Episode Details

Are you ready for the cybersecurity incident that could bring your business to a standstill?

On this episode of Razorwire, I sit down with Marius Poskus, a CISO and vCISO, to tackle one of the most crucial yet overlooked aspects of information security: incident response. Whether you’re leading a cyber team, supporting your board, or simply keen to sharpen your readiness, we dig into what happens when your best defences fail and chaos strikes.

We talk about what actually happens when an incident hits and why polished policies on their own aren't enough. From the practical realities CISOs face at the sharp end of an incident, through the pitfalls of security theatre, to the importance of clear communications and building resilience, we get into the lessons the playbooks often miss. Marius and I talk through wargaming, learning from unexpected scenarios and how to empower teams to make tough decisions on the fly.

Key talking points:

Wargaming the Unthinkable:

What happens when your CEO dies? When your entire C-suite is on a plane for six hours and unreachable? When someone poisons the fish at a team dinner? Jim and Marius talk about why the most valuable wargaming exercises aren't the predictable ones. Testing unusual, uncomfortable scenarios is what exposes the single points of failure nobody thought about and builds the kind of muscle memory that no written policy can replace.

Decision-making Authority in Crisis:

One of Marius's contacts had a major ransomware incident and needed to hire 200 people within hours. The biggest problem wasn't the attack itself, it was getting budget approved and contracts signed fast enough. Learn why pre-agreed access to emergency funds, signing authority and the ability to bypass normal procurement processes can be the difference between a swift response and days of lost time.

Security Theatre and Why It Falls Apart Under Pressure:

Marius has been making waves on LinkedIn talking about companies that want the appearance of security rather than the real thing. In this episode, he and Jim get into why polished policies that have never been tested crumble the moment a real incident hits, how to tell the difference between genuine preparedness and box-ticking and what it actually takes to build an incident response capability that works when it matters.

Listen and step inside the mindset every cybersecurity professional needs before the worst happens.

On testing your plan:

"You never want to run through an incident response scenario first time when the real thing happens."

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

1. The Importance of Incident Response Find out why incident response is still one of the most neglected areas of security, how to get organisational buy-in for proper preparation and what happens when the first time you test your plan is during the real thing.
2. Security Theatre vs. Real Preparedness Learn how focusing on the appearance of security rather than genuine preparedness leaves organisations vulnerable when a real incident hits, and what it takes to build real readiness through testing and practice.
3. Practical Tes