In a landscape where cyber attacks are constantly evolving, is your business insurance keeping pace?Welcome to another episode of Razorwire! I'm your host, Jim, and today we dive deep into the dynamic world of cyber insurance. Neil Hare-Brown and Matt Clark, two industry experts, are with us to share their wealth of knowledge and insights on how cyber insurance has changed to address today's security challenges. In this episode, we cover the critical role of cyber insurance in modern security strategies, from mitigating the financial impact of cyber incidents to navigating the details of underwriting and premium setting. We also discuss the increasing trend of third party attacks and why companies must prioritise reviewing their vendors and suppliers. By the end of this episode, you'll have a clearer understanding of why cyber insurance is no longer a luxury but a necessity, and how you can leverage it to bolster your organisation's cyber resilience.Key Talking Points:1. Rising Costs and Frequent Threats: Neil explains why cyber insurance is crucial for mitigating significant financial impact of cyber crime.2. Underwriting and Premiums: Matt tells us how insurers use data and tools like ransomware calculators to set premiums and how businesses can proactively improve their cybersecurity posture.3. Vetting Third Party Vendors: We discuss why we must thoroughly assess third party providers, with insights into new insurance services and facilities aimed at helping businesses manage and recover from cyber incidents more effectively.Tune in to discover how cyber insurance can be an integral part of your organisation's defence strategy and ensure you're prepared for whatever comes your way.Cyber Risk Management: "I think there is still quite a long way for businesses to go, for boards to appreciate that cyber risk management is not an operational problem." Neil Hare-BrownListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Impact of Cyber Incidents: How to accurately estimate the financial repercussions of cyber attacks.- Ransomware and Business Email Compromise: We discuss the current trend for ransomware and business email compromise, and how to protect your organisation from the increased frequency and severity of the attacks. - Double Extortion and Data Breaches: The evolution of cyber threats which includes tactics like double extortion and significant reputational harm.- Using Data to Inform Insurance: How data from insured cyber events helps give risk insights for setting premiums.- Proactive Cyber Risk Management: Why it’s essential to have a cyber champion on the board.- Third Party Risks and Cyber Insurance: Third party attacks can severely impact businesses, highlighting the need for comprehensive cyber insurance.- Evolving Insurance Facilities: New offerings such as breach response services are becoming more accessible and affordable.- Post-Incident Actions: Breach experiences often lead companies to enhance cybersecurity measures and seek appropriate insurance coverage.- SMEs and Cybersecurity: Smaller enterprises struggle with maintaining effective cybersecurity processes and benefit greatly from cyber insurance.- Continuous Learning in Cybersecurity: Why we must continue to learn and evolve for effective cybersecurity strategies.Resources Mentioned

Unmask the reality of the information security world in this week's episode of Razorwire! Join me, Jim, and my guests, Chris Dawson and Iain Pye, as we talk about our daily frustrations working in infosec and the pressing issues facing cybersecurity professionals. We dissect the gripes, pet peeves and laughable clichés that saturate our industry.From the hype of award ceremonies to the absurdity of exaggerated credentials on LinkedIn, this conversation is packed with insights and anecdotes that will resonate with every cybersecurity professional. Stay tuned and subscribe for this candid look at the ups and downs of our industry.Key Talking Points:1. Real Talk on Compliance and Regulations: Discussing the hype around compliance requirements like GDPR and DORA, we break down the importance of understanding and managing these regulations without falling for marketing gimmicks.2. Vendor Exaggerations vs. Reality: Discussing the overblown claims around GDPR and DORA compliance and the serious implications for cybersecurity.3. Grandstanding Egos: The rise of self-proclaimed thought leaders and influencers and their role in fuelling fear, uncertainty and doubt within the infosec community.Tune in for a frank and entertaining discussion on the gritty realities of information security!The Struggles of Simplicity: "Your average user will go out their way to circumnavigate the controls that you've put in place."Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Annoying Infosec Practices: This satirical podcast dives into some of the most irritating practices in the infosec industry.- Auditor Issues: The frustrations of dealing with auditors. Enough said.- Integrity at Work: We talk about significance of acting professionally in workplace settings.- Infosec Vendor Marketing: The creative license taken by vendor marketing departments and how to stay wise to exaggerations.- Risk Management Complexity: We talk about the overwhelming abundance of acronyms, and the importance of clear communication and documentation.- Compliance and Regulations: We look into the implications of compliance requirements such as GDPR and the upcoming DORA.- Exaggerated Professional Profiles: We lament the trend of elaborate and often exaggerated LinkedIn profile titles and qualifications.Resources Mentioned- The Cyber Sentinel’s Handbook- GDPR (General Data Protection Regulation)- DORA (Digital Operational Resilience Act)- LinkedIn- Chat GPTOther episodes you'll enjoyPreventing Burnout in Cyber Security

In this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network.In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices.Key Talking Points:1. Deception Tools and Strategy - Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions.2. Psychological Influence on Threat Actors - Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors.3. Real World Case Studies - We discuss impactful examples, including the NSA's deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts.Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity. Deception 2.0: Envisioning the Future of Cybersecurity"So attackers believe the systems they're using because they've got no reason to believe the computer won't lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don't know what to trust and what not to trust?" Robert BlackListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats.- Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers' speed and decision making.- Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies.- Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy.- A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy.- Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs.- Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence.- Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments.- Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers' behaviour.Guest...

Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.We discuss: 1. Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity.2. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean.3. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy.Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines.“We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense."David HigginsListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control.- Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust.- Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations.- Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments.- Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries.- Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively.- Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors.- The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response.- Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics.- Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures.GUEST BIODavid HigginsDavid is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with...

On this week's edition of the Razorwire podcast, Jim sits down with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy brings her unique entrepreneurial perspective from a non-traditional background, transitioning into cybersecurity.The conversation provides valuable insights for security leaders as Amy candidly discusses her innovative approach to security awareness training through immersive, gamified escape room experiences. She shares her views on critical issues facing the industry today, such as combating AI-enabled disinformation campaigns, addressing the cybersecurity workforce shortage driven by unrealistic job requirements and improving strategic communication between security teams and business executives.Amy's experiences building her company and developing engaging training programmes make for a compelling discussion. Security professionals will gain new insights into creative methods for better educating end users and elevating cybersecurity's importance across the organisation. Her frank opinions and fresh mindset provide a thought provoking perspective for security leaders navigating the evolving threat landscape.Key Talking Points1. Innovative Security Training: Discover how Amy's company uses escape room experiences to teach important cybersecurity concepts, from phishing to insider threats, making learning engaging and memorable.2. Changing Threat Landscapes: Hear about the impact of ransomware on businesses big and small, the evolution of insider risks and how AI is shaping the future of information security.3. The Human Element in Cybersecurity: Gain insight into the importance of strategic leadership in cybersecurity roles and how businesses can navigate the challenges of educating teams and customers about the growing complexity of threats.Tune in for a fascinating discussion that sheds light on new methods of strengthening cybersecurity awareness and the vital role human factors play in protecting our digital worlds."I don't know many people that proactively undertake security awareness training, you know, sitting watching videos and animations and all that kind of thing. I genuinely don't know anyone that does that as a hobby, but I think it's something that's super important."Amy Stokes-WatersListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Cybersecurity Awareness via Escape Rooms: How immersive escape room experiences can be more beneficial than traditional methods utilised in cybersecurity education.- Insider Risk Management: Overcoming the challenges businesses face from internal threats and the risks of employees being exploited by ransomware attackers.- Impact of Cloud Migration on Security: How the shift to cloud computing during the lockdown affected the security of supply chains.- Artificial Intelligence and Disinformation: The dangers of AI in creating and spreading disinformation in geopolitical contexts and its potential risks in cybersecurity.- Cybersecurity in Small Businesses: We discuss the vulnerability of small businesses as integral parts of larger supply chains and the specific security challenges they face.- Career Reflections and Advice: Insights on personal growth in the cybersecurity field and the importance of reflecting on one’s mistakes and learning from them.- Evolving Role of CISOs: How the role of Chief Information Security Officers is changing.- Legal and Regulatory Aspects in Cybersecurity: Discussion on the emergence of cyber law, the importance of effective communication during security...

Welcome to Razorwire! In today’s episode, we take a look at the often-overlooked issue of professional burnout within the cybersecurity field. Joining us are two esteemed guests: Yanya Viskovich, a cyber resilience authority, and Eve Parmiter, a clinical traumatologist and consultant, both of whom bring their interdisciplinary insights to our discussion.Today's conversation uncovers the critical yet not-often-discussed crisis of burnout amongst our cyber defenders. Yanya shares her personal journey through the throes of burnout and her subsequent passion for addressing the human factors in cybersecurity and Eve gives us her clinical perspective, providing an in depth understanding of the steps that lead to burnout and how we can move towards prevention and recovery. Together, we explore strategies for cultivating an organisational culture that is resilient against burnout and the positive repercussions this can have on cybersecurity effectiveness. Key Talking PointsPersonal Insights from the Field: Yanya recounts her dynamic career path and the vulnerable moments of burnout she encountered during the global pandemic, offering listeners a glimpse into the human side of the cybersecurity equation.Clinical Wisdom for Cyber Warriors: Eve, with her therapeutic background, maps out the psychophysiological terrain of burnout and provides actionable tactics for information security professionals to identify and manage their stressors before they escalate.-Building a Burnout-Resilient Culture: Gain critical advice on creating strong, collaborative and health-focused workplace cultures that prioritise learning and vulnerability to fortify against cybersecurity threats as well as professional burnout.Don’t miss out on this conversation, which is more relevant now than ever. Tune in to unlock techniques that will not only defend your organisation’s digital assets but also safeguard the wellbeing of its most valuable guardians - its people.Embracing Failure for Cybersecurity Improvement: "We need to have a tolerance for failure, but an intolerance for incompetence. We need to invite cultures that invite questions and difficult ones, and that invites people to challenge the status quo, to invite people to say, ‘yeah, I've noticed that something's wrong here’, or ‘I see this as a potential risk and I'm raising it.’"Yanya ViskovichListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Appreciation of Crisis Management: A look into how the efforts of infosec professionals are often undervalued, especially when resolving critical issues during crises.- Post-Lockdown Loss of Mentorship: An exploration of the pandemic's impact leading to the exit of experienced professionals from the cybersecurity field and the subsequent loss of mentorship for up-and-comers.- Organisational Culture and Failure: The importance of creating supportive cultures within organisations that encourage learning from mistakes and destigmatising failure.- Human Factor in Cybersecurity: Highlights the crucial role of considering human behaviour and psychology in cybersecurity strategies, alongside technology and process optimisation.- Stress and High Burnout Rates: Insights into the abnormally high stress levels within the cybersecurity industry, leading to significant burnout among professionals.- Industry's Perception on the 'Department of No': Discusses the challenging perception of infosec teams as constructionistic.- Power of Recognition: We...

Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!Key Talking Points:1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.“I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” - Jack JonesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.  - Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.  - Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.  - Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.  - Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the...

Welcome to Razorwire, the cutting-edge podcast for cybersecurity professionals, where we unravel the world of information security and peek into the future of technology. I'm your host, Jim, and in today's episode, we're joined by our esteemed guests, Richard Cassidy and Oliver Rochford. We’re taking a deep dive into the recent Lockbit takedown, dissecting the movements in the global cybercrime landscape, and analysing the ongoing conflicts within the commercial industry. Our guests, both veterans in the field, share their insight on the takedown of the notorious Lockbit ransomware group, raising critical questions about the efficacy of such law enforcement actions. We explore the pervasive issues of ransomware as a service, the evolving role of threat intelligence, and the significance of industry collaboration. Additionally, we take a look at the challenges of finding your niche within the hyper-competitive tech market, dissect the misconceptions surrounding threat intelligence and confront the stark realities of the cybersecurity industry's marketing frontlines. Whether you're well into your cybersecurity career or contemplating your next move in the field, this episode of Razorwire is tailored for you.Key Talking Points:1. Inside the Lockbit Takedown: What the headlines don't tell you about the resilience of ransomware groups and why we should remain cautious post-takedown efforts.2. Navigating Cyber Misinformation: Our guests tear apart the misleading marketing tactics in cybersecurity and advocate for a truth-centric industry approach.3. Collaborate to Fortify: Discover the vital importance of cross-organisation intelligence sharing in combating sophisticated cyber threats and promoting stronger defences across the board.Don’t miss out on this candid and informative discussion. "There's a cultural problem when half the industry beats up on someone who discloses a breach. There's a disincentive to disclose breaches or intelligence. And so we need a cultural change there."Oliver RochfordListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Education and Skills Gap: outdated courses and underscores the necessity for ongoing training and adaptability in the information security domain.- Misleading Marketing: the impact of hyperbolic marketing which often overstates the novelty and effectiveness of cybersecurity solutions.- Threat Intelligence: the significance of deriving context from intelligence data and promoting its exchange within the sector.- Cybersecurity Community Strength: the information-sharing culture and reciprocal support among information security professionals.- Understanding Ransomware Complexities: a general lack of awareness around ransomware intricacies, including legal repercussions of ransom payment refusals- Emphasis on Threat Modelling: the importance of businesses understanding their unique threat landscapes and preparing for worst-case scenarios.- Cybersecurity Startups Proliferation: the sheer number of startups entering the cybersecurity space and the concerns about their effectiveness.- Ransomware's Robust Ecosystem: the professional network that underpins ransomware operations, which includes a mix of criminals and nation-state involvement.Resources Mentioned

In this episode, we tackle some of the most pressing issues in the convergence of cyber warfare, information security and political strategy. Our guests, Iain and Chris, share their frontline insights on how the digital realm has become a playground for clandestine operations, where cyber mercenaries are the new knights, rooks and perhaps even the kings. We examine the repercussions and complexities of engaging third party cyber groups for state-sponsored operations, debate the seemingly lucrative appeal of cybercrime and look at real-world examples where the cyber realm has been militarised. Discussions range from the effect of bot networks on democracies, to the specific roles of organised criminal cyber divisions and the evolution of digital espionage.Talking Points:1. The Intricate Web of Cyber Mercenaries: Discover the hidden connections between governments, political factions and cyber mercenaries. We unravel the complex tactics and consequences of outsourcing cyber warfare and the ethical lines that get blurred along the way. 2. The Business of Cyber Conflict: We talk about the paradoxical profitability of cybercrime versus the costs of robust defence. We discuss the art of balancing offensive strategies and cybersecurity defences, drawing comparisons between private sector incentives and government backed digital warfare. Professionals keen on risk assessment and cyber strategies will find this conversation particularly interesting.3. Navigating Cybersecurity Governance: Dive into a crucial debate on managing the cyber mercenary phenomenon, filtration in intelligence gathering, and the quintessential role of governance in preventing operational downfall. As we explore the undeniable need for quality defence mechanisms, the insights shared here are invaluable for any professional aiming to stay ahead of cyber threats.Join us on Razorwire, your go-to podcast for cutting through the digital noise, as we delve into a world where cyber conflict is omnipresent and the concept of warfare is forever altered. This is one episode you'll want to replay, decrypt and safeguard in your mental arsenal."It's not like a physical mercenary group where you can see them. They're not blowing anything up. Nothing's going to go bang so people actually notice. So unless a government gets hacked or something happens, unless they shut down the national grid, unless there’s collateral damage that comes with it - they can pretty much hide it away, can't they?"Chris DawsonListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Government and Media Control: Exploring the intersections of government ownership of media and its implications for information security and cyber warfare.Corporate Espionage and Cyber Warfare: Debating the ethical and strategic considerations of engaging in corporate espionage and cyber warfare.Cyber Mercenaries: Examining the rise of cyber mercenary groups willing to conduct cyber warfare operations for hire.Digital Infrastructure Security: Discussing the technical and strategic challenges associated with detecting and defending against compromises in digital infrastructures.Plausible Deniability and Cyber Attacks: Considering the strategy of plausible deniability and its potential to shield governments from the fallout of cyber operations.Monetisation of Cyber Crime: Analysing the profitability and incentives driving skilled cybercriminals and how crime pays in the cyber realm.Cyber Warfare and Political...

