The Ides of March is a fitting time to reflect on betrayal, resilience, and the realities of UK cybersecurity. In the past two weeks, I’ve balanced DSIT’s Cyber Local funding process, chaired the West Midlands Cyber Working Group (WM CWG), led two funding bids, scaled one startup in a brutal funding climate, and booted up a second from scratch. Along the way, I’ve won the Pitch Battle at Cyber Runway Live, launched the UK’s first dedicated universal cyber risk score and comparison site, and tackled everything from weaponised AI threats to Kafka-powered scalability, all while navigating the messy, unpredictable, and often painful journey of building something that lasts.

Contents

Introduction: Into the Ides of March

The Ides of March, historically synonymous with betrayal and upheaval, is an apt backdrop for reflecting on the state of the UK cyber ecosystem. As I write this on Saturday the 15th of March, I find myself balancing multiple roles, helping DSIT manage the Cyber Local funding process, chairing the West Midlands Cyber Working Group (WM CWG), and leading two funding bids to strengthen the regional cyber economy. Meanwhile, I continue navigating the harsh realities of scaling a cyber startup in the UK, where funding remains elusive and technical challenges demand constant adaptation, whilst booting up a second startup from scratch.

Chairing the Cyber Local Process and Growing West Midlands Cyber

As Chair of the Cyber Local Review Board, my role is to ensure a fair, impactful, and strategic allocation of government funding to initiatives that can genuinely make a difference in regional cybersecurity development. Yet, at the same time, I wear another hat, one that seeks to elevate the West Midlands as a cyber powerhouse.

Our two bids under Cyber Local are focused on lifting the cyber economy for everyone, rather than just providing another pot of money for select facilities or companies. The first is a proposal to establish a Cyber Festival, a major event that would bring together businesses, policymakers, and academia to drive cyber-sector collaboration and investment. The second bid, in partnership with Aston University, seeks to create a permanent Cyber Hub that will offer shared space, resources, and support to cyber startups and professionals in the region. These initiatives aim to create a lasting impact rather than just another cycle of funding that disappears without systemic change.

A Whirlwind of Cyber Events: Two Weeks on the Move

The past two weeks have been a marathon of cyber events, many marking the closure of key UK cyber programmes and setting the stage for what comes next. And, because life isn’t dramatic enough, I did it all while nursing a broken rib after an unfortunate slip in the shower, powered by painkillers and the odd round of antibiotics.

Over the past two weeks, I’ve attended events that mark both the end of key cyber programmes and new opportunities for the sector. The West Midlands Cyber Hub Initiative Kickoff laid the groundwork for a dedicated cyber hub in the region. At the same time, the final gatherings for both NCSC For Startups and Cyber Runway Live signalled the closure (for now) of two major cyber accelerators (the former permanently, the latter, hopefully, temporarily until more funding is announced).

Cyber Runway Live: Pitching and Winning

Cyber ASAP’s events at the House of Lords and following Demo Day highlighted the impact of research-driven cyber innovation. Investor Pitch Day at DiSH provided startups with a rare opportunity to pitch directly to investors. Finally, the Women Shaping Cyber Roundtable, attended by the Lord Mayor, tackled the future of diversity and leadership in cybersecurity.

Amongst all this, I won the Cyber Runway Live Pitch Battle, going head-to-head against seven other startups across three one-minute rounds. First I pitched Cyber Tzar’s vision of making cybersecurity accessible for all, with supply chain security as a foundation. Secondly, I outlined our business model, SaaS, enterprise licensing, and risk intelligence, and finally closed with why Cyber Tzar and our goal of building the UK’s first universal cyber risk score, transforming how businesses measure cyber risk.

In a funding landscape where investors demand high ARR before backing startups, moments like this reinforce that UK cyber startups can still make an impact, despite the odds.

The Struggles of a Cyber Startup in the UK

Despite the rhetoric about making the UK a global cyber leader, the reality for startups in this space is far from rosy. The funding landscape is dire, with limited access to growth capital and investors who demand high annual recurring revenue (ARR) before even considering a discussion. Unlike the US, where investors are willing to back an idea with the promise of scalability, UK investors want de-risked, revenue-heavy businesses before parting with their capital.

This creates a vicious cycle: without funding, scaling is difficult; without scaling, revenue growth is slow; and without revenue growth, funding remains elusive. The result? A lumpy sales pipeline that makes long-term planning an exercise in controlled chaos.

