The Impact of Compliance and Legislation

Josh Davies, Keith Christie-Smith, and I dive into the world of legislation and compliance and explore the stark contrast between the need for rigorous security and the burden placed on businesses to comply.

“One of the big problems we have in security is that you spend all this money pre-empting your defence in depth to try to protect you against things that you could perceive could happen to you.” Josh Davies

Listen to this episode on your favourite podcasting platform:

In this episode, we covered the following topics:

  • What do the changing regulations and compliance requirements in the information security field mean for businesses?
  • The advantages of a security first approach
  • How being compliant in itself doesn’t necessarily mean your organisation secure
  • The irony of having a cyber incident justifying the budget for adequate security measures
  • The opposition of legislation vs growth and innovation
  • The concept of ‘legislation fatigue’ – is there a danger of having to comply with too many standards?
  • The importance of understanding the intent behind the compliance requirement
  • What is the difference between too much or too little legislation on security measures?
  • The limitations of generic security frameworks vs frameworks targeted to specific industries such as PCI DSS
  • The challenges of creating universal standards


Josh Davies

Josh Davies is a Product Manager at Fortra by Alert Logic. Formerly a Security Analyst and Solutions Architect, Josh has hands on experience in incident response and threat hunting activities before working with organisations to identify appropriate security solutions. Josh continues to be closely involved with security operations and threat research.  

Keith Christie-Smith

Keith is a sales director with Claroty, covering the Government, Defence and Healthcare verticals. Keith has worked in the cyber security field for both vendors and resellers. He has been in cyber security for over a decade having worked in IT managed services for almost a decade beforehand.  

Other episodes you’ll enjoy

Ransomware Sanctions: Exploring the Fallout

Threat Intelligence: Why Awareness is Critical, and Collaboration is Essential

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email

If you need consultation, visit, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD


Loved this episode? Leave us a review and rating here

Follow Us