An extensive guide mapping the networks, policy engines, commercial power bases, and future-shapers of British cybersecurity.
Continue reading
Inside the UK Cyber Ecosystem: A Strategic Guide in 26 Parts
Leave a Reply
More Windows Update Bollocks: The Never-Ending Saga of Updates Gone Wrong
Ah, Windows Updates, the perennial thorn in the side of PC users everywhere. Promised as the silent guardians of stability and security, they’ve instead become a source of frustration, disruption, and the occasional catastrophic system crash. Whether it’s an update that bricks your machine or one that installs itself at the worst possible time, Windows Updates have earned their reputation for being, well, bollocks.
Continue reading
Innovation Canvas Example 1 – Cyber Tzar
Cyber Tzar is a SaaS platform providing advanced cyber risk quantification for enterprise supply chains. It delivers cyber risk scoring, benchmarking, and compliance assessment through big data analytics, AI, and proprietary IP. Its “credit score for cyber” approach supports better risk visibility for insurers, CISOs, and supply chain managers. Cyber Tzar is revenue-generating, scaling through strategic partnerships, and aligned with DORA, ISO 27001, and other regulatory frameworks. Here’s an example “innovation Canvas” for Cyber Tzar.
Continue reading
How to Create and Use an Innovation Canvas (and Why It Matters)
Innovation is often portrayed as spontaneous and unpredictable. But behind every meaningful breakthrough lies a structured process. Whether you’re launching a new product, transforming a service, or reimagining your organisation’s direction, clarity and rigour are critical.
Continue reading
The Insider’s Guide to Influencing Senior Tech and Cybersecurity Leaders in the UK
Influencing senior leaders in cybersecurity and technology is no small task, especially in the UK, where credibility, networks, and standards carry immense weight. Whether you’re a startup founder, a scale-up CISO, or a policy influencer, knowing where the key conversations happen (and who shapes them) can make the difference between being heard and being ignored.
Continue reading
16 Years On: Was I Right About the UK’s Industry and Innovation Imbalance?
Exactly sixteen years on from my 2009 article on the UK’s economic imbalance, I reflect on how services continue to dominate GDP, while manufacturing still punches above its weight in R&D. I was right about the R&D gap, but missed the rise of intangible capital and startup-led innovation. Cybersecurity emerged as both a strategic asset and an innovation driver. Government efforts have been patchy, and real balance remains elusive. The future lies in resilience, not symmetry.
Continue reading
Zen Koan of the Two Monks and the Woman: Letting Go and Forgiveness
The Zen Koan of the Two Monks and the Woman is a well-known story that invites reflection on the nature of judgment, letting go, and the burdens we choose to carry.
Continue reading
Of Course You’re Not Resilient… You Never Practised Failing
A blunt critique of organisations that claim to be resilient but have never stress-tested their systems, rehearsed recovery under pressure, or practised failure in any meaningful way. The article challenges boardroom bravado and highlights the psychological and operational consequences of untested confidence, arguing that true resilience is earned through discomfort, not declared in policy.
Continue reading
Inside the Breach: What M&S and the Harris Federation Reveal About UK Cyber Vulnerabilities
Two senior leaders, Sir Charlie Mayfield, former John Lewis chairman, and Sir Dan Moynihan, CEO of the Harris Federation, joined BBC Radio 4’s Today Programme on 1 May 2025 to discuss the impact of recent cyber attacks on Marks & Spencer, the Co-op, and UK schools. Their stories offer rare insight into how institutions respond to major breaches and what it really takes to recover.
Continue reading
How to Cook Rump Steak So It’s Tender, Not Tough
Rump steak can be deliciously tender when treated right. This guide covers how to prep, season, sear, and rest your steak for maximum flavour and minimal chew.
