Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On the podcast: DORA compliance needs IT, security and business talking daily. Silos won’t cut it anymore.

“We haven’t seen any substantive change in cybersecurity — unless it’s driven by compliance. PCI DSS got people moving, but only on part of their data. Enforcement is what’s waking people up.”

Six months into DORA — is financial services building real resilience or just ticking boxes? In this episode of Razorwire, host James Rees is joined by Richard Cassidy, Jonathan Care, and first-time guest Romain Deslorieux to dissect how the Digital Operational Resilience Act (DORA) is really playing out in financial services — beyond the policies and into the pressure.

“You’re securing an institution layered with decades of outdated tech.” Unlike startups, NHS security means battling generations of forgotten systems.

“Different integrators, no escrow, legacy code… it’s a big mess.” The NHS faces systemic tech failures that sabotage even the best InfoSec intentions.

“People don’t take security seriously until it’s too late.” The NHS — like many institutions — only acts after the damage is done. That has to change.

“You’re inheriting 30 years of technical debt — it’s a Frankenstein system.” New tech can’t save the NHS unless someone untangles the mess underneath.

“You’re not going to get top-tier infosec talent on a nurse’s salary.” Recruiting cybersecurity professionals into the NHS is a challenge when commercial roles pay double.

“Risk management in the NHS is complicated by how huge and federated it is.” With so many moving parts and limited visibility, NHS cyber defence needs more than tools — it needs clarity. NHS federated systems, risk visibility, cyber governance, InfoSec complexity, UK health IT.

“You get into InfoSec to protect people, but the NHS grinds you down.” Staff shortages, complex systems, and limited budgets make burnout a serious issue in healthcare cyber.