Hello Razorwire listeners! It's your host Jim here, and in today's fascinating episode, we sit down with cybersecurity veteran Simon Moffatt. With two decades under his belt in the dynamic field of identity and access management, Simon unpacks the complexities of cyber protection in our modern age. From the evolution of technology to the murky waters of liability and insurance in cybersecurity, Simon's insights shed light on the challenges and trends we face. As the founder of The Cyber Hut, Simon taps into his experience with giants like Oracle and ForgeRock and his startup stints to guide organisations through the labyrinth of cybersecurity strategies. We talk about the seismic shifts in industry practices, highlighting the advent of cloud technologies and "as a service" models and the post pandemic rise of remote work. We explore the forefront of passwordless technology, the challenges of IoT security, and the critical nature of defence in depth strategies.You’ll hear about a significant legal battle that a sizable organisation won against its insurers, highlighting the larger uncertainties in cyber liability insurance. Find out about Simon's predictions for the industry's trajectory, combined with his first hand accounts of working in various sectors of the tech world, to provide a rare glimpse into the past, present and future of cybersecurity.Key Talking Points:1. The Transformation of Cyber Liability Insurance: Discover why a major organisation's legal victory signals a critical juncture for cyber liability coverage and what this means for businesses navigating today's risk landscape.2. Passwordless Futures and Biometric Booms: Tune in as Simon forecasts the rise of biometric authentication over the next few years, discussing how behaviour tracking could redefine threat detection and response.3. Cloud Confusion and Shared Responsibilities: Uncover the intricacies of cloud service models and how shifting boundaries have resulted in complex challenges for CISOs and CIOs in pinpointing control and ownership amidst a virtual landscape.Ready for a deep dive into cybersecurity's evolving realm with Simon Moffatt? Join us on Razorwire to unravel the enigma of cyber protection in our interconnected world.“Cyber's a top priority, maybe even more so than it was 3 or 4 years ago. By that, I mean people are quite familiar with protecting their own identities, or PII protection. People are aware of hackers, you know, the bad guys, nation state threats."Simon MoffattListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Concerns and challenges surrounding data protection liabilityThe problems of uncertainty due to the constantly changing landscape of cyber liability insuranceIncomplete picture of cybersecurity with third party intelligence companiesThe limitations of third party intelligence companies in the cybersecurity space Trends in identity and access management Introduction to The Cyber Hut, a business focused on tracking cyber trends and aiding organisations in navigating the cybersecurity landscapeThe shift towards cloud technology, remote work and changes in software deliveryThe blurred lines of responsibility in cloud services are explored, raising questions about data ownership and controlThe need for agility, modularity and preparedness in systems following the pandemicGUEST BIOSimon MoffattSimon is a recognised expert in the fields of digital identity, access and information security who assists organisations in the...

Welcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I'm your host, Jim, and in today's episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos.In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications.Key Talking Points:1. The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation.2. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments.3. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation.“We can't let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it's a distraction, I think, from real security."Steve Applegate - DragosListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation.Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls.Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs.Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats.Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks.Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes.Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency.Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC.Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology.Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry.Resources Mentioned- Dragos- Sellafield

