Episode 81

full
Published on:

1st Oct 2025

The Hidden Costs of Security Stack Consolidation (That Vendors Don't Mention)

Is your security stack making you safer or just adding to the chaos?

Welcome to Razorwire, the podcast where we unravel the mess, myths and market realities behind today’s cybersecurity challenges. I’m your host Jim and in this episode, I’m joined by our favourite regulars Oliver Rochford and Richard Cassidy to tackle a topic that irritates every CISO: the security solution stack. We discuss the big questions about vendor motivations, tool sprawl and why consolidation so often promises more than it delivers.

In this episode, we set aside the sales buzzwords and look at what it really means to consolidate your security stack. Oliver and Richard share straight-talking insights from both the vendor and CISO perspectives. We debate why security platforms so often fail to reduce complexity and whether AI is about to solve - or simply mask - the underlying pain.

Three key reasons to listen:

  • “Noise in depth” versus defence in depth: Discover why having dozens of overlapping tools can actually increase risk and burnout, rather than improve your security posture. Hear insights on “noise in depth” and how it impacts the choices CISOs face.
  • Vendor incentives and the truth behind “consolidation”: Get an insider’s take on why vendors push for consolidation only when it benefits their stack, how lock-in happens and why most platforms are stitched together from half-baked acquisitions.
  • The hard reality of AI, integrations and future-ready strategy: Find out why AI and automation aren’t the magic fix the industry claims and what you actually need to do to keep your stack effective, adaptable and under control in a shifting market.

If you want honest, practical advice on managing cybersecurity complexity and want to hear what real CISOs wish they'd known before their last renewal, this episode is worth your time.


Welcome to the Future: Solving Problems, Not Just Selling Tools

"If you're coming to market, remember the product is only half the game.

Security teams, GRC compliance teams - they're drowning. Support, deployment, tuning and post-sales success – they really make or break from my organisations and ones that I talk to. So be the vendor that doesn't just sell the product, be the one that really helps operationalise it. 

If you're just here to sell a tool, you're already obsolete. If you're here to solve a problem and remove complexity, then welcome to the future.

Richard Cassidy


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen



In this episode, we covered the following topics:

  • Tool Sprawl vs. Defence in Depth Learn why organisations with dozens of overlapping security tools end up with noisy environments instead of effective layered defence and what CISOs actually see happening on the ground.
  • Vendor Incentives and Lock-In Discover how security vendors push you into consolidation within their own ecosystems while prioritising customer lock-in over real interoperability and simplification.
  • Platform Consolidation Cycles Understand why the industry keeps repeating the same consolidation mistakes and what you should consider instead of chasing the perfect platform that doesn't exist.
  • The Role and Myth of AI in Security Stacks Find out why AI won't magically fix your complexity problem and how it often just adds another noisy layer without reducing tool sprawl.
  • Integration Challenges and Data Standards Find out why lack of shared standards makes integration painful, and how to use your purchasing power to demand vendors support open standards and data portability.
  • Cost Fallacies of Consolidation Discover why promised cost savings from consolidating tools rarely appear once you factor in migration, retraining, integration and operational complexities.
  • System Integrators and Rising Complexity Learn why systems integrators and resellers often profit from complexity rather than simplification, and how to spot when you're being sold more than you need.
  • Shifting Vendor Strategies: Acquisitions and Synergy Understand how large vendors grow through acquisitions that never get properly integrated, and what to look for when evaluating whether a "platform" is actually unified or just a collection of separate products.
  • Staying Flexible as Things Change Learn why security leaders need agile, modular strategies and should avoid long-term commitments to match the pace of change in technology and security threats.


Resources Mentioned 


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.


Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security - from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

X:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security Insights

About the Podcast

Razorwire Cyber Security Insights
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.