hello@seconcyber.com
In 2025, the conversation around cyber security shifted. Organisations stopped asking, “What tool do I need?” and started asking, “Are we ready to respond when it counts?”
That’s what our Cyber Security in Focus series set out to address. Across 15 expert-led webinars, we explored what’s really working in cybersecurity today, and what isn’t. We tackled the hard questions, cut through the buzzwords, and surfaced practical strategies from ethical hackers, resilience specialists, and hands-on security leaders.
This is your complete recap of 2025. Each session is a blueprint for real progress. If you’re looking to build clarity, resilience, and control into your security strategy, you’re in the right place.
1. API Security: From Unknown to Under Control.
With APIs powering everything from cloud platforms to customer portals, most organisations are more exposed than they realise. Dr Katie Paxton-Fear, from Traceable, broke down how to take control of API security, from discovery and ownership to risk-based protection and tooling.
Why it matters: You can’t secure what you can’t see. And for most teams, their APIs are still invisible.
Watch this webinar here.
2. Risk Communication: Ditch the Fear, Tell the Truth.
Javvad Malik from KnowBe4 joined us to challenge the industry’s overuse of fear-based messaging. We explored how security leaders can build trust with stakeholders through storytelling, clarity, and relevance.
Why it matters: Panic doesn’t drive investment. Credibility does.
Watch this webinar here.
3. Security Culture That Actually Changes Behaviour.
Hoxhunt’s Maxime Cartier outlined a better way to influence employee behaviour, not through once-a-year training, but through continuous engagement and personalised reinforcement.
Why it matters: People don’t remember policies. But they do remember well-timed prompts that help them act.
Watch this webinar here.
4. PCI DSS v4.0.1: Compliance Gets Real.
Johan van Zyl from Risk X gave a detailed walkthrough of what’s changing in PCI DSS and what businesses must do to prepare for the April 2025 deadline.
Spoiler: it’s a lot more than just ticking new boxes.
Why it matters: Compliance doesn’t equal security, but done right, it’s a powerful step toward resilience.
Watch this webinar here.
5. Asset Management: From Spreadsheets to Strategy.
Andy Norton from Armis showed how asset visibility, when done properly, can transform incident response, reduce false positives, and support tighter policy enforcement.
Why it matters: You can’t respond to what you haven’t discovered. Visibility isn’t a task, it’s a capability.
Watch this webinar here.
6. PKI Without the Pain.
With shrinking certificate lifespans, exploding volumes, and quantum risk on the horizon, Martijn Katerbarg from Sectigo explained how organisations can modernise their PKI strategy and prepare for the future of trust.
Why it matters: Manual PKI won’t scale and it won’t survive quantum.
Watch this webinar here.
7. Operational Resilience Starts With Continuous Monitoring.
Quod Orbis’ Jason Wilkes showed how Continuous Controls Monitoring (CCM) replaces static reporting with real-time insights — enabling faster risk decisions and tighter governance.
Why it matters: Waiting for an audit to learn you’ve failed is a risk you can’t afford.
Watch this webinar here.
8. Third-Party Risk: See the Gaps Before They Become Breaches.
Using Black Kite’s intelligence platform, we explored how to map vendor risk, quantify potential impact, and collaborate on remediation, all without the guesswork of outdated scorecards.
Why it matters: If your supply chain has blind spots, so does your security.
Watch this webinar here.
9. Compliance vs. Resilience: What’s the Real Goal?
Bradley Geldenhuys from Vendifi helped organisations shift their thinking, from pass/fail audits to operational resilience. We discussed how to stress-test systems, vendors, and response plans.
Why it matters: Audits are about looking back. Resilience is about looking ahead.
Watch this webinar here.
10. Vulnerability Remediation in the Age of AI.
David Gray from Vicarius explained how attackers are using AI to weaponise vulnerabilities faster and what defenders can do to shift from reactive patching to smart, prioritised action.
Why it matters: You can’t patch everything. But you can fix what matters most, faster.
Watch the webinar here.
11. Fixing What’s Broken in Vulnerability Management.
HD Moore, Founder and CEO of RunZero, exposed how current tools miss vast swathes of the attack surface. His message? Stop waiting on CVEs, focus on exposure and visibility first.
Why it matters: CVSS scores aren’t strategy. Start where attackers start, with what they can see.
Watch the webinar here.
12. Inside the Mind of a Hacker.
Glenn Wilkinson ran a live simulation of a phishing attack that escalated to full ransomware and then showed how RedFlags could have stopped it with just a few timely nudges.
Why it matters: Most breaches start with a user. Behavioural nudges can end them before they begin.
Watch the webinar here.
13. Ransomware Response in the Age of AI.
With AI accelerating both attack and recovery, Rubrik’s Andy Lawrie and Adam Bouchlaghem joined us to unpack how modern ransomware campaigns target backups and demand resilience in recovery strategy, not just prevention.
Why it matters: Your response plan is your resilience. It needs to be tested, orchestrated, and fast.
Watch the webinar here.
14. ZTNA Unfiltered: Cutting Through the Hype.
In this panel, Secon’s Linton Geach and Hayden Anderson joined Cato Networks’ Richie Fry and Infinigate explored what real Zero Trust Network Access looks like and how to move from VPNs to a more scalable, secure, identity-driven model.
Why it matters: ZTNA is no longer optional. But labels aren’t enough, strategy is.
Watch the webinar here.
15. Ransomware 2025: Get Ready or Get Wrecked.
In our final webinar of the year, Glenn Wilkinson, CEO of Agger Labs, returned to walk through the modern ransomware playbook, from initial access to extortion and what it takes to stay ahead in 2026.
Why it matters: Today’s ransomware actors behave like professional businesses. You need a response strategy that’s just as mature.
Watch the webinar here.
What 2025 Taught Us.
Every session pointed to the same message: security isn’t about chasing tools or frameworks. It’s about building practical, sustainable capabilities that actually work when it counts.
Across API exposure, ransomware recovery, security culture, post-quantum trust, and third-party risk, the message was clear:
- Visibility is non-negotiable
- Compliance is no longer enough
- Culture is more than awareness
- Recovery is now the real benchmark
- And resilience is the only way forward
What’s Next: Cyber Security in Focus Becomes a Podcast.
In 2026, Cyber Security in Focus is evolving, from a webinar series into a new podcast built for busy, security-conscious professionals.
The format may be changing, but the mission stays the same. We’ll continue to bring you sharp, unfiltered insight from frontline experts. This time in short, focused episodes you can listen to on the move. Whether it’s ransomware response, supply chain resilience, secure access strategies, or human behaviour in cyber security, each conversation will cut through the noise and get straight to what matters: practical security insight you can act on.
To be the first to know when we launch, follow Secon on LinkedIn and keep your ears open. Cyber Security in Focus: The Podcast drops in early 2026.