Welcome to Razorwire, the podcast for all things cybersecurity and information security. I'm your host, Jim, and today we have a thought-provoking discussion with industry experts Iain Pye and Chris Dawson about emerging cybersecurity threats and trends to watch out for in 2024.In this episode, we dive into three key talking points that are essential for cybersecurity professionals to listen in on:The accelerating risk of ransomware and data breaches, including the increasing need for continuous security testing and the challenges of balancing security tool costs with limited budgets and the speed required to adapt.The use, impact and potential threats of artificial intelligence on major global events including the elections coming up in 2024, in the context of societal and political manipulation, as well as the rising risks of identity theft, sophisticated disinformation and deep fake technology.The importance of operational resilience plans, the challenges of compliance and auditing processes, and the need for improved cybersecurity standards and training.Tune in to gain insights from leading experts in the field on how organisations can prepare for the cybersecurity challenges of 2024. "What's your operational resiliency plan? How is your organisation going to have to learn the hard truths? Take a really hard look at what you're doing and go: if that falls over or it gets breached, can we keep running our business?"Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Technology vs. training: security advancements outpacing public knowledge- Complex compliance: regulation challenges for smaller organisations- Cybersecurity testing shift: from annual to continuous- Offensive and defensive AI use anticipated to increase in 2024- Reviewing technical security solutions and policies- Budget struggles: balancing security tools and costs- Call for government prioritisation in security training- Importance of basic security measures- Mistrust in mainstream media and information sources- Artificial intelligence: potential risks and benefitsResources MentionedGDPRSECAICyber EssentialsCSFIOther episodes you'll enjoyThe Use Of AI In Cybersecurity – Consultants Roundtablehttps://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

Hey there, Razorwire listener! In this episode, we welcome back cybersecurity experts Richard Cassidy and Oliver Rochford to follow up on our AI podcast back in November. Join us for spirited debates on the current state of AI capabilities, their imminent impacts on society and business, and thought-provoking speculation on the future of AI and its existential promise and perils.We tackle AI topics ranging from innovations like large language models to the role of quantum computing, governance challenges and regulatory responses, workforce disruptions, and the potential for artificial general intelligence. You'll come away with an insider's perspective on AI progress and get beyond the hype to understand real-world limitations and applications.From actionable business advice to philosophical discussions on the human condition, the Razorwire podcast offers incredible insights from industry veterans Oliver and Richard. Learn about investments, cybersecurity issues, ethical considerations, the AI "arms race," and transhumanist ideals spanning neural implants to robot bodies.Whether you're making strategic decisions in your company, tracking public policy issues, or just want to sound informed on emerging tech, the Razorwire podcast delivers the context and perspectives needed to evaluate AI's present impact and future potential with wisdom. Tune in for enlightening analysis you won't get from sensationalised media reports. Every episode offers rare clarity to think smarter about technological forces shaping society."I don’t believe we know humanity is not ready for AGI. We haven’t evolved in the way that we think, and as I said, our colloquial, war-minded economics today to actually even have AGI benefit the planet." Richard CassidyListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:AI Development Accessibility: The current challenges of the development of AI technology.The future of artificial general intelligence (AGI): The conversation delves into the future of AGI and its potential impact on society.Ethical and Existential Concerns: AI's potential implications for society, humanity, and the labour force raise ethical and existential concerns.Business Responsibility: Business leaders are responsible for managing AI technology and should view it as augmenting the workforce.AI for Global Solutions: AI technology has the potential to address serious global problems if used responsibly.Advancements in Human Health: Some advocate for the use of AI to develop new technologies to improve human health and capabilities.Lack of Global Legislation for AI: Concerns are raised about the lack of global legislation for AI and its potential implications for businesses.AI in Military and Autonomous Robots: We discuss the potential implications and ethical concerns of AI technology for building autonomous robots and weapons.AI Regulation and Consequences: We explore the fear of and potential consequences of regulating AI technology.Resources MentionedMoore's LawNeuralinkFermi's Paradox

Welcome to Razorwire, the podcast where we cut through the tangled web of cybersecurity to bring you the latest insights and expert analysis. Victor Acin and Oliver Rochford, two esteemed guests, are with me in today's episode.In this episode, we’re exploring the dangerous world of cybercrime as a service and its implications for individuals, organisations, and even nation-states.Join us this week as we unveil the dark side of cybercrime. Victor, the Head of Threat Intelligence at Outpost 24, shares his expertise on the rise of cybercrime as a service. Discover how cybercriminals have adapted their tactics, the motivations driving their actions, and the alarming ease with which they operate.Stay ahead of the game with insider knowledge from Oliver's research, where he discusses the striking similarities between cybercrime services and legitimate tech services. Learn about the techniques used by cybercriminals to infiltrate organisations and exploit their vulnerabilities. Whether you're a seasoned professional or just starting your cybersecurity journey, this episode offers some excellent, practical advice for strengthening your defences. We share some effective ways to protect against credential theft, insider threats, and targeted attacks. Hear about tried and trusted remedies recommended by our experts that can make a significant impact on securing your organisation.So, if you're a cybersecurity professional looking to expand your knowledge and sharpen your skills, join us on Razorwire as we unravel the intricate world of cybercrime as a service.Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following:The evolution of cybercrime into an as-a-service model, where specialised services and infrastructure are available to carry out different elements of cyberattacksThe low barriers to entry for new cybercriminals of this business-like modelThe recent rise in credential theft through the use of simple malware toolkits, which allow even unskilled cybercriminals to distribute malware and steal credentials at scaleEstablished cybercrime groups that offer ransomware and even entire cyberattack infrastructure in an as-a-service model. This comes complete with support services for affiliates conducting attacksThe flexibility offered to cybercriminals from a modular services model, which offers mix-and-match attack components from different providers specialising in access, malware, ransomware, money laundering, etc. How cybercriminals choose or decide against their victimsHow the rise of untraceable cryptocurrencies has removed obstacles to monetising and laundering profits from cybercrime, fueling growthWhether or not having easy access to cybercrime services could facilitate corporate espionage and what examples we haveThe importance of threat intelligence—understanding the motives, tools and trends in cybercrime—is vital context for effectively securing against the evolving threat landscapeGUEST BIOSOliver RochfordOliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and...

