Razorwire Cyber Security Insights

What threats should CISOs prioritise as we move into 2026?
Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're looking ahead to the challenges facing security leaders in 2026.
I'm joined by Richard Cassidy, EMEA CISO at Rubrik, and together, we discuss the three themes dominating CISO conversations: navigating the expanding regulatory landscape, preparing for quantum computing's impact on existing cryptography and understanding how attackers are shifting from loud ransomware to quiet economic warfare through time drag operations.
Summary
This episode examines the strategic and operational challenges CISOs face in 2026. The conversation covers how evolving regulations require fundamental changes to business operations and threat response, why tabletop exercises with executive teams are becoming standard practice for testing organisational maturity and how quantum computing is moving from theoretical concern to practical planning requirement.
Richard and Jim discuss the technological shifts happening simultaneously with AI and quantum computing and why security awareness gained during the pandemic is being eroded by the race to implement new technologies without proper security consideration.
The episode explores how attackers are evolving beyond traditional ransomware towards time drag operations that threaten business continuity without triggering incident declarations and why the combination of deepfakes and AI-driven social engineering represents a fundamental challenge to shared reality.
Three Key Talking Points:
The Regulatory Burden and Tabletop Testing
Learn about the regulatory challenges CISOs face across DORA, NIS2 and evolving frameworks, plus why organisations are increasingly running tabletop exercises with executive teams. Discover how war gaming activities help boards understand real-world breach scenarios and test organisational maturity beyond traditional red teaming. Find out how recent breaches at companies like Ubisoft, M&S and Jaguar Land Rover are driving leadership to take security seriously.
Quantum Computing's Imminent Impact
Understand why quantum computing has moved from background concern to top-three CISO priority for 2026 to 2028. Explore the timeline for quantum threats to existing cryptography, what organisations need to do now to prepare for post-quantum cryptography and why there's significant uncertainty around adoption strategies. See how quantum computing combines with AI to create a tectonic shift in security technology that requires planning today.
Time Drag Operations and Economic Warfare
Discover the shift from loud ransomware to quiet time drag attacks where threat actors threaten extended operational downtime rather than data theft. Learn why boards will pay millions to restore business continuity without declaring cyber incidents and how attackers are exploiting the economic model where disruption costs more than ransom. Explore how this combines with AI-powered deepfakes and social engineering to create attacks that undermine shared reality itself.

On the appearance of security:
"The economic model of cybercrime has shifted from traditional theft to time drag. If attackers know they can present you with a problem where you're not going to be able to recover your key systems for an inordinate amount of time, there's a higher likelihood that you are going to pay for a level of data or knowledge that will get you back to operational efficiency rather quick."

Are cryptocurrencies revolutionising finance, or are they simply empowering cybercriminals and state-sponsored hackers?
Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim, and in this episode, we're tackling one of the most polarising topics at the intersection of finance and security: cryptocurrency.
I'm joined by Richard Cassidy, Oliver Rochford and Jonathan Care, and together, we debate whether Bitcoin has solved any real problems or simply enabled cybercriminals to operate at an unprecedented scale, with 98% of ransomware payments now made in cryptocurrency.
Summary
This episode looks at how cryptocurrency has impacted real-world security and policy, including how it has facilitated over $3 billion in theft by state-sponsored groups like Lazarus to fund North Korea's nuclear programme and romance scams that have drained 4.6 billion victims with zero recourse. Everything illegal in traditional financial markets is legal in crypto. Yet in Argentina, Venezuela and Nigeria, people use it to preserve value against hyperinflation and bypass authoritarian controls. The debate centres on whether governments truly control crypto through exchanges and legal tender conversion, whether blockchain transparency helps law enforcement more than it helps criminals and whether ransomware payment rates dropping to 19% proves cybersecurity is winning despite crypto, not because of it.
Three key talking points from this episode:
Criminal Infrastructure and the Ransomware Economy. Find out how cryptocurrency is used for ransomware payments and how this has enabled the ransomware epidemic. Learn about state-sponsored theft, romance scams operating at an industrial scale and why dark web marketplaces like Hydra and AlphaBay succeeded Silk Road in facilitating organised crime. Discover the impact of payment rates dropping to 19% as companies choose disaster recovery over paying criminals.
Government Control vs Decentralisation Claims. Explore the heated debate about whether governments truly control cryptocurrency through regulating exchanges and legal tender conversion or whether the protocol itself remains ungovernable. Learn why KYC requirements at exchanges undermine the original vision of anonymity, how states force participation through tax requirements and whether crypto can function without an army to back it.
Real-World Use Cases vs Original Promises. Discover how cryptocurrency is being used in Argentina, Venezuela and Nigeria to preserve value against hyperinflation and bypass authoritarian capital controls. Examine whether these legitimate use cases justify a technology that hasn't solved its original problems: transaction speed remains too slow for real-time use, energy consumption is enormous compared to Visa, scalability hasn't improved and volatility undermines its claim as a stable store of value.

If you’re a cybersecurity professional looking to understand both the promise and peril of cryptocurrency, this episode is essential listening.

On the lawless nature of cryptocurrency:
"Every scam, every market rig that has been outlawed in real world money markets is wide open in crypto. As Richard points out, we're not only deregulated, it is lawless."
Jonathan Care
Listen to...

What happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading?
Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it.
Summary
2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support.
We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh.
Three Key Talking Points:
The Theatre of Security
Understand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them.
The Junior Pipeline Crisis
Discover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing.
Burnout as Occupational Trauma
Learn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers.
If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it.

On the appearance of security:
"Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way."
Marius Poskus
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

Is burnout in cybersecurity inevitable, or are we finally learning how to prevent it?
Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today.
Summary
Two-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation.
Three Key Talking Points:
Human Factors and the Reality of Leadership Burnout
Understand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.
Spotting Burnout Early - Inside and Around You
Get practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.
Building Resilience and Finding Peer Support
Discover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field.

If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip.

On power vs responsibility:
“CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.”
Eve Parmiter
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:
Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.
Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can

Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?
Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.
I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.
Summary
We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.
Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.
Key Talking Points
The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.
Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.
Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.

On the security of key documentation:
"Attackers aren't breaking in anymore, they're logging in."
David Higgins, CyberArk
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:
The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.
From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.
Zero Standing...