Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Should organisations pay ransomware demands? Canvas recently paid after a breach exposed student data. Now US Congress is questioning whether payments should be illegal. In this episode of Razorwire Raw, James Rees tackles the ransomware payment dilemma. Ransomware groups operate like commercial organisations - if they don't honour agreements to delete data after payment, nobody would pay them. Some negotiators have been caught telling attackers what insurance payouts will cover.

It took 10 minutes and a free online tool to deepfake Jim’s voice, with no expertise and no cost involved.

Cyber warfare is no longer theoretical. Nation states are actively targeting critical infrastructure, utilities and government systems. AI is accelerating offensive capabilities and most organisations aren't prepared. In this episode of Razorwire Raw, James Rees discusses the reality of cyber warfare and what's coming. State-sponsored attacks and government-backed cyber operations are already happening at scale.

People stop answering the phone when every call sounds like the same recycled script pushed through the same tired sequence. Different buyers want different approaches, so if you cannot explain your value clearly and naturally, the call is over before it starts.

OpenAI just announced Daybreak, their cybersecurity AI model with three tiers of access. GPT-5 handles general work. GPT-5.5 does secure code reviews, vulnerability triage, malware analysis and patch validation. GPT-Cyber handles red teaming and penetration testing. In this episode of Razorwire Raw, James Rees explains what Daybreak means for the cybersecurity industry and why vulnerability scanning companies, pentesting firms and security tool vendors should be concerned.

Sales desperation often starts higher up the chain, where investor pressure, weak go to market planning and unrealistic growth targets shape bad behaviour. When companies measure the wrong things, they create scripted, frantic sales motions that annoy buyers and burn trust fast.

Technical skill opens doors, but communication is what gets ideas accepted by leadership. In cybersecurity, the real challenge is often turning complex risk into clear business language that a CEO, CTO or CFO understands straight away.

Bad sales habits often come from low effort, low curiosity and people who stop learning once they land the role. When sales becomes lazy, every decent salesperson has to fight twice as hard to rebuild trust with buyers who are already tired of being spammed.

The biggest mistake is assuming persistence alone will win the deal. Repeating the same message and listing product features without understanding the real pain points makes the whole approach feel tone deaf from the start.

Nothing kills trust faster than pitching services to someone who already does that work for a living. If your outreach is auto generated, poorly targeted and built on zero research, most CISOs will write you off before you ever get a second chance.

Desperate sales outreach rarely works because it feels generic and self serving from the first line. A better approach starts with real research, a relevant human detail and a message that proves you paid attention before trying to earn the conversation.

Why do so many vendors still get it wrong when selling to security leaders? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, I’m joined by Marius Poskus, CISO at a fintech organisation and host of the Cyber Diaries podcast, and Simon Woods, co-founder of One Compliance and a salesperson who’s been working in cybersecurity sales for over 15 years.

This episode breaks down why so many sales approaches fail with CISOs, from lazy research and scripted persistence to tone deaf messaging and zero trust building. It also shows what works better, active listening, free value, real relationships and outreach that respects how security leaders think and buy.

Not every undisclosed bug is undiscovered; some are quietly sold through brokers to whoever pays the most. Governments, criminal groups and private buyers all compete in a shadow market where valuable software flaws become products long before the public ever hears about them.

The deepest threat is not that AI finds one clever bug, it is that it can do offensive work at a scale humans never could. Tasks that once demanded time, money and elite skill can now be accelerated, repeated and widened far beyond the limits of a traditional red team.

The next phase of cyber conflict may not be human against human, but attacking agents against defending agents at machine speed. Offensive models will probe, adapt and retry, while defensive models learn to counter them, leaving humans to supervise a battle fought mostly by software.

The CISO role is facing its biggest challenge yet. AI adoption is happening faster than any technology shift in history and security leadership is struggling to keep up. Accountability is increasing whilst the ability to control AI implementation is decreasing. In this episode of Razorwire Raw, James Rees explains why CISOs are finding it nearly impossible to manage AI security risks at the speed organisations are deploying the technology.

If one new model sends the whole security team into panic, the real problem is often weak architecture, weak monitoring and weak preparedness. Defence in depth, patching, incident response and proper visibility still matter more than fear of the latest AI announcement.