Welcome to Razorwire, the podcast where we cut through the noise to bring you incisive discussions on all things cybersecurity. I'm your host, Jim, and in today's episode, we delve into the SEC charges against SolarWinds CISO, a case that has sent shockwaves through the infosec community.In this episode, our guests Iain Pye and Chris Dawson discuss the hype surrounding the trial, its impact on the infosec community, and the potential consequences for all Chief Information Security Officers (CISOs). We also explore the uncertainties surrounding the CISO's responsibilities and actions within the organisation regarding addressing security vulnerabilities, as well as the potential implications of the SEC ruling on CISOs' risk aversion and self-interest.Lastly, we talk about the dynamics of security compliance certifications and the potential manipulation involved in obtaining them.If you're a cybersecurity professional, join us as we dissect the complexities of CISO responsibilities, the SEC's pursuit of individuals over organisations, and the implications of legal actions on the infosec landscape. Tune in for an insightful discussion that will challenge your perspectives and keep you on the cutting-edge of cybersecurity issues."Companies are now telling victimised organisations not to produce an incident response report or similar or any type of report. Any such report should be delivered verbally or kept off any electronic or paper documents as much as possible as they could be subpoenaed in future lawsuits and may reveal that the company to be at fault."Iain PyeListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we cover the following topics:- The aftermath of the SEC charges against SolarWinds CISO and the debate surrounding the implications for the infosec community- The challenges and potential issues surrounding auditors' understanding of risk management and cybersecurity processes- Discussion of internal messaging about cybersecurity vulnerabilities within SolarWinds and potential misrepresentation of cybersecurity practices- The impact of underfunding on information security departments and the challenges faced in training and securing environments- The potential for individuals to whistleblow on security vulnerabilities and the SEC's regulatory role to hold organisations accountable- The debate on the extent of the CISO's authority within the organisation and the support required from the board in addressing security vulnerabilities- The potential impact of the SEC ruling on CISO decision making and the resulting risk averse behaviour- The potential impact of pressure from insurance companies and the SEC's focus on shareholder rights and company ethics- Suspicions of misrepresentation and potential manipulation in obtaining security compliance certifications and ISO audits- The role of CEOs and senior management priorities in influencing cybersecurity practises and certificationsResources Mentioned- SolarWinds- SEC (U.S. Securities and Exchange Commission)- ISO 27,001

In the latest episode of the Razorwire podcast, I am delighted to welcome back our esteemed cybersecurity professionals, Oliver Rochford and Richard Cassidy. Today, we delve into the fascinating realm of generative AI and its applications in the cybersecurity landscape.We kick the episode off with an overview of generative AI. We discuss how it works and its training on extensive datasets to infer statistical relationships between words and concepts. While major cybersecurity vendors such as Google, CrowdStrike, SentinelOne, and Microsoft have announced integrations with generative AI, Oliver issues a cautionary note, highlighting that its capabilities are often subject to overhype.We discuss the accuracy of generative AI's representation in the business community. Listen in to hear our consensus: Is it possible for generative AI to live up to the advanced AI depicted in science fiction?Delving into practical cybersecurity use cases and exploring risks associated with explainability, trustworthiness of outputs, and potential regulatory implicationsThe aim of this episode is to give you valuable advice for venturing into the realm of generative AI. Tune in to the Razorwire podcast for an in-depth exploration of this evolving technology.Andrés Horowitz has said that 80% of all of the investment in the generative AI startup goes on compute costs. They worked out that one training run on GPT, I think, 3.5 costs somewhere between half a million to $3,800,000. Is it even affordable?" Oliver RochfordListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Big Tech's control over the conversation and concerns about AI- Inconsistencies in the guidelines and censorship policies of platforms like Spotify, Apple, and YouTube limit what can be discussed and criticised.- The limitations and potential dangers of Artificial Generative Intelligence - The different opinions and viewpoints surrounding NFT technology and its impact and significance- Importance of not overhyping NFTs and allowing for experimentation and exploration of new use cases- Limitations of Gen AI tools, particularly in terms of explainability, interpretability, and trustworthiness of data- Advising caution when utilising AI tools for security purposes and the importance of trust and verification- How AI tools can help with paralysis and confusion in data analysis- Examining the high valuation of OpenAI and people's unrealistic expectations of AI due to Hollywood portrayals- Exploring the potential of AI-powered language models like Chat GPT, their integration into various products, and the need to avoid false informationGUEST BIOSOliver RochfordOliver has worked in cyber security as a penetration tester, consultant, researcher, and industry analyst for over 20 years. Interviewed, cited, and quoted by media, think tanks, and academia, he has written for SecurityWeek, CSO Online and Dark Reading. While working at Gartner, he co-named the Security Orchestration, Automation and Response (SOAR) market, worked on the SIEM Magic Quadrant, and also covered the European MSSP Market. In past lives, Oliver worked for Qualys, Verizon, Gartner,  Tenable and Securonix and is currently Chief Furitist at Tenzir, where he works on product strategy and marketing.  Richard CassidyRichard Cassidy has been consulting to businesses on cyber security strategies and programs for more than two decades, working across...

