This article argues that self-attestation has failed as a credible assurance mechanism, citing Cyber Essentials’ low uptake and ISO 27001’s limits. It warns that if DSIT builds the Cyber Governance Code of Practice on self-assessment, it will fail. To succeed, the Code must mandate independent, accredited assurance that directors, investors, and regulators can trust.
Continue reading
This article outlines Lester Dent’s Master Plot Formula, a systematic approach designed to help writers craft engaging and tightly structured stories. Originating from the pulp fiction era, Dent’s formula divides a story into four equal parts, each with specific goals and challenges for the protagonist, culminating in a resolution that ties up the narrative threads. It offers a practical framework for narrative development, emphasizing pacing, character predicaments, and a satisfying conclusion.
Continue reading
This article examines DSIT’s 2024 proposal to embed cyber responsibility into company law. It argues that directors should carry legal duties for cyber resilience, as they already do for finance and health and safety — but only if those duties are proportionate, professionalised, and practical. The consultation did not change the law, but the direction of travel is unmistakable.
Continue reading
This article examines the IET’s joint response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. Building on my practitioner-led analysis, the IET added institutional weight: emphasising professional recognition, proportionality for SMEs, broader engagement, and integration into training. It shows how practitioner insight and professional consensus can work together to shape policy.
Continue reading
Join me as I share my journey and insights from the CyberASAP Pathfinder event in Birmingham, where I discussed the transition from a long IT career to founding a cybersecurity startup. Discover the challenges, surprises, and rewards of turning innovative research into market-ready solutions.
Continue reading
This article outlines critical questions that cyber security startups, particularly those like Cyber Tzar after completing the NCSC’s “NCSC for Startups” Accelerator programme, should consider when seeking support from regional organizations such as the West Midlands Growth Company or Invest West Midlands. It emphasizes prioritising inquiries around funding and marketing to harness regional opportunities for development and expansion.
Continue reading
This article revisits my practitioner-led response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. It highlights key issues I raised: supply chain risk, flaws in self-attestation, tool overload, lack of incentives, and the need for continuous governance. The argument is simple: cyber resilience belongs in the boardroom, but only if policy is grounded in practice.
Continue reading
In an era where social media’s sway on public opinion, privacy, and youth well-being has become a burning issue, the U.S. Senate Judiciary Committee’s latest hearing on Wednesday the 31st of January, 2024, offers a pivotal glimpse into the potential future of digital regulation. This article provides an insightful summary of the discussions, focusing on the balance between innovation and user safety, the complex web of accountability, and the global implications of legislative measures. It’s a must-read for anyone interested in understanding the evolving digital governance landscape and its impact on society.
Continue reading
The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.
Continue reading
You can probably guess what stage Cyber Tzar is at from my most recent reading list. I put together this article exploring the essentials of thriving in the UK’s dynamic startup ecosystem. This guide offers a blend of recommended readings and practical resources, tailored to help entrepreneurs and startups in the UK effectively navigate the investment process, stay attuned to market trends, and engage with local networks for growth and success.
Continue reading
This guide outlines the fundamentals of active listening, including paying full attention, showing understanding through feedback, and responding appropriately without judgment. It highlights the importance of empathy, open-mindedness, and engaging fully in conversations to improve communication and build stronger relationships.
Continue reading
I like ‘Miracleman’. I like ‘Uber’. So this article delves into the thematic and narrative parallels between Alan Moore’s “Miracleman” and Kieron Gillen’s “Uber.” Exploring how both comics redefine superhero conventions through their dark, realistic portrayal of superhuman powers, the article highlights the influence of Moore on Gillen’s work and the shared focus on the catastrophic consequences of such powers in society.
Continue reading
I like O’Neill. One of my lads is doing Lit. This article provides a comprehensive view of the landscape of American playwriting, emphasizing the unique contributions of O’Neill, Williams, and Miller, while also acknowledging the broader context of American theatre history and the significant figures who have contributed to its evolution.
Continue reading
Backing up and restoring a WordPress website is a critical task for website administrators, ensuring that website data is not lost due to unforeseen circumstances such as server crashes, hacking, or accidental deletions. This article will guide you through the processes involved in backing up and restoring your WordPress website, an overview of popular backup and restore plugins, help you to choose the appropriate backup and restore approach, and hopefully help you recover your site quickly and efficiently when needed.
Continue reading
On the penultimate day of the NCSC For Startups programme, there was an ad hoc discussion on code repositories and DevOps tooling. A couple of the cohort were long-time GitHub users, while we use a self-hosted version of GitLab. One of the teams had just moved from the latter to the former, while the final team used Azure DevOps. I thought it would be nice to write up an objective look at the first two options, along with alternatives, as well as summarise our decision. I didn’t want to cover Azure DevOps as I’ve just spent two years using it and I’m grateful to have escaped its clutches. Learn more here.
Continue reading
Irish unification and Scottish independence, while both concerning the political future of parts of the UK differ significantly in their historical, cultural, and political contexts. This article was inspired by a relatively recent conversation I had comparing the two. While there are some obvious analogies the reality is they are very different. Explore the comparison with me here.
Continue reading
Brexit has had a significant impact on discussions around the possible reunification of Ireland, influencing the issue in several key ways. Let’s chase down what that looks like here.
Continue readingIt could be easy to take the term “Losers’ Consent” as a insult. It certainly brackets “Losers”, but is this enough to be defamatory? Or is it simply a technical term in Political Science? And what does it actually mean anyway?
Continue reading
Could there really be a free and united Ireland in my lifetime? Or is it just an unrealistic pipedream? Evidence suggests that resistance to the idea itself is breaking down, and with it, a united Ireland comes a little closer every day. Let’s break down the latest research from The Irish Times and their ARINS survey on Irish unification.
Continue reading
Understanding the fundamental principles of statistical analysis is essential. This guide aims to provide a clear, no-nonsense explanation of the basic concepts of mean, mode, median, range, and average.
Continue reading