I recently attended the CyberASAP Year 9 Kickoff as a mentor, and also took the opportunity to experience the first two days alongside the academic teams to better understand what they go through. This blog captures my reflections from all three days, covering IP, value propositions, stakeholder mapping, and some of the truly impressive innovations coming from UK universities. It also looks at the history and purpose of the programme and why it continues to matter in bridging the gap between research and real-world impact.

Last week, I had the privilege of attending the three-day CyberASAP Year 9 Phase 1A Bootcamp, held from 1st–3rd April 2025 at Wallacespace Clerkenwell in London. Although I joined the programme officially as a mentor, I made a conscious decision to attend the full first two days of induction, experiencing firsthand what the academic teams go through as they prepare to commercialise their cybersecurity research.

CyberASAP, short for Cyber Security Academic Start-up Accelerator Programme, is an Innovate UK initiative that supports UK academics in transforming their research into viable products and services. Delivered in partnership with Innovate UK Business Connect (IUKBC), the programme is unique in its focus: guiding academic researchers out of their comfort zones and into the complex, sometimes chaotic, but always rewarding world of entrepreneurship.

This is my second year involved as a mentor, and I really wanted to be a better mentor this time round, which is why I deliberately put in the extra time to attend the first two full days of the bootcamp alongside the academic teams. My involvement in CyberASAP comes through longstanding friendships and professional connections at Plexal, including my fellow mentor Berta Pappenheim of Plexal and AcyberFish. Their enthusiasm and dedication to the programme inspired me to do more, dig deeper, and better understand the journey these academic teams are about to embark on. I also attended with my colleague Sevgi Aksoy, as we were working jointly on Cyber Tzar’s fundraising delivery during the same period.

A Brief History of CyberASAP

CyberASAP was launched in 2017 as a flagship initiative by the UK government to strengthen the pipeline between academic research and commercial innovation in the cybersecurity space. Funded by the Department for Science, Innovation and Technology (DSIT) and delivered by Innovate UK in partnership with Innovate UK Business Connect (formerly the Knowledge Transfer Network), CyberASAP was designed to bridge a persistent gap: brilliant research often never leaves the lab, and commercial opportunities are frequently missed as a result. Funnily enough, this is a problem I first researched around 2006, looking at the shortfall drop-off from theoretical research (the UK is good at this) to applied research and then commercialisation (the UK significantly trails leaders like the US and Germany in this).

Now in its ninth year, the programme has supported over 140 academic teams from universities across the UK, providing structured support to develop their ideas into spinouts, products, or services with real-world impact. The programme follows a phased approach: initial ideation and validation in Phase 1, and deeper commercialisation support, including prototype development, pitching, and investor readiness, in Phase 2.

CyberASAP has a strong track record of success stories, with many alumni going on to secure follow-on funding, industry partnerships, or launch start-ups that address national security challenges and commercial market needs alike. What sets the programme apart is its blend of academic rigour and market realism, backed by expert mentors, real-world customer validation, and a strong support network of funders, investors, and policymakers.

Day 1: Intellectual Property and Innovation Foundations

The bootcamp opened with a warm welcome from Robin Kennedy and Emma Fadlon of Innovate UK Business Connect, with an introduction to Rebecca Bryant from DSIT, setting the tone for what would be an intense but valuable experience. The agenda then quickly moved into the intricacies of intellectual property (IP), with sessions delivered by Emma Fadlon and Colin Paterson of Keltie LLP.

As someone with experience navigating the IP landscape from the commercial side, I found it refreshing, and important, to see the emphasis placed on helping academics understand what’s protectable and how. From patents and registered designs to trademarks, copyright, and trade secrets, the message was clear: IP is more than a legal necessity, it’s an asset. Colin’s session, in particular, was grounded and practical, explaining how the scope of a patent is often negotiated down with the examiner, while academics might be tempted to initially go wide to maximise coverage.

We also heard from Nuala Kilmartin on the role of UK Research and Innovation (UKRI) and how they fund and support these projects. This was paired with an insightful DSIT (Department for Science, Innovation and Technology) overview by Robert Webb, highlighting the broader strategic objectives behind funding commercialisation in cyber.

