Artwork for podcast Razorwire Cyber Security & InfoSec Insights
All the Gear and No Idea: What's Actually Going Wrong in Security with Gary Hibberd
Episode 9325th March 2026 • Razorwire Cyber Security & InfoSec Insights • Razorthorn Security | Cybersecurity & InfoSec
00:00:00 00:38:38

Share Episode

Shownotes

The industry is full of people making security sound complicated so they can sell you the fix. Gary Hibberd and Jim talk about what actually works in cybersecurity.

Welcome to Razorwire, where we bring you directly into honest conversations with the minds shaping our industry. I’m your host, Jim, and in this episode, I sit down with Gary Hibberd, co-founder of Consultants Like Us and a veteran of the security, data protection and privacy world.

We talk about why so many organisations pour money into security tools and chase compliance without doing the real work underneath, and why it still leaves them exposed. Gary makes the case that one of the biggest security challenges right now is simply speed, that people and organisations are moving too fast to think clearly, and that slowing down is one of the most effective things you can do. We discuss where the industry is heading, why the focus needs to shift from cybersecurity as a purely technical discipline towards genuine organisational resilience and what it takes to cut through the noise of influencers and vendors selling quick fixes that don't exist.

We also get into the challenges facing people newer to the industry who are trying to work out who to listen to, why communication and understanding risk matter just as much as technical skills, and why owning your place at the boardroom table is something the security community still needs to get better at.

Key Talking Points:

  1. Why technical tools and frameworks aren't enough: Gary uses his marathon analogy to explain the issues with buying security kit without doing the work underneath. He and Jim share examples from the field and discuss why leadership and commitment matter more than the software you’ve bought.
  2. Beyond cybersecurity: why organisational resilience is the real goal: If your organisation treats security as a purely technical problem, it's missing the bigger picture. Gary and Jim make the case for why the industry needs to move beyond siloed thinking and start building genuine organisational resilience, and what that actually looks like in practice.
  3. How to avoid security "false prophets" and spot real expertise: Gary talks about the rise of influencers selling easy compliance that doesn't exist, from GDPR vendors promising a magic fix to people with big platforms and limited experience. He and Jim discuss what to look for in trustworthy voices and why critical thinking still matters more than following whoever shouts the loudest.

Join us for an episode filled with real-world insights, practical takeaways, and a reminder that believing in yourself, and your value at the table, is the ultimate career defence.

On why products alone won't protect you:

"People go, oh, I've got IDS, I've got a SOC, I've got SIEM, I've got this platform, I've got that thing. And you're going, okay, so when was the last time you sat down as a team and talked about what it means to you as a business?"

Gary Hibberd


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

  1. From IT to Infosec Find out how Gary's path from office admin and Lotus Notes programming through to European crisis management at GE Money shaped his approach to practical security thinking.
  2. Hacker Culture & Mindset Explore why the original meaning of "hacker" was never a negative term, and how curiosity and a desire to push technology beyond its limits drove a whole generation into information security.
  3. Evolution of Security Challenges Learn why organisations are moving too fast to make good security decisions and why slowing down might be one of the most effective defences available.
  4. Impact of Compliance & Frameworks Understand why standards like ISO 27001 and GDPR had to be introduced because organisations weren't securing data on their own and what that tells us about where the industry still falls short.
  5. False Prophets in Cyber Find out how the rise of influencers with big platforms and limited experience are making it harder for newcomers and established professionals alike to find reliable advice.
  6. Misconceptions About Tools & Compliance Discover why buying security products is no substitute for doing the real work, and why so many organisations still confuse having the tools with actually being secure.
  7. Organisational Resilience as the Goal Find out why we should be treating governance, risk, compliance, business continuity and security as one conversation.
  8. Communication & Soft Skills Learn why communication, understanding people and managing risk are just as important as technical skills for anyone working in security.





Resources Mentioned

Consultants Like Us

ISO 27001

ISO 22301

Fortran

C

C++

Lotus Notes

Lotus Domino

Microsoft Certified Systems Engineer

GDPR (General Data Protection Regulation)

Data Protection Act

PCI DSS

Real Cyber Awards



Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

Instagram: Razorwire Podcast

Twitter: @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

Links

Chapters

Video

More from YouTube