Hello and welcome to Razorwire, the podcast where we delve into the world of cybersecurity with top experts and industry leaders. I'm your host, James Rees, and I can't wait to share this episode with you. As a PCI DSS QSA, I’m delighted to have PCI expert Jeff Hall as my guest today.This episode will give you a unique perspective on how security has evolved from early mainframe days to today's interconnected, risk-focused practises. Jeff tells us about his hard-won lessons and wisdom gathered over decades steering information security programmes, including the need for compliance to work alongside overall security and not hinder it, and why auditors should be viewed as allies, not adversaries.We give you some unique insights on the upcoming PCI DSS v4, the changes we can expect, and what we should be prepared for. We also talk about the issues that shortened CISO tenures create and how this can hinder long-term security progress. Learn why it’s important to focus on the big picture when it comes to security goals rather than getting distracted by minutiae.We cover a wide range of subjects throughout this episode, with some really useful takeaways. One of the key points, and I really must agree, is the importance of matching security priorities to business risk, not compliance checklists. Jeff gives us his advice on focusing on the appropriate controls for what you aim to protect. For CISOs, security leaders, and practitioners at all levels, you’ll gain insight into building effective programmes that deliver real protection. Tune in to level up your approach with advice from this industry luminary and compliance guru.So, if you're ready to up your cybersecurity game, join us on Razorwire. Stay informed, connected, and inspired. Together, we can build a safer digital world. Let's get started!Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- The importance of cybersecurity in e-commerce- Identifying the main problems of managing website vulnerabilities- Discussing the need for implementing specific tools to comply with regulations- Exploring concerns about customer data security, effectively monitoring alerts and meeting requirements- How the increasing costs and complexity of audits could lead to organisations rejecting compliance requirements- How to streamline security programmes and focus on essentials- The challenges of security and deployment in cloud environments- How to prioritise the overall security programme and how not to get lost in minor details or problems- The lack of leadership in the information security industry and the short tenure of CISOs- The shortage of qualified infosec professionals and why we should be supporting mentorship and apprenticeshipGUEST BIOSJeff HallJeff Hall is a principal security consultant at Truvantis, Inc.  Jeff has over 30 years of technology and compliance project experience.  Jeff has done a significant amount of work in financial institutions, health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation.  Jeff is part of the PCI Dream Team, a co-author of ‘The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management’ and the writer of the PCI Guru blog (http://pciguru.blog).Resources MentionedRazorthorn’s...

Hello, and welcome to Razorwire. This week, I've had a great time discussing the fascinating topic of artificial intelligence (AI) and its potential impact on our industry, with my esteemed Razorthorn consultants, Tom, Jamie and Michael. We explore the different types of AI, including machine learning and chatbots, and discuss the challenges of achieving a low false positive rate and high general application.You'll gain valuable insights into the evolution of AI and why we MUST take seriously the very real potential for malicious actors to use it for nefarious purposes. We'll also be highlighting the significance of incorporating security measures into AI development and the need for responsible implementation.By the end of this episode, you'll have a comprehensive overview of AI and its potential risks and benefits in the future of cybersecurity. So join me as we explore this exciting and important topic, and take away key insights that will help you stay ahead in the ever-changing world of cybersecurity."The reality of it is AI is a set of predefined algorithms for a compute standard to take in data, process that data, and then come out with a prediction, and that is impacted number one by the data that's being put into it but also the algorithms and controls that are set by the human factor programming that in."Tom MillsListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Overview of AI in Information SecurityMichael gives us an overview of different types of AI, including machine learning and chatbots, and how they are implemented in information security.Difference between True AI and Current State of AIWe talk about difference between true AI and machine learning.Challenges of Achieving Low False Positive Rate and High General Application and how to improve accuracy.AI ImplementationThe consultants discuss ways of reducing risk and false positives in data discovery and leakage solutions.Evolution of AIThe evolution of technology and the reality of whether AI will really replace jobs.AI and Malicious ActorsThe consultants discuss how AI has increased the pool of unsophisticated threat actors who can use AI engines to conduct successful attacks.Behavioural Analysis ToolsDiscussion on the use of behavioural analysis tools in detecting breaches and how they work.Chat GPT and its LimitationsDiscussion on the limitations of chat GPT and the potential for it to be used maliciously, as well as the potential for AI to develop biases based on the data it is trained on.Quality Data for AIThe importance of quality data for AI and the process of stripping out unnecessary information to train AI models.Ethics and Limitations of AIThe limitations of AI and the ethical considerations surrounding the data sets used to train AI models.Regulatory Compliance Standards for AIThe lack of regulatory compliance standards for controlling AI and the potential consequences of malicious actors using AI for cyber attacksThe need for a kill switchThe importance of having a kill switch in AI to prevent it from going rogue and causing harm.The possibility of true AIThe consultants talk about the possibility of achieving true AI, which is self-aware and can disable a kill...

