Shauli Zacks
Published on: January 27, 2025
In today’s rapidly evolving digital landscape, staying ahead of cyber threats is no easy task. Razorthorn Security, a trusted name in cybersecurity consulting, has been helping businesses navigate these challenges for nearly two decades. To better understand their mission, services, and approach to tackling emerging risks, SafetyDetectives sat down with Sophia Durham, Sales Director at Razorthorn. With over 10 years of experience at the company, Sophia shares valuable insights into the key trends, challenges, and solutions shaping the cybersecurity industry. Here’s what she had to say.
Can you give us an overview of Razorthorn’s mission and the key services it offers in the cybersecurity landscape?
My name is Sophia Durham, and I’m the Sales Director at Razorthorn. I’ve been with the company for over 10 years now. Razorthorn is a dedicated cybersecurity and cyber intelligence consultancy that’s been around since 2007—18 years and counting.
Our key services revolve around four core areas:
- Cyber consulting
- Cybersecurity testing
- Cybersecurity managed services
- Cybersecurity solutions
We started in the consultancy space, which remains our core focus. Services like PCI DSS, ISO 27001, GDPR compliance, and, more recently, DORA regulations are foundational to what we do. With DORA specifically, we’ve been helping financial institutions adapt to the new standards coming into effect this month.
As we evolved, we expanded into testing services. We’re a CREST-certified organization providing various assessments, including traditional penetration testing for web and mobile applications. To address the evolving threat landscape, we’ve developed a continuous penetration testing platform. Unlike traditional point-in-time testing, this 24/7 always-on solution ensures vulnerabilities are identified and addressed in real-time, reducing risks between testing cycles.
While automation plays a big role in modern security, we still believe in the importance of manual intervention. Our platform combines traditional manual penetration testing with continuous monitoring to provide comprehensive coverage.
Beyond consulting and testing, we also offer managed services and tailored solutions by partnering with leading technology vendors, allowing us to cover the full spectrum of our clients’ cybersecurity needs.
What role does your team play in delivering Razorthorn’s services, and how do you ensure clients receive the highest level of security support?
We structure our teams to provide tailored support for each client. Every client is unique, with specific strategies, sizes, and priorities, so we build long-term relationships to address their needs effectively.
For example, in our testing services, each client is assigned a dedicated Customer Success Manager (CSM). This person is their main point of contact for questions, updates, and support throughout their engagement with us. Alongside the CSM, clients also receive a Project Manager and a Lead Penetration Tester, who is CREST-certified and has about 10 years of experience. This ensures that methodologies are properly followed and requirements are accurately addressed.
For consultancy clients, the setup is similar—they’re assigned a dedicated consultant in addition to the CSM. This multi-tiered approach allows us to offer comprehensive support, ensuring clients have access to expertise at every step.
We’ve been around for 18 years, and many of our clients have been with us for most of that journey. Our ability to evolve with their needs and consistently deliver high-quality services is why they stay with us.
Given the rapid evolution of cyber threats, what trends or emerging risks should businesses be most aware of going into 2025?
One of the biggest trends is the shift to the cloud. Many businesses are moving their operations online, which makes cloud vulnerabilities a significant risk. Misconfigurations in cloud environments are among the easiest ways for cybercriminals to infiltrate systems. While cloud service providers handle infrastructure security, the responsibility for configuration lies with the organization. A single misstep can leave you vulnerable.
To mitigate this, businesses should prioritize regular cloud testing, benchmark reviews, and continuous testing solutions to ensure their environments remain secure.
Another major concern is ransomware, which affects organizations of all sizes. Small businesses often think they’re not targets, but cybercriminals go for the easiest opportunity. Having strong security in place often deters attackers, pushing them toward less-prepared targets.
Lastly, we’re seeing a rise in AI-driven threats. Just as organizations are using AI to enhance their operations, cybercriminals are leveraging it to automate and amplify their attacks. AI-driven threats are becoming increasingly sophisticated, so businesses need to stay vigilant and proactive.
What are some of the biggest challenges companies face when trying to achieve compliance with regulations like GDPR, PCI DSS, or ISO 27001, and how does Razorthorn help them overcome these hurdles?
One major challenge is the sheer number of regulations. Organizations often need to comply with multiple frameworks, such as PCI DSS, ISO 27001, GDPR, DORA, and NIS2. Each framework has unique requirements, but there’s often overlap between them.
At Razorthorn, we help clients navigate this complexity through scoping and gap analyses. We start by identifying the regulations relevant to their operations and map the requirements across frameworks. For example, if a client is already compliant with ISO 27001, we can identify where they align with DORA or PCI DSS and highlight gaps.
From there, we provide a remediation roadmap and support clients throughout the process. Compliance isn’t a one-time effort—it involves ongoing monitoring and yearly certifications. We offer continuous support to ensure our clients remain compliant and avoid costly fines associated with non-compliance.
How do you see the field of cybersecurity evolving over the next few years, and what steps is Razorthorn taking to stay ahead of these changes?
Cybersecurity is constantly evolving, and attackers only need to succeed once to breach an organization, whereas defenders must be vigilant 100% of the time. This puts security teams at a disadvantage, so proactive measures are essential.
We emphasize preemptive security practices, such as regular monitoring, testing, and implementing strong policies and procedures. For example, red team assessments are invaluable. In these assessments, our team simulates a cyberattack to test how well an organization’s defenses, technology, and teams respond. This helps clients identify and address vulnerabilities before real attackers can exploit them.
To stay ahead, Razorthorn invests heavily in training, recruitment, and innovation. We ensure our team attends the latest conferences, conducts research on emerging threats, and continually improves our tools and methodologies. For example, recognizing the limitations of traditional pen testing, we developed our 24/7 continuous testing solution to meet the demands of an evolving threat landscape.
Our goal is to ensure clients are always one step ahead, equipped with the latest tools and knowledge to protect their organizations.