What happens when the dark side gets its hands on cutting-edge AI and why might even seasoned defenders find themselves playing catch-up?

Welcome back to Razorwire, where I’m joined by Oliver Rochford and Richard Cassidy to discuss how criminals are using AI, what's actually working and how the threat landscape is changing. We explore how adversaries are using AI, what’s actually working in the wild and how professionals can prepare for the unsettling pace of change.

Summary:

We discuss AI-powered phishing, deepfakes in recruitment and self-evolving malware. The conversation moves beyond the classic image of lone hackers, unveiling an economy of cybercrime with advanced automation, international collaboration and ruthless incentives. The real tension lies in whether AI is simply sharpening existing attack tools or if we’re on the brink of something genuinely new and autonomous. We dissect economic shifts in attack and defence and raises questions about resilience, readiness and just how quickly the future may arrive.

3 Key Talking Points:

• AI in current attacks: Discover how attackers are already automating phishing, password cracking and social engineering at scale, with some criminal campaigns boasting success rates that would have been unthinkable without AI.
• Deepfakes and infiltration: Hear real cases of attackers using AI-generated identities and language tools to pass job interviews and access company systems, including documented North Korean operations.
• 
  
• The autonomy debate: Join the debate over whether we’re seeing the emergence of fully autonomous AI attacks or just more sophisticated versions of existing threats, and what it means for risk management and defending against a fast-paced, well-funded adversary.

Ideal for any cybersecurity professional looking for sharp perspectives and real-world examples on the present and future impact of AI in the hands of attackers.

The New Question for Cybersecurity:

"We don't need to ask anymore, ‘Do we have good security?’ What we have to say, and what the question should be is, ‘Are we resilient when AI is being used against us? And how do we do that from a technology perspective?’ And there's no one answer."

Richard Cassidy

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• AI as the New Adversary Learn how criminals are using advanced AI tools to make cyber threats less predictable and harder to control.
• Phishing Supercharged by AI Discover why AI-generated phishing campaigns achieve significantly higher success rates than traditional attempts and what makes them harder to spot.
• Deepfakes and Recruitment Fraud Hear how attackers use deepfakes and voice-changing technology to impersonate job candidates and infiltrate organisations under false identities.
• Automation and Evolving Malware Explore the debate around whether malware can autonomously adapt and rewrite itself, reducing the need for human hackers to intervene directly.
• Limits of Current AI Threats Understand why truly autonomous, intelligent cyber attacks aren't widely observed in the wild yet, despite AI amplifying certain attack vectors.
• Economic Shift in Cybercrime See how AI has lowered costs and barriers to entry for cybercriminals, allowing attacks to scale rapidly...

Are you making career moves in cybersecurity or is cybersecurity making moves around you?

Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.

Summary:

Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.

From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.

We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.

Key Talking Points:

1. The Truth About Career Pathways:
2. We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.
3. Security Culture and Human Factors:
4. We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.
5. AI, Emerging Threats and Resilience:
6. Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.

Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.

The Future of AI in Software Development:

“Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.
• Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.
• Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why

Is your security stack making you safer or just adding to the chaos?

Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.

In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.

Three key reasons to listen:

• “Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.
• Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.
• The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.

If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.

Welcome to the Future: Solving Problems, Not Just Selling Tools

"If you're coming to market, remember the product is only half the game.

Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it.

If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.

Richard Cassidy

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.
• Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.
• Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.
• The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds...