CRTFs Move From Concept to Reality… But the Hard Questions Begin Now

Cyber Resilience Test Facilities (CRTFs) have now moved from concept into operational reality, with the first product assessments completed and reports issued. This milestone confirms CRTFs as a risk-based assurance mechanism rather than a pass/fail certification scheme. Yet major challenges remain: governance, market interpretation, high-assurance integration with UK Telecoms Lab (UKTL), and international alignment. CRTFs are real, but adoption must stay meaningful.

Continue reading →

When Adoption Becomes The Goal, Risk Becomes Invisible By Design

This article examines how AI risk is obscured when organisations prioritise adoption over governance. Drawing on real-world examples, it argues that widespread AI usage is already endemic; but largely shallow, uncontrolled, and poorly understood. In regulated environments, optimising for uptake before addressing data lifecycle, verification, leakage, and accountability is not innovation, but a dangerous substitution of metrics for responsibility.

Continue reading →

Unable To Load Conversation: Why ChatGPT Is Not Infrastructure

A case study in how “AI support” fails the moment it actually matters. This article documents the loss of a critical ChatGPT workspace conversation through backend failure, followed by a support process that denied reality, looped incompetently, and ultimately could not accept its own diagnostic evidence. It exposes systemic fragility, misplaced corporate faith in “Copilot”, and why treating LLMs as reliable infrastructure, especially in regulated environments, is reckless.

Continue reading →

What Does It Take to Deliver? A Terrible Will

“Rise” by Public Image Ltd is not a song about hope or release. It is a manual for forward motion under pressure. Angular, repetitive, and unrelenting, it treats anger as usable energy rather than emotion. This track pairs with work done without validation, when opposition provides structure and refusal becomes propulsion.

Continue reading →

What It Means To Be A Business/Technology Architect In A Post Agile, Post AI World

What does it mean to be an architect in a post-agile, post-AI enterprise? This article explores architecture as sense-making, navigation, and organisational memory rather than artefact production. It examines the evolving role of domain and enterprise architects, the value they bring to fast-moving change programmes, and how good architecture enables speed without fragility by preserving coherence, optionality, and shared understanding over time.

Continue reading →

The UK Cyber Security and Resilience Bill 2025: What It Means and Why It Matters

The UK Cyber Security and Resilience Bill 2025 represents a major shift from sector-based cyber regulation to a broader national resilience framework. By expanding the NIS regime to data centres, managed service providers and critical suppliers, strengthening incident reporting, and introducing strategic governance and national security powers, the Bill closes long-standing gaps but raises challenges around proportionality, skills, regional delivery and SME impact.

Continue reading →

WTF is Short vs Long: What Is the Difference?

This article explains the difference between “long” and “short” positions in plain English, without the usual financial jargon. It breaks down how buying assets differs from selling what you don’t own, why professionals use both together, and why short positions carry unique risks. By the end, readers can confidently understand what investors mean when they say they’re long one thing and short another.

Continue reading →

Series Wrap-Up: Reconstructing Time, Truth, and Trust in UK Financial Services Data Platforms

This series explored how UK Financial Services data platforms can preserve temporal truth, reconstruct institutional belief, and withstand regulatory scrutiny at scale. Beginning with foundational concepts such as SCD2 and event modelling, it developed into a comprehensive architectural pattern centred on an audit-grade Bronze layer, non-SCD Silver consumption, and point-in-time defensibility. Along the way, it addressed operational reality, governance, cost, AI integration, and regulatory expectations. This final article brings the work together, offering a structured map of the series and a coherent lens for understanding how modern, regulated data platforms actually succeed. Taken together, this body of work describes what I refer to as a “land it early, manage it early” data platform architecture for regulated industries.

Continue reading →

When It Comes To Cyber The Midlands Defence Blueprint Is Polite Fiction

The Midlands Defence & Security Blueprint presents itself as decisive and strategic, but in reality it repeats the same structural failures that undermined Midlands Engine. Cyber remains subordinated, underfunded, and ownerless, while coordination is mistaken for delivery. Written from the perspective of a practitioner who has built cyber capability on the ground, this article argues that resilience will not come from another blueprint, but from funded authority, real centres, and delivery.

Continue reading →

The 2026 UK Financial Services Lakehouse Reference Architecture

An opinionated but practical blueprint for regulated, temporal, multi-domain data platforms: focused on authority, belief, and point-in-time defensibility. This article lays out a reference architecture for UK FS in 2026: not as a rigid blueprint, but as a description of what “good” now looks like in banks, insurers, payments firms, wealth platforms, and capital markets organisations operating under FCA/PRA supervision.

Continue reading →

When Everyone’s an Expert: What AI Can Learn from the Personal Trainer Industry

As AI adoption accelerates, expertise is increasingly “performed” rather than earned. By comparing AI’s current hype cycle with the long-standing lack of regulation in the personal trainer industry, this piece examines how unregulated expertise markets reward confidence over competence, normalise harm, and erode trust. The issue isn’t regulation for its own sake; it’s accountability before failure becomes infrastructure.

Continue reading →

Why Bronze-Level Temporal Fidelity Obsoletes Traditional Data Lineage Tools in Regulated Platforms

This article argues that in regulated financial services, true data lineage cannot be retrofitted through catalogues or metadata overlays. Regulators require temporal lineage: proof of what was known, when it was known, and how it changed. By preserving audit-grade temporal truth at the Bronze layer, lineage becomes an inherent property of the data rather than a post-hoc reconstruction. The article explains why traditional lineage tools often create false confidence and why temporal fidelity is the only regulator-defensible foundation for lineage.

Continue reading →

Snapchat’s Settlement Is Not the Story: The End of “We’re Just Platforms” Is

Snap’s quiet settlement of a social media addiction lawsuit is not a legal footnote, but a signal that the long-standing claim of platform neutrality is failing. As courts begin to scrutinise design-driven harm, exploitation does not disappear; it evolves. In a post-AI social environment, the greatest risk is no longer overt addiction, but systems that simulate agency and authorship so convincingly that dependency feels like sovereignty: posing a deeper threat to dignity than compulsion ever did.

Continue reading →

Should You Learn Java in 2026? A Practitioner’s View on Languages, Careers, and Context

Java is still widely taught in universities, but far less commonly chosen for new work in practice. This article reframes the question “Should I learn Java?” as a problem of context, career intent, and developer productivity, drawing on real-world demand rather than syllabus inertia.

Continue reading →

Cost Is a Control: FinOps and Cost Management in Regulated Financial Services Data Platforms

This article positions cost management as a first-class architectural control rather than a post-hoc optimisation exercise. In regulated environments, cost decisions directly constrain temporal truth, optionality, velocity, and compliance. The article explains why FinOps must prioritise predictability, authority, and value alignment over minimisation, and how poorly designed cost pressure undermines regulatory defensibility. By linking cost to long-term value creation and regulatory outcomes, it provides a principled framework for sustaining compliant, scalable data platforms.

Continue reading →

From Threat Model to Regulator Narrative: Security Architecture for Regulated Financial Services Data Platforms

This article reframes security as an architectural property of regulated financial services data platforms, not a bolt-on set of controls. It argues that true security lies in preserving temporal truth, enforcing authority over data, and enabling defensible reconstruction of decisions under scrutiny. By grounding security in threat models, data semantics, SCD2 foundations, and regulator-facing narratives, the article shows how platforms can prevent silent history rewriting, govern AI safely, and treat auditability as a first-class security requirement.

Continue reading →

Collapsing the Medallion: Layers as Patterns, Not Physical Boundaries

The medallion model was never meant to be a physical storage mandate. It is a pattern language for expressing guarantees about evidence, interpretation, and trust. In mature, regulated platforms, those guarantees increasingly live in contracts, lineage, governance, and tests: not in rigid physical layers. Collapsing the medallion does not weaken regulatory substantiation; it strengthens it by decoupling invariants from layout. This article explains why layers were necessary, why they eventually collapse, and what must never be lost when they do.

Continue reading →

Structuring Cyberpsychology: From Foundations to Practice

This article sets out the structure of a cyberpsychology curriculum designed to address the coherence gap identified in Cyberpsychology Today. Rather than treating cyberpsychology as a loose collection of effects, this framework organises the field from foundational theory through to applied practice. The phases that follow are not arbitrary. They reflect the minimum conceptual spine required to study how persistent, mediated digital environments shape human psychology, and how that knowledge can be responsibly translated into research, policy, and real-world intervention. What follows is not a manifesto, but an architecture for learning.

Continue reading →

From Writes to Reads: Applying CQRS Thinking to Regulated Data Platforms

In regulated financial environments, data duplication is often treated as a failure rather than a necessity. Command Query Responsibility Segregation (CQRS) is an approach to separate concerns such as reads versus writes. This article reframes duplication through CQRS-style thinking, arguing that separating write models (which execute actions) from read models (which explain outcomes) is essential for both safe operation and regulatory defensibility. By making authority explicit and accepting eventual consistency, institutions can act in real time while reconstructing explainable, auditable belief over time. CQRS is presented not as a framework, but as a mental model for survivable data platforms.

Continue reading →

Edge Systems Are a Feature: Why OLTP, CRM, and Low-Latency Stores Must Exist

Modern data platforms often treat operational systems as legacy constraints to be eliminated. This article argues the opposite. Transactional systems, CRM platforms, and low-latency decision stores exist because some decisions must be made synchronously, locally, and with authority. These “edge systems” are not architectural debt but purpose-built domains of control. A mature data platform does not replace them or centralise authority falsely; it integrates with them honestly, preserving their decisions, context, and evolution over time.

Continue reading →