Psyber Inc: From Hard Tech to Human Factors in Cybersecurity

For most of my career, I’ve focused on technology, enterprise architecture, and the technical side of cybersecurity: protocols, systems, and delivery. But through my work at Cyber Tzar, I’ve come to realise that cybersecurity is just as much about people as it is about technology. This shift has been a challenge for me, as my neurodiversity makes technical conversations feel far more natural than people-focused discussions. Yet, human factors are at the heart of cyber resilience, which led to the creation of Psyber, Inc.

Founded with Sevgi Aksoy, psychologist and cyber psychology expert, Psyber, Inc. explores how human factors shape cybersecurity. Our focus is on predictable and improbable recoverability, helping large organisations recover from major cyber incidents that would typically cripple operations. Understanding the psychology of both attackers and defenders is key to building resilience, and Psyber Inc. is a step towards that future.

Changing tack again I’m also diving into the growing threat of weaponised AI, studying how automated cyber threats evolve and how to defend against them. This isn’t theoretical, Cyber Tzar currently sees 250 automated attacks every 10 minutes, evenly split between Russia and China, and these simple automated attacks will soon be carrying a weaponised AI payload.

Scaling Cyber Tzar’s Infrastructure: Kafka on Linode

At Cyber Tzar, one of the core challenges we face is handling the massive influx of vulnerability data as part of our Enterprise Supply Chain Risk Management platform. This data ingestion process is particularly demanding on our Sidekiq job queue, requiring a robust, scalable solution that won’t break the bank. The answer? Deploying a Kafka cluster on Linode to offload our write-heavy jobs.

Kafka, as a distributed event streaming platform, is well-suited for handling real-time data ingestion at scale. By leveraging Kafka, we can ensure that our vulnerability data pipeline remains resilient, fault-tolerant, and performant, even under heavy loads. Linode provides an affordable alternative to AWS while still offering the reliability we need. Humorously writing this article is my ‘break’ after tidying up the Cyber Tzar business model this morning and happily building out our new Kafka cluster this afternoon. I’m looking forward to smoke-testing it under load very soon.

CyberRiskCompare.com: The First Open Risk Score for the UK

All of this effort in infrastructure is tied to a bigger vision, CyberRiskCompare.com. This is a proto-beta initiative that seeks to create the UK’s first universal open cyber risk score and comparison website. Just as credit scores provide a standardised measure of financial trustworthiness, CyberRiskCompare.com aims to provide businesses with a transparent and data-driven assessment of their cyber risk posture.

The need for such a tool is critical. The current cyber risk assessment landscape is fragmented, vendor-driven, and often lacking in transparency. By offering an open and universal risk score, we aim to level the playing field, allowing businesses of all sizes to understand their cyber risk exposure and take proactive steps to mitigate it.

Betrayal and Moving Forward with Dignity

The Ides of March is synonymous with betrayal, and in cybersecurity, as in life, betrayal is often one of the most painful of experiences. It is rarely our enemies who truly harm us. It is the people we trust.

In business, in leadership, and in personal life, betrayal cuts deeper than almost any other wound because it forces us to re-evaluate not just what happened, but who we thought someone was, and ourselves. It is a dismantling of trust, a breaking of the unspoken contracts that bind teams, partnerships, and friendships.

But here’s the thing: dwelling on betrayal only lets it take up more space in your mind. The best medicine? Dust yourself off and move forward with as much dignity as possible.

The Only Way Forward

Cybersecurity is full of battles, some fought against external threats, others fought internally within companies, partnerships, and even government structures. Not everyone will act in good faith, and not every collaboration will last. But at the end of the day, the only thing that matters is keeping your eyes on what’s next.

For me, that means continuing to push forward with Cyber Tzar, CyberRiskCompare.com, Psyber Inc., and the West Midlands Cyber Working Group. It means advocating for better funding for cyber startups, for recognition of cybersecurity as a standalone sector, and for the systemic changes needed to make the UK truly competitive in cyber.

Betrayal is a part of the journey, it happens. What matters is how you respond. Keep moving forward, build something better, let success do the talking. Resilience is how you win.

Final Thoughts: Navigating the Ides of March

As the Ides of March reminds us, change, whether welcome or not, is inevitable. For the UK cyber ecosystem, this moment represents both a challenge and an opportunity. While funding hurdles, investor hesitancy, and infrastructure bottlenecks create roadblocks, innovation, persistence, and strategic initiatives like CyberRiskCompare.com and the Cyber Local funding process provide a pathway forward.

The question is whether the UK will seize this moment to drive systemic change or continue to let fragmented initiatives dictate the pace of cyber growth. Either way, for those of us in the trenches, the battle continues.