Episode 67

full
Published on:

19th Mar 2025

Spotlight on Technology: Mastering Attack Surface Management

In our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks.

We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams. Nick shares eye-opening real-world examples that illustrate the hidden vulnerabilities present in even seemingly secure environments.

We cover how organisations can gain continuous visibility of their assets, extend security monitoring to third party suppliers and build a security culture that protects customer data effectively.

A must-listen for security professionals seeking practical advice on protecting against modern cyber threats.

Key Talking Points:

  1. Attack Surface Velocity: Learn how attackers can discover vulnerabilities within just hours instead of weeks, and how Censys's daily internet scanning helps organisations keep pace with this alarming speed. Nick talks about the mechanics behind this acceleration and what it means for your security strategy.
  2. Supply Chain Security: Discover the hidden risks in your vendor ecosystem through Nick's shocking real-world example of compromised medical equipment. This is a key example on why monitoring your suppliers' security posture is just as crucial as your own.

  4. Beyond Compliance: Understand why building a genuine security culture trumps mere regulatory compliance. Nick and I discuss practical approaches to embedding security consciousness throughout your organisation, from the C-suite to frontline staff.

Gain practical insights that will help you better defend your organisation. This conversation goes beyond theoretical concepts to deliver actionable security wisdom you can implement immediately.

"If you are looking at your external attack surface any less than daily, you're missing a trick. It has to be scanned at least daily, preferably in real time." 

-Nick Palmer, Censys


In this episode, we covered the following topics:

●     Attack Surface Management: Learn how to identify and manage your organisation's vulnerabilities to prevent cyber attacks.

●     Evolution of IT and Security: Gain historical perspective on how security challenges have evolved to better prepare for future threats.

●     Supply Chain Security: Discover techniques to protect your business from vulnerabilities introduced by third-party suppliers.

●     Legislation and Compliance: Understand how to navigate new regulations like DORA to avoid penalties and legal consequences.

●     Phishing Defence: Master strategies to protect your organisation from increasingly sophisticated social engineering attacks.

●     Rapid Response: Learn why and how to accelerate your security monitoring to match attackers' discovery capabilities.

●     Cloud Security: Acquire practical approaches to securing cloud and virtual environments against emerging threats.

●     Building Security Culture: Develop effective methods to embed security awareness throughout your organisation.

●     Continuous Monitoring: Implement cost-effective techniques for ongoing attack surface visibility to catch vulnerabilities before attackers do.

●     Security Tooling: Explore the latest technological innovations that can strengthen your security posture and response capabilities.


Resources Mentioned


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

YouTube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
🔒 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cyber risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.