Continue reading
More Blogging Bollocks: Myths, Hype, and Misleading Advice for Content Creators
Blogging is often touted as a straightforward path to online fame, fortune, and influence. The internet is awash with advice claiming that with a few simple steps, anyone can turn their blog into a passive income machine or a platform for global recognition. But behind the polished success stories lies a lot of misinformation, unrealistic expectations, and outright bollocks.
Continue reading
When a Parking Permit Becomes a Cyber Risk: Understanding Indirect Supply Chain Threats
While applying for a parking permit, I discovered an expired SSL certificate on a council website, highlighting how small oversights in public services can expose broader cybersecurity risks. This real-world example shows why organisations must take indirect supply chain risk seriously, particularly in regions critical to national security.
Continue reading
Cyber Risk Quantification: Towards a Cyber Risk Score
As organisations face increasingly complex and interconnected cybersecurity threats, the ability to measure and communicate risk effectively has become a cornerstone of risk management. Cyber Risk Quantification, the practice of assessing threats in measurable terms, has evolved alongside frameworks and scoring systems aimed at simplifying this process.
Continue reading
The Forest and the Hounds: Dante’s Seventh Circle and the Political Economy of Despair
Dante’s Inferno presents the Seventh Circle of Hell as the realm of suicides and profligates, those who destroy the self, whether through despair or excess. This article explores the theological, philosophical, and symbolic dimensions of their punishment, revealing a moral economy where the will, once corrupted, leads to irreversible ruin, the ultimate truth: suicide is irredeemable.
Continue reading
The Role of Cyber Risk Quantification, Scoring, and Benchmarking in Cyber Insurance
As cyber threats continue to evolve in scale, sophistication, and impact, the cyber insurance industry faces increasing pressure to adapt. Traditional approaches to risk assessment, which often relied on qualitative judgments and broad assumptions, are no longer sufficient in the face of complex digital ecosystems. The rise of cyber risk quantification, scoring, and benchmarking has transformed how insurers evaluate risk, price policies, and manage claims.
Continue reading
Did We Influence DSIT’s Cyber Governance Code of Practice?
This article compares my practitioner response, the IET’s institutional submission, and the final Cyber Governance Code of Practice published in April 2025. It shows where our ideas carried through (supply chain oversight, continuous process, assurance), where they were partly adopted (SME proportionality, professional recognition), and where they were ignored (incentives, legal duties). The conclusion: yes, we influenced the Code — but the hardest issues remain unresolved.
Continue reading
More Influencer Bollocks: The Myths, Scams, and Overhyped World of Social Media Stardom
Influencer culture has taken over the digital landscape, promising fame, fortune, and free products for anyone with enough followers and a well-curated feed. From Instagram and TikTok to YouTube and beyond, the idea of becoming a full-time influencer is pitched as a dream lifestyle. But behind the filters, brand deals, and viral dances lies a world filled with exploitation, inflated promises, and, yes, bollocks.
Continue reading
The Role of Cyber Insurance in Risk Management
Cyber insurance has become a vital component of organisational risk management, offering financial protection against cyber incidents such as data breaches, ransomware attacks, and business interruptions. As the frequency and impact of cyberattacks grow, insurance policies have evolved to address the unique challenges of digital risks.
Continue reading
Cyber Governance Code of Practice 2024: What Government Finally Published
The UK’s Cyber Governance Code of Practice, published in 2025, sets out five principles for boards: risk management, strategy, people, incident response, and assurance. It places cyber in the boardroom and makes directors personally accountable, but stops short of embedding duties in company law. While clear and structured, the Code lacks incentives, SME pathways, and professional recognition — making uptake uncertain.
Continue reading
Cyber Value at Risk (CVaR): Measuring Worst-Case Scenarios
Cyber Value at Risk (CVaR) is a powerful methodology adapted from financial Value at Risk (VaR) models, designed to estimate the maximum potential loss from cyber incidents within a given confidence interval. CVaR focuses on worst-case scenarios, helping organisations understand the potential financial consequences of cyber threats and guiding strategic decision-making.
Continue reading