Rethinking Security Training: Engaging Users Beyond Boring Videos

Join Amy Stokes-Waters as she challenges traditional security awareness training methods in this compelling clip. Why rely on dull videos and animations when engaging users is key to strengthening cybersecurity? Discover how making security training interesting can transform users from being the weakest link to a robust line of defense. Tune in for innovative ideas that could revolutionize how we approach cybersecurity education.

Hacking Cybersecurity Training: Escape Rooms & Entrepreneurial Thinking with Amy Stokes-Waters

Join us on this week's edition of the Razorwire podcast where host Jim chats with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy, transitioning from a non-traditional background into cybersecurity, shares her entrepreneurial journey and innovative approach to security awareness training through engaging escape room experiences.

Insider Threats: Shocking Offer Outside Tesla Reveals Cybersecurity Risks

Amy Stokes-Waters discusses a real-world attempt to bribe a Tesla employee for secure access, highlighting the overlooked dangers of insider threats in cybersecurity. Discover the risks businesses face from both internal and outsourced hacking efforts, and why robust security measures are crucial. Tune in for more insights into the hidden world of corporate espionage and its impact on information security.