Welcome to Razorwire, where we and our expert guests tackle the issues and opportunities in the world of cybersecurity. In this episode, we explore the challenges and issues faced by the cyber liability insurance industry.  This podcast looks into the complex challenges surrounding cyber insurance, an increasingly crucial topic for security leaders and organisations. Join your host James Rees and cybersecurity specialists Chris and Iain, as they engage in an enlightening discussion about the problems with cyber insurance.  Learn why the dynamic nature of cyber risk has left insurers playing catchup, leading to unfavourable policy terms, skyrocketing premiums and growing frustration for customers. Gain insights into the systemic impacts of ransomware attacks on insurers along with the immense stresses faced by CISOs navigating insurance responsibilities. Discover innovative ideas like continuous security ratings and improved regulations that could transform the broken cyber insurance model.  Whether you're a business leader, security professional or just interested in staying informed, this podcast delivers an array of useful take aways to understand the cyber insurance quagmire. Expect an insightful and engaging discussion on this mission-critical topic. Tune in now to stay ahead of the game in the ever-evolving world of cybersecurity. And that’s why you’re better off insuring yourself!  Iain Pye  Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen  In this episode, we covered the following topics:  The challenges insurance companies face in properly assessing and pricing cyber risk due to its constantly evolving nature. How restrictive policy terms around "acts of war" have made it difficult for companies to receive payouts after attacks. The lack of cybersecurity expertise and rigorous due diligence conducted by many insurance firms before issuing policies. The skyrocketing cost of cyber insurance premiums and difficulty obtaining comprehensive coverage. The problem of companies being unable to get insured after a breach has already occurred. How the increase in ransomware attacks creates systemic risk for insurers paying out multiple policies. The stress and burnout faced by CISOs and cybersecurity leaders related to insurance coverage responsibilities. The importance of cyber defence planning beyond just having an insurance policy. How continuous security assessment models could help provide better assurance to underwriters. The need for improved security regulations and standards for the insurance industry to base policies on. The benefits of self-insuring cyber risks versus relying solely on external insurance.   GUEST BIOS  Iain Pye Iain is a Cybersecurity, Data Protection and Risk Specialist with over 20 years of experience in the public and private sectors. Iain has worked in a range of industries from finance, legal, security and government. When Iain is not fighting fires or arguing personal data ethics, Iain likes exploring the world with his family and occasionally going for a run through the Fens with the dog. If the dog is up for it, which she is usually not.  Chris Dawson Chris Dawson is a former Royal Marine of 11 years. He moved into the private security sector in

Welcome to Razorwire, the podcast that explores the intricate world of cybersecurity. I'm Jim, your host, and on this episode, we have a fascinating guest joining us: Bec McKeown, a renowned expert in the psychology behind security. This episode is a must-listen for cybersecurity professionals for three key reasons:Firstly, Bec delves into the challenges of conducting investigations and spotting deception in the cybersecurity field. Her insights will equip you with the tools to identify suspicious behaviour, such as stealing or leaking sensitive information.Secondly, she addresses the crucial skill of effectively communicating risks to higher-level executives without instilling fear. Understanding the psychology behind this communication is vital for cybersecurity professionals seeking to navigate the boardroom and gain support for their security measures.Lastly, Bec sheds light on building trust within the cybersecurity community, dispelling fears of punishment for reporting mistakes or risks. Her expertise in psychological techniques and team building will give you valuable strategies for fostering an environment of collaboration and trust.So, cybersecurity professionals, get ready to dive into the fascinating world of the psychology behind security with Bec McKeown on this episode of Razorwire.“… for me, it's all part of this cognitive fitness thing that you have the agile thinking and the cognitive techniques to do decision making and that sort of thing. But there's also understanding yourself. Where are you as a person? What are your strengths, what are your weaknesses, development needs or the areas where you're not so great at things.” Bec McKeown Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:● Complex cybersecurity and agile thinking skills● Influence, language and understanding for effective communication● Investigation challenges, spotting deception and overcoming fear● Understanding different groups for effective collaboration● Learning how to engage with different individuals ● The two ways in which the brain works: system one (fast, instinctive) and system two (rational)● How cognitive narrowing during a cybersecurity crisis affects confidence● Tips for managing and handling crises effectively● Burnout risks and how to avoid them in high-stress infosec careers● Building resilience: individual and organisational responsibilities● The importance of recognising symptoms, empathy and self-awareness● Teaching critical thinking and mentoring effectively● How to use stories for knowledge application and understanding.GUEST BIO Bec McKeownBec McKeown is a Chartered Psychologist with twenty years’ experience of researching and evaluating human performance in high-risk, high-stakes industries, including the UK Ministry of Defence. The knowledge and insights gained from this research have given Bec a unique perspective on the ways humans react in times of crisis, and she is an experienced speaker and thought leader on the psychology of human performance in cybersecurity. In 2019, Bec established Mind Science, an organisation dedicated to assisting companies at both operational and strategic levels. Her primary focus revolves around leveraging psychological principles to...