What happens when you gather some of the sharpest minds in cybersecurity for an end-of-year chat about where we've been and where we're heading?

Welcome to Razorwire's Christmas special. Today I’m chatting with some of our favourite guests from 2025: clinical traumatologist Eve Parmiter, cyber futurist Oliver Rochford, CISO and podcast host Marius Poskus and occupational psychologist Bec McKeown for roundup of the cybersecurity industry this year. This isn't a glossy year-in-review full of predictions and corporate optimism. We're talking about what's actually happened: how our teams are STILL burning out, the junior pipeline that's being hollowed out by premature AI deployment, the CISOs who are resigning because they're handed accountability without support and the businesses that want the appearance of security rather than the reality of it.

Summary

2025 has been a year of contradictions. Fewer ransomware victims are paying up, which suggests resilience is working. But burnout rates in cybersecurity remain above 59% and the systemic issues causing it aren't being addressed. Oliver brings data showing that AI-driven threat intelligence has been more marketing than reality. Marius shares why his CISO resignation letter post hit over 300,000 impressions and 3,400 comments. Eve explores whether there could be legal protections for cybersecurity professionals experiencing occupational trauma. Bec questions why security teams are expected to work under military-level pressure with none of the training or support.

We’re also looking ahead to 2026. Oliver predicts salaries will rise. Marius sees organisations scrambling to fix the mess that AI has created. Eve and Bec discuss what the younger generation might teach us about boundaries and refusing to put up with workplace nonsense. And we all agree on one thing: gravity needs levity. If you're going to survive in this industry, you REALLY need to laugh.

Three Key Talking Points:

The Theatre of Security

Understand why organisations hire CISOs for accountability but don't give them budget, support or a seat at decision making tables. Marius explains how this creates a cycle where security leaders are blamed when things go wrong, despite having no power to prevent them.

The Junior Pipeline Crisis

Discover why premature AI deployment is hollowing out entry-level roles across industries, including cybersecurity and law. We discuss the long term consequences of replacing junior analysts with AI before understanding what you're losing.

Burnout as Occupational Trauma

Learn why burnout in cybersecurity isn't just about individual resilience. Eve explores whether legal protections could be granted for work that causes inescapable harm, drawing parallels with content moderators and healthcare workers.

If you want an honest conversation about the state of cybersecurity in 2025 and what's coming in 2026, this is it.

On the appearance of security:

"Companies do not want security. They want the appearance of security. They hire a CISO to be the person who's accountable, the person who's on insurance papers, the person's name who's on client contracts, the person who is a face of the company of doing security, but actually he's not supported in budgetary terms in any other way."

Marius Poskus

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

1. 2025 Year in Review Explore what actually happened this year, from falling ransomware payment rates to the continued rise in burnout and stress levels across the industry.
2. Marketing-Driven Threat Intelligence Discover why claims about AI-enabled ransomware and nation-state AI usage turned out to be more hype than reality.
3. The CISO Accountability Trap Understand why security leaders are handed responsibility without power, budget or support and why so many are choosing to step back from leadership roles.
4. Burnout as a Systemic Problem Learn why organisations still treat burnout as an individual issue rather than addressing the systemic factors that cause it.
5. Legal Protections for Occupational Trauma Explore whether cybersecurity professionals could gain legal recognition for work-related harm, similar to content moderators and healthcare workers.
6. The AI Skills Shortage Coming in 2026 Find out why Oliver predicts salaries will rise as companies realise they've hollowed out their junior pipeline with premature AI deployment.
7. Economics vs Security Spending Understand why businesses treat security breaches like shoplifting and why perfect security isn't the goal for most organisations.
8. Cognitive Load and Dashboard Design Discover how principles from aviation flight deck design could reduce alert fatigue and improve security operations workflows.
9. The Younger Generation's Boundaries Learn what Gen Z might teach us about setting limits, refusing workplace nonsense and reframing work around life instead of the other way around.
10. Predictions for 2026 Hear what the panel thinks is coming next year, from salary increases to AI backlash and the potential consequences of neglecting security basics.

Resources Mentioned

1. Coveware (Ransomware Payment Data)

Referenced by Oliver regarding the drop in ransomware payments in 2025.

1. MIT Sloan (AI-Enabled Ransomware Claims)

Referenced by Oliver as an example of retracted threat intelligence claims.

1. Anthropic

Referenced regarding claims about nation-state actors using their AI service.

1. ISC2 Workforce Survey

Referenced by Eve Parmiter regarding burnout statistics (59%) in cybersecurity.

1. SolarWinds Breach and CISO Impact

Referenced by Jim regarding the personal toll on the SolarWinds CISO.

1. Health and Safety Executive (UK)

Referenced by Bec McKeown regarding employer responsibility for workplace stress.

1. Cloudflare Outages

Referenced by Marius Poskus regarding organisations bypassing WAF protections during downtime.

1. Anu AI (Foresight and Predictions Tool)

Mentioned by Oliver Rochford as his startup with a free community edition.

1. Mental Health in Cybersecurity Foundation

Referenced in context of ongoing burnout discussions.

1. Cyber Diaries Podcast

Mentioned by Marius Poskus as his podcast.

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and