Part 1 – Overcoming professional challenges Despite the high demand for information security professionals, the path to a successful career in this field is not without its challenges. Those who choose to pursue a career in information security must be prepared to face a range of difficulties and obstacles, from the pressure to stay up-to-date with the latest technology and trends, to the constant threat of cyber attacks.

In this video, we delve into the alarming estimates provided by Sub-Security Ventures, a trusted cyber crime magazine and an invaluable resource. Brace yourselves as we uncover the staggering projection that cyber crime will cost the world economy a staggering $8 trillion in 2023, up from $6 trillion just a few years ago. That's an average increase of a trillion dollars annually! But here's the shocking truth: while the cost of cyber crime skyrockets, our investment in protection organizations, whether public or private, between 2021 and 2025 is predicted to be a mere $1.75 trillion.

In this episode of Razorwire, I had the pleasure of speaking with Phil Tonkin from Dragos about securing critical infrastructure. Phil and I delved into the definition of critical infrastructure, the fragility of supply chains and the importance of preparing for potential attacks. We also talked about the Colonial Pipeline incident and the inextricable link between IT and OT in critical infrastructure.

Welcome back to the show! In this episode of the Razorwire podcast, I have the pleasure of discussing defence in depth with Razorthorn’s own illustrious consultants, Jamie Hayward and Tom Mills. During our conversation, we talked about the increasing number of tools and solutions available, the perils of ‘reactive’ budget allocation, as well as the changes we’re seeing in the industry and within our clients’ requirements.

Penetration tests are crucial to any organization's cybersecurity strategy, but they're not the whole story. Without a way of tracking and resolving the issues uncovered in these tests, they become nothing more than a snapshot in time. In the same way that software defect systems help organizations track and manage bugs, it's essential to have a system in place for measuring and addressing cybersecurity vulnerabilities. Whether deciding to fix the issue immediately or scheduling it for a future release, tracking and actioning findings is essential for staying ahead of potential threats.

Are you conducting regular penetration testing on your organization's security measures? If so, you might be missing out on a crucial step that could make you even stronger. In this video, cybersecurity expert Megan Brown shares her insights on why it's essential to proactively seek out and address any potential gaps in your security measures. As Megan explains, knowing where the bodies are - where the bones are buried - can help you identify areas of weakness and take action before they become a major issue. So why wait until it's too late?

Jonathan Care shares a cautionary tale for those considering making a name for themselves by infiltrating criminal gangs on the dark web. While it may seem like an exciting and thrilling adventure, it's crucial to understand the real dangers involved. These are not just disaffected teenagers having a laugh together - these are serious and organized criminals with monetary intent.

In this video, we sit down with Jonathan Care, a renowned cybersecurity expert, to explore the question of whether or not money should be the primary motivation for pursuing a career in pen testing. Jonathan shares his insights on the importance of passion and the potential drawbacks of focusing solely on financial gain. Join us for a thought-provoking discussion on the role of money in the world of pen testing, and whether it should be a driving factor in your career decisions.

In this video, Jonathan Care shares his views on the usefulness of bug bounty programs in instilling public confidence in a product. He notes that for payment service providers, large online retailers, and those with substantial B2C or B2B2C offerings, bug bounty programs can be particularly valuable. Additionally, if a company's clientele is security conscious, implementing a bug bounty program can be a useful piece in their overall security strategy. Jonathan does not believe that bug bounty programs will replace traditional pen testing, as both are important measures of quality. Ultimately, he emphasizes the importance of implementing a comprehensive security strategy to maintain public trust in a product.

In this video, James Rees shares his concerns about the lack of transparency in bug bounty programs. He highlights the fact that testers are not always properly vetted or regularly checked, leaving companies unsure of who is testing their systems. He also notes that certain regions tend to have more malicious actors, raising questions about the validity of testers from those areas. This lack of transparency can be concerning for companies and users alike, and James encourages more accountability and validation measures to be put in place for bug bounty programs.