Cybersecurity is a global industry, but it’s also a geopolitical one. The vendors featured in this guide are not just tech companies. They’re often strategic assets, embedded in national security frameworks, powering defence alliances, and influencing cyber norms across continents.
Continue reading
This article introduces the Virtuous Triangle as a strategic framework for understanding cyber risk through the combined lenses of vulnerability assessment, threat intelligence, and contextual risk analysis. It argues that meaningful risk assessment only emerges when these components are integrated and automated at scale. Drawing on decades of experience, the piece reflects on the limitations of standalone data and the necessity of systems thinking in cybersecurity.
Continue reading
The United States is home to the most powerful cybersecurity vendors on the planet. These companies don’t just sell products, they influence standards, embed themselves in national security supply chains, and shape global policy through their scale, threat intelligence, and lobbying power.
Continue reading
This article examines how military theatres, battlefield systems, and drone technologies are quintessential Operational Technology (OT) environments, yet are often mismanaged under traditional ICT frameworks. It highlights the real-time, cyber-physical, and life-critical nature of defence systems, and argues for a shift toward mission-aware OT security governance to prevent strategic and kinetic failures.
Continue reading
This guide demystifies the differences between the West Midlands Combined Authority (WMCA) and Birmingham City Council (BCC), explaining who they are, how funding and decisions flow, and what each controls. Essential reading for funding applicants, policy professionals, community leaders, and anyone trying to get projects off the ground in the West Midlands, it offers clear scenarios, ecosystem insights, and a detailed comparison table to navigate this complex landscape effectively.
Continue reading
And so, dear reader, whoever you may be, here we are. Thirty-something articles in, and the word bollocks has been rendered almost entirely meaningless. Like the terms AI, Web3, or disruption, it’s been stretched, squeezed, and shouted so often it’s begun to sound like an apology for caring too much.
Continue reading
This article argues that medical theatres and hospital systems should be treated as Operational Technology (OT) environments rather than traditional IT. It highlights how flat networks, embedded legacy systems, and an overwhelming focus on availability over security create critical vulnerabilities. The piece calls for a shift in governance, risk modelling, and procurement practices to align with the cyber-physical realities of modern healthcare infrastructure.
Continue reading
This article identifies and evaluates real-world environments that function as Operational Technology (OT) systems but are typically treated as standard IT infrastructure. It outlines the cyber-physical risks of this misclassification and calls for a shift in risk posture, governance, and tooling to reflect the real operational realities of these spaces.
Continue reading
This article defines Operational Technology (OT) as distinct from traditional IT, highlighting its core characteristics, such as real-time control, safety-critical processes, long-lifecycle assets, and minimal security by design. It is the first in a short series of articles that argues that failure to recognise OT environments as such leads to systemic cybersecurity blind spots, particularly in sectors like healthcare, logistics, and building management.
Continue reading
Cybersecurity feels foundational today, but as a discipline, it is startlingly young. This article argues that cyber is still in its infancy, especially when compared to IT or financial governance, and outlines why this newness matters. From AI security and quantum disruption to the structural challenges facing certification, education, and regulation, the piece maps both future directions and the underlying trends shaping the field. In a world where cyber is everywhere, this article insists: we’re just getting started.
Continue reading
This article explores how the word cyber evolved from its academic roots in cybernetics to its current role as shorthand for cybersecurity. It traces the rise of cyberpunk fiction, the growing association with digital threats in the 1990s, and how UK policy frameworks adopted and institutionalised the term, culminating in the creation of the National Cyber Security Centre (NCSC). From Greek etymology to modern geopolitics, cyber has shifted from describing control to denoting risk.
Continue reading
This article explores the historical development and convergence of three foundational concepts in organisational security: risk assessment, risk management, governance, risk, and compliance (GRC). Tracing their origins in engineering, finance, and corporate governance, it charts their institutionalisation across the UK and their modern evolution into digital, real-time resilience frameworks that underpin enterprise cybersecurity and compliance today.
Continue reading
Alan Turing is a bona fide genius whose contributions to computer science, cryptography, and artificial intelligence are undeniable. But in the pantheon of computing history, there’s a growing myth that Turing single-handedly “invented modern computing.” This oversimplified narrative does both Turing and the broader field of computing a disservice.
Continue reading
This article traces the history of penetration testing from its military and intelligence roots in the 1960s to its formalisation through U.S. Tiger Teams and J.P. Anderson’s security frameworks. It follows the growth of pen testing into the commercial sector during the 1980s–90s, highlights key tooling milestones like SATAN, and explores its professionalisation in the 2000s via OWASP and PTaaS models. A dedicated UK section explains the roles of CESG, CHECK, CREST, and the NCSC in standardising and accrediting pen testing within British institutions. The article concludes with a reflection on how penetration testing continues to evolve in parallel with modern cyber threats.
Continue reading
A detailed history of the Chief Information Security Officer (CISO) role, tracing its origin to Citigroup in 1995 and exploring how it evolved from a technical IT role to a strategic business function. The article examines shifts across decades, global trends, modern challenges, and how the UK has uniquely adopted and adapted the CISO title, often slower and more varied than the US. It concludes that the role remains critical but inconsistently defined, particularly in public and hybrid sectors.
Continue reading
Cybersecurity in Europe is evolving quickly, driven by growing regulation (NIS2, Cyber Resilience Act), state-sponsored threats, and accelerating digital transformation. The result is a dynamic and diverse vendor landscape: large integrators defending entire ministries, regional champions supporting SMEs, and specialised firms leading in OT, AI security, and cyber risk quantification.
Continue reading
The UK waste management industry stands at a crossroads in 2025, shaped by landmark regulations, rising operational costs, and a surge in technological innovation. This article examines the evolving landscape, highlighting the impact of “Simpler Recycling,” Extended Producer Responsibility, and the emissions trading scheme. With recycling rates stagnating, AI driving change, and councils cutting services, we examine whether the sector can meet the UK’s ambitious sustainability goals or risk falling behind.
Continue reading
The narrative that artificial intelligence is the Grim Reaper for the creative industries has become so common that you’d think every writer, artist, musician, and filmmaker is moments away from losing their livelihood. Headlines scream about AI-generated content, creative robots, and soulless machines taking over art, leaving human creators out in the cold. But does the hype match the reality? Spoiler: it doesn’t.
Continue reading
The UK’s cybersecurity sector is home to thousands of providers, ranging from nimble startups and regional MSSPs to global consulting firms and homegrown risk intelligence platforms. While the National Cyber Security Centre (NCSC) sets the tone for policy and technical guidance, it’s these vendors that translate strategy into services: monitoring networks, managing risk, conducting audits, and responding to breaches in real time.
Continue reading
The West Midlands Growth Company (WMGC) is being restructured into a new Economic Development Vehicle (EDV) by 2026 to focus on investment and strategic delivery. While WMGC claims credit for attracting big business, many local startups, mine included, received no meaningful support. The restructuring is a chance to fix that, but only if the new EDV backs early-stage innovators with funding access, partnerships, and scale-up support. Otherwise, it’s just a rebrand, not reform.
Continue reading