Tag Archives: cloud security

Cyber Collaboration in the West Midlands: Skills, Strategy, and a Shared Future

On 29 April 2025, the West Midlands Cyber Working Group met at Gowling WLG in Birmingham to explore how collaboration can drive cyber resilience, skills development, and strategic growth across the region. Speakers, including Andy Hague (TechWM), Dan Rodrigues (CyberFirst), Dave Walker (AWS), Sarah Gray and Louise Macdonald (Gowling WLG), and Wayne Horkan (WM CWG Chair) shared insights on scaling regional leadership, building inclusive talent pipelines, addressing AI security risks, and navigating evolving legal frameworks. The event underscored a shared ambition to position the West Midlands not just as a participant but as a leader in the UK’s cyber ecosystem.

Continue reading →

Cyber Value at Risk (CVaR): Measuring Worst-Case Scenarios

Leave a Reply

Cyber Value at Risk (CVaR) is a powerful methodology adapted from financial Value at Risk (VaR) models, designed to estimate the maximum potential loss from cyber incidents within a given confidence interval. CVaR focuses on worst-case scenarios, helping organisations understand the potential financial consequences of cyber threats and guiding strategic decision-making.

Continue reading →

How CVSS Works: A Guide to Vulnerability Scoring

Leave a Reply

The Common Vulnerability Scoring System (CVSS) is a widely used framework for evaluating and communicating the severity of software vulnerabilities. First introduced in 1999, CVSS has become the standard scoring method for organisations to prioritise security efforts and manage vulnerabilities systematically. By assigning numerical scores to vulnerabilities based on their characteristics, CVSS enables teams to assess risks and allocate resources effectively.

Continue reading →

Overview, Summary, Thoughts, and Recommendations on the NCSC Cyber Security Risk Management Guidance

Leave a Reply

This article evaluates the NCSC’s Cybersecurity Risk Management Guidance, highlighting its strengths in broad coverage and practical tools but identifying key weaknesses, including the lack of an integrated end-to-end framework, inconsistent depth, and limited audience-specific tailoring. It recommends strengthening the framework’s integration, providing accessible tools, addressing organisational resistance, and incorporating strategies for emerging technologies and black swan events. These enhancements could elevate the guidance to a truly comprehensive standard for diverse organisations.

Continue reading →

Sun Microsystems Leads the Charge on Cloud Sovereignty and Security: Wayne Horkan, Sun CTO for the UK and Ireland, to form Cloud Security Forum

Leave a Reply

In May 2009, at the Cloud Expo Europe in London, I announced my intention to form a cross-sector forum aimed at addressing the pressing security issues surrounding cloud computing. The goal was to ensure that cloud computing, especially as it becomes a critical part of the UK’s national infrastructure, remains secure and compliant with UK laws and regulations.

Continue reading →