What happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading?

Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it.

Summary

2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support.

We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh.

Three Key Talking Points:

The Theatre of Security

Understand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them.

The Junior Pipeline Crisis

Discover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing.

Burnout as Occupational Trauma

Learn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers.

If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it.

On the appearance of security:

"Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way."

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

Is burnout in cybersecurity inevitable, or are we finally learning how to prevent it?

Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today.

Summary

Two-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation.

Three Key Talking Points:

1. Human Factors and the Reality of Leadership Burnout
2. Understand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.
3. Spotting Burnout Early - Inside and Around You
4. Get practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.
5. Building Resilience and Finding Peer Support
6. Discover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field.

If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip.

On power vs responsibility:

“CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.”

Eve Parmiter

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.
• Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can

Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.

I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.

Summary

We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.

Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.

Key Talking Points

1. The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.
2. Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.
3. Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.

On the security of key documentation:

"Attackers aren't breaking in anymore, they're logging in."

David Higgins, CyberArk

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.
• From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.
• Zero Standing...

How can small and medium businesses protect themselves from cyber threats without spending a fortune or just ticking boxes for compliance?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, we’re taking a look into the challenges faced by SMEs on the journey through cybersecurity compliance and insurance.

I’m joined by Lewis Lockwood from Incursion and Josh X of Capsule, who bring experience from the front lines of offensive security and insurance broking. Together, we tackle the misconception that security is prohibitively expensive and explore how smart strategies can strengthen your defences without breaking the bank.

Summary

We tackle a topic at the heart of SME cybersecurity struggles - from box-ticking compliance to negotiating cyber insurance and surviving data breaches. Lewis Lockwood explains why Cyber Essentials is more than a paperwork exercise and how agility can be a secret weapon for smaller companies. Josh X talks about the realities of selling cyber insurance to resource-stretched businesses, the importance of aligning insurance with actual security posture and the real risks hidden even in smaller businesses.

Whether you’re a founder, IT manager or just curious about how attackers think, you’ll get practical advice, cautionary tales and actionable steps you can take today.

Key Talking Points

• Cyber Essentials as Practical Defence, Not Just Compliance Learn why basic frameworks like Cyber Essentials shield SMEs from common attacks, offering affordable, actionable protection that goes well beyond box-ticking.
• How Insurance and Security Must Work Together Discover the realities of cyber insurance for small businesses, including why your security posture affects premiums and claims, and what actually happens if you’re hit by ransomware or invoice fraud.
• Learning from Real-World Breaches and SME Pitfalls Hear first hand stories about high profile incidents, negotiation tactics with threat actors and how even a local florist or butcher can be targeted. Understand why continuous education, simple security controls and the right insurance mix can prevent both financial disaster and sleepless nights.

Tune in for a conversation that’s honest, insightful and practical - with takeaways you can put into action immediately, no matter your company size.

On the security of key documentation:

“Where are you storing your insurance documents? If someone wants to get into your network, the easiest thing to do is to look at their insurance documents and be like, okay, they've got a million pound limit, let me ask for £2 mil.”

Josh X, Capsule

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Cybersecurity Cost Perceptions Why the belief that security is prohibitively expensive for SMEs is misleading and what actually drives costs.
• The Role of Cyber Essentials How Cyber Essentials provides a practical, affordable security baseline for small and medium businesses without breaking the bank.
• Insurance as a Safety Net Why cyber insurance can't replace proper security measures and how to understand its role as a last resort, not a first line of defence.
• SME Agility in Security How smaller organisations can use their size as an...

What happens when the dark side gets its hands on cutting-edge AI and why might even seasoned defenders find themselves playing catch-up?

Welcome back to Razorwire, where I’m joined by Oliver Rochford and Richard Cassidy to discuss how criminals are using AI, what's actually working and how the threat landscape is changing. We explore how adversaries are using AI, what’s actually working in the wild and how professionals can prepare for the unsettling pace of change.

Summary:

We discuss AI-powered phishing, deepfakes in recruitment and self-evolving malware. The conversation moves beyond the classic image of lone hackers, unveiling an economy of cybercrime with advanced automation, international collaboration and ruthless incentives. The real tension lies in whether AI is simply sharpening existing attack tools or if we’re on the brink of something genuinely new and autonomous. We dissect economic shifts in attack and defence and raises questions about resilience, readiness and just how quickly the future may arrive.

3 Key Talking Points:

• AI in current attacks: Discover how attackers are already automating phishing, password cracking and social engineering at scale, with some criminal campaigns boasting success rates that would have been unthinkable without AI.
• Deepfakes and infiltration: Hear real cases of attackers using AI-generated identities and language tools to pass job interviews and access company systems, including documented North Korean operations.
• 
  
• The autonomy debate: Join the debate over whether we’re seeing the emergence of fully autonomous AI attacks or just more sophisticated versions of existing threats, and what it means for risk management and defending against a fast-paced, well-funded adversary.

Ideal for any cybersecurity professional looking for sharp perspectives and real-world examples on the present and future impact of AI in the hands of attackers.

The New Question for Cybersecurity:

"We don't need to ask anymore, ‘Do we have good security?’ What we have to say, and what the question should be is, ‘Are we resilient when AI is being used against us? And how do we do that from a technology perspective?’ And there's no one answer."

Richard Cassidy

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• AI as the New Adversary Learn how criminals are using advanced AI tools to make cyber threats less predictable and harder to control.
• Phishing Supercharged by AI Discover why AI-generated phishing campaigns achieve significantly higher success rates than traditional attempts and what makes them harder to spot.
• Deepfakes and Recruitment Fraud Hear how attackers use deepfakes and voice-changing technology to impersonate job candidates and infiltrate organisations under false identities.
• Automation and Evolving Malware Explore the debate around whether malware can autonomously adapt and rewrite itself, reducing the need for human hackers to intervene directly.
• Limits of Current AI Threats Understand why truly autonomous, intelligent cyber attacks aren't widely observed in the wild yet, despite AI amplifying certain attack vectors.
• Economic Shift in Cybercrime See how AI has lowered costs and barriers to entry for cybercriminals, allowing attacks to scale rapidly...

