Is burnout in cybersecurity inevitable, or are we finally learning how to prevent it?

Welcome to Razorwire. In this episode, I sit down with clinical traumatologist Eve Parmiter and occupational psychologist Bec McKeown to talk about what's really happening in high pressure cyber roles. This isn't about vague wellness advice or corporate tick-box exercises. We're looking at the actual mechanics of burnout: why CISOs are breaking under impossible expectations, how remote work has changed team dynamics and what the early warning signs look like before someone hits crisis point. If you work in cybersecurity, particularly in leadership or incident response, this conversation offers strategies you can use today.

Summary

Two-thirds of cybersecurity professionals say their jobs are more stressful now than they were five years ago. The pressure is mounting, but the support systems aren't keeping pace. In this conversation, Eve and Bec bring research, clinical experience and real examples to explain why burnout is becoming an occupational hazard in cyber teams. We talk about the gap between a CISO's responsibility and their actual authority, why technical skills alone won't protect your team from collapse and how to spot the signs that someone is struggling before it becomes a crisis. We also cover what actually works: building teams that can handle pressure, creating cultures where people feel safe to speak up and finding peer support through initiatives like the Mental Health in Cybersecurity Foundation.

Three Key Talking Points:

1. Human Factors and the Reality of Leadership Burnout
2. Understand why burnout is becoming an occupational hazard for cyber leaders, especially CISOs, who are caught between responsibility and a lack of real power. Learn how unaddressed team dynamics, poor succession planning and social isolation create stress that technical controls alone cannot fix.
3. Spotting Burnout Early - Inside and Around You
4. Get practical advice on identifying warning signs in yourself and your colleagues. We discuss real strategies for managers and peers: recognising behavioural changes, loss of humour, withdrawal and other ‘red flags’ that are far more accurate than any policy checklist.
5. Building Resilience and Finding Peer Support
6. Discover actionable steps for resilience, beyond ‘just coping’, including the creation of peer communities like the Mental Health in Cybersecurity Foundation. Find out how a shared community is essential to surviving and growing in this field.

If you want real answers about burnout, actionable insights for your career and lessons from the frontline of cybersecurity wellbeing, this is one episode you can’t afford to skip.

On power vs responsibility:

“CISOs are a great example. You only have so much power, but you've got a high degree of responsibility, and personal responsibility coming into it. So that can feel very unfair and very unbalanced and that can create a lot of resentment.”

Eve Parmiter

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Understanding Burnout Trends in Cybersecurity Learn why 66% of professionals report higher stress levels than five years ago and what's driving the increase across the industry.
• Recognising Human Factors as Security Risks Discover how overlooking team wellbeing creates vulnerabilities that no technical control can

Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.

I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.

Summary

We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.

Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.

Key Talking Points

1. The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.
2. Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.
3. Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.

On the security of key documentation:

"Attackers aren't breaking in anymore, they're logging in."

David Higgins, CyberArk

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.
• From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.
• Zero Standing...

How can small and medium businesses protect themselves from cyber threats without spending a fortune or just ticking boxes for compliance?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, we’re taking a look into the challenges faced by SMEs on the journey through cybersecurity compliance and insurance.

I’m joined by Lewis Lockwood from Incursion and Josh X of Capsule, who bring experience from the front lines of offensive security and insurance broking. Together, we tackle the misconception that security is prohibitively expensive and explore how smart strategies can strengthen your defences without breaking the bank.

Summary

We tackle a topic at the heart of SME cybersecurity struggles - from box-ticking compliance to negotiating cyber insurance and surviving data breaches. Lewis Lockwood explains why Cyber Essentials is more than a paperwork exercise and how agility can be a secret weapon for smaller companies. Josh X talks about the realities of selling cyber insurance to resource-stretched businesses, the importance of aligning insurance with actual security posture and the real risks hidden even in smaller businesses.

Whether you’re a founder, IT manager or just curious about how attackers think, you’ll get practical advice, cautionary tales and actionable steps you can take today.

Key Talking Points

• Cyber Essentials as Practical Defence, Not Just Compliance Learn why basic frameworks like Cyber Essentials shield SMEs from common attacks, offering affordable, actionable protection that goes well beyond box-ticking.
• How Insurance and Security Must Work Together Discover the realities of cyber insurance for small businesses, including why your security posture affects premiums and claims, and what actually happens if you’re hit by ransomware or invoice fraud.
• Learning from Real-World Breaches and SME Pitfalls Hear first hand stories about high profile incidents, negotiation tactics with threat actors and how even a local florist or butcher can be targeted. Understand why continuous education, simple security controls and the right insurance mix can prevent both financial disaster and sleepless nights.

Tune in for a conversation that’s honest, insightful and practical - with takeaways you can put into action immediately, no matter your company size.

On the security of key documentation:

“Where are you storing your insurance documents? If someone wants to get into your network, the easiest thing to do is to look at their insurance documents and be like, okay, they've got a million pound limit, let me ask for £2 mil.”

Josh X, Capsule

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Cybersecurity Cost Perceptions Why the belief that security is prohibitively expensive for SMEs is misleading and what actually drives costs.
• The Role of Cyber Essentials How Cyber Essentials provides a practical, affordable security baseline for small and medium businesses without breaking the bank.
• Insurance as a Safety Net Why cyber insurance can't replace proper security measures and how to understand its role as a last resort, not a first line of defence.
• SME Agility in Security How smaller organisations can use their size as an...