One powerful takeaway: over 70% of a modern company’s market value is derived from intangible assets. That statistic wasn’t just academic, it was backed up by data from S&P 500 valuations and served as a powerful motivator for the academic teams to think beyond publications and grant cycles.

Day 2: Value Propositions and the Innovation Journey

Day two was all about shaping an idea into something a market might want. Emma Fadlon took the lead again, guiding the cohort through the key concepts of market validation, customer discovery, and value proposition design.

There was strong emphasis on moving from feature lists to genuine value, understanding the “why” behind what potential customers need, and how to communicate it clearly. This isn’t always a natural shift for researchers trained to focus on novelty and rigour. But the team at IUKBC made it accessible, using the Innovation Canvas as a working tool to map benefits, stakeholders, barriers, and enablers.

A masterclass on grant writing followed in the afternoon, delivered by both Emma and Matthew Wasley. Their tips weren’t just about formatting or language, they pushed attendees to focus on clarity, outcomes, and demonstrating commercial thinking. These are crucial skills that will help shape not just CyberASAP outputs, but future applications to Innovate UK and beyond.

Day 3: Mentors, Markets, and Mapping the Ecosystem

On the final day of the bootcamp, I continued my full participation, this time switching back into mentor mode while still absorbing insights from the sessions. The day kicked off with a cohort overview by Robin Kennedy and Emma Fadlon, followed by introductions to the mentor group, many of whom brought years of commercialisation and start-up experience to the table.

The standout element of Day 3 was stakeholder mapping. Using the classic high/low interest vs high/low influence model, teams began to unpack who really matters when taking a product or service to market. Major customers, policymakers, sector partners, regulators, charities, and even competitors all featured on the boards. The exercise pushed teams to think systemically about the world they were stepping into.

The expert talks also raised the bar: Richard Foggie from Innovate UK Business Connect covered the ongoing cybersecurity challenges in telecoms networks, while representatives from the National Cyber Security Centre (NCSC) touched on the national security infrastructure landscape. These sessions helped ground the bootcamp’s broader commercial focus in the strategic realities of the UK’s cyber defence and resilience goals.

The afternoon featured a rotating series of mentor group chats, each team cycling through different mentors to test their early thinking around market needs, value propositions, and potential blockers. This format worked especially well. Conversations were open, sometimes challenging, and often sparked entirely new ways of framing a solution or problem. Mentors included Jake Holloway of CRAID AI, John Innes of Autonomous Knight BV, Berta, and I.

For me, the third day tied together the practical and strategic threads of the programme. Seeing academic teams wrestle with unfamiliar but vital business concepts and start to own them was a reminder of why CyberASAP continues to matter. It’s not just about teaching commercialisation; it’s about embedding confidence and community around it.

This was also our opportunity as mentors to meet directly with the academic teams and their supporters, getting under the hood of their exciting projects and learning what they had invented. A major focus for the Year 9 (2025) cohort was “ideation”, that is, the quality of inventiveness and originality underpinning each proposal. And frankly, it was impressive. From single-photon quantum physics enabling secure key exchange to blockchain-based transaction fraud detection, the technical ambition on show was remarkable. And that’s just scratching the surface, there were prototypes in post-quantum encryption, XR security, LLM safety, anti-ransomware tooling, and more.

Personal Reflections as a Mentor

While I was technically attending as a mentor, I came to learn, and I did. I gained deeper respect for what the academic teams experience as they try to straddle two very different worlds: academia and industry. The content was well-curated, the speakers credible, and the support network offered by Innovate UK Business Connect and the broader ecosystem is genuinely impressive.

One aspect that particularly resonated was the blend of technical innovation with commercial reality. As someone deeply involved in cyber risk, human factors, and enterprise resilience, I see enormous potential in what these academic teams are building. From post-quantum cryptography and XR security to blockchain integrity and AI safety, the diversity of ideas was as inspiring as the dedication behind them.

Looking Ahead

As the CyberASAP Year 9 cohort moves forward through Phase 1, the real challenge will be translating this knowledge into action: validating assumptions, engaging stakeholders, refining propositions, and building something the world actually needs.

I’ll be continuing my role as a mentor, offering guidance wherever I can, and perhaps learning just as much in return. It’s a privilege to help guide ideas that may soon protect systems, people, and critical infrastructure, not just in the UK, but around the world.