Are you making career moves in cybersecurity or is cybersecurity making moves around you?

Welcome to Razorwire. In this episode, I sit down with Marius Poskus - CISO, consultant, podcaster and all-round cyber expert - to how to succeed in cybersecurity. We discuss career paths, why security culture fails in most organisations and the risks of rushing into AI without understanding what you're doing. Whether you're trying to break into the industry or you're leading security strategy, this conversation covers what works and what doesn't.

Summary:

Want to break into cybersecurity without wasting time on the wrong certifications? Wondering why your security programme keeps failing despite all the tools you've bought? We have the answers.

From physical security in Lithuania to CISO at a global fintech, Marius explains why pen testing is a terrible entry route for juniors, why compliance doesn't stop breaches and why giving AI control of your SOC is riskier than most people realise.

We discuss how to build actual security skills (not just a collection of certificates), why punishing people for clicking phishing links backfires and why you need to stop firefighting incidents and start preventing them. Marius also shares why so many organisations buy expensive tools that solve nothing and what happens when you remove humans from security decisions.

Key Talking Points:

1. The Truth About Career Pathways:
2. We debunk common myths about entry routes into cybersecurity, explains why starting in a SOC makes strategic sense and shares advice for hands-on learning that goes beyond certifications.
3. Security Culture and Human Factors:
4. We discuss why technologists and business leaders often miss the mark on culture, how reward (not punishment) transforms security behaviours and what happens when compliance is mistaken for genuine protection.
5. AI, Emerging Threats and Resilience:
6. Marius reflects on the dangers of autonomous AI-driven security, the future of continuous assessments and why building resilience matters more than chasing perfection. If you want a blunt take on what’s coming next in cyber risk, this episode will challenge your thinking.

Tune in for real world stories, hard-won lessons and clever insights you can use right now, whether you’re climbing the infosec ladder or shaping your organisation’s security future.

The Future of AI in Software Development:

“Everyone thinks that pen testing is sexy. How many pen testing roles are you going to find in a junior space? So if I'm playing numbers game, go in a SOC, learn cyber defence, build up all of your skills and then you pivot to wherever you want because that's the easiest path.”

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Choose your entry point strategically: Why starting in a SOC gives you more options than chasing pen testing roles straight away and how to play the numbers game when breaking into the industry.
• Focus on skills that actually get you hired: Why hands-on experience with home labs matters more than stacking certifications and what employers really look for in junior candidates.
• Understand why pen testing isn't an entry-level path: Most junior roles are in Security Operations Centres, not penetration testing. Learn why

Is your security stack making you safer or just adding to the chaos?

Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.

In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.

Three key reasons to listen:

• “Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.
• Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.
• The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.

If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.

Welcome to the Future: Solving Problems, Not Just Selling Tools

"If you're coming to market, remember the product is only half the game.

Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it.

If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.

Richard Cassidy

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.
• Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.
• Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.
• The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds...

Are you prepared for the psychological toll that comes with handling disturbing content in the cybersecurity world?

Welcome to Razorwire, where today we’re exploring into the realities behind a career in cyber, from technical warfare to the often-overlooked human cost.

In this episode, I’m joined by therapist and consultant Eve Parmiter to examine the real psychological impact of repeated exposure to distressing material that many of us face during incident investigations, content moderation and threat research.

Eve draws on her background in trauma therapy and real-world experiences both inside and outside of cybersecurity. Together, we discuss why even seasoned professionals struggle to talk about their experiences, how secondary trauma manifests in our daily lives and what can actually help in environments that don’t provide enough support.

If you've ever had to investigate colleagues, review disturbing material, or make impossible decisions under pressure, this conversation will resonate. We don't shy away from hard truths, but we do focus on practical ways to build resilience and find some measure of satisfaction in doing the right thing - even when it's difficult.

1. Understand the true impact of secondary trauma in cyber roles.

We break down the difference between stress, burnout and trauma specific to cybersecurity professions, exploring how exposure to disturbing content changes your outlook - and why it’s not a personal weakness.

2. Learn why most pros don’t talk about their struggles and how to break the silence.

Eve explains why lacking the right language keeps many from processing what they experience and offers insight into building peer support systems and practical organisational responses.

3. Discover tested strategies for coping and recovery.

You’ll leave with actionable advice straight from the worlds of therapy and cyber on how to protect yourself, when to seek help and the importance of cultivating supportive communities.

Tune in for a genuine, valuable discussion that puts the mental health of cybersecurity professionals front and centre and find out how to make a tough job more sustainable for yourself and your team.

Why Self Care Isn't Enough for Trauma

"You can't self care your way out of trauma. There is no amount of bubble baths or ice baths that are going to remove certain images or certain experiences."

Eve Parmiter

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• The Psychological Impact of Difficult Materials. Why exposure to traumatic or distressing digital content leads to anxiety, depression and long term negative outlooks.
• Challenges Discussing Trauma in Cybersecurity. How professionals can overcome their reluctance to discuss experiences when they lack the language or organisational support.
• Primary vs Secondary Traumatic Stress. Learn how to identify when direct and indirect exposure to disturbing content creates real psychological effects that often resemble PTSD.
• Addressing Vicarious Trauma and Worldview Shifts. How to cope when repeatedly witnessing other people's trauma changes how you perceive the world and interact with your environment.
• Moral Distress and Injury in Decision Making. Find out how to manage situations where you face ethical dilemmas...