Cybersecurity in healthcare isn’t an IT sidebar; it’s now a core operational risk and a foundational element of patient safety and innovation. This write-up captures the highlights, insights, and next steps from our June 2025 event (last Monday), convening leaders across health, cyber, academia, and business.
Continue reading
This article examines how military theatres, battlefield systems, and drone technologies are quintessential Operational Technology (OT) environments, yet are often mismanaged under traditional ICT frameworks. It highlights the real-time, cyber-physical, and life-critical nature of defence systems, and argues for a shift toward mission-aware OT security governance to prevent strategic and kinetic failures.
Continue reading
This guide demystifies the differences between the West Midlands Combined Authority (WMCA) and Birmingham City Council (BCC), explaining who they are, how funding and decisions flow, and what each controls. Essential reading for funding applicants, policy professionals, community leaders, and anyone trying to get projects off the ground in the West Midlands, it offers clear scenarios, ecosystem insights, and a detailed comparison table to navigate this complex landscape effectively.
Continue reading
This article argues that medical theatres and hospital systems should be treated as Operational Technology (OT) environments rather than traditional IT. It highlights how flat networks, embedded legacy systems, and an overwhelming focus on availability over security create critical vulnerabilities. The piece calls for a shift in governance, risk modelling, and procurement practices to align with the cyber-physical realities of modern healthcare infrastructure.
Continue reading
This article identifies and evaluates real-world environments that function as Operational Technology (OT) systems but are typically treated as standard IT infrastructure. It outlines the cyber-physical risks of this misclassification and calls for a shift in risk posture, governance, and tooling to reflect the real operational realities of these spaces.
Continue reading
This article defines Operational Technology (OT) as distinct from traditional IT, highlighting its core characteristics, such as real-time control, safety-critical processes, long-lifecycle assets, and minimal security by design. It is the first in a short series of articles that argues that failure to recognise OT environments as such leads to systemic cybersecurity blind spots, particularly in sectors like healthcare, logistics, and building management.
Continue reading
Cybersecurity feels foundational today, but as a discipline, it is startlingly young. This article argues that cyber is still in its infancy, especially when compared to IT or financial governance, and outlines why this newness matters. From AI security and quantum disruption to the structural challenges facing certification, education, and regulation, the piece maps both future directions and the underlying trends shaping the field. In a world where cyber is everywhere, this article insists: we’re just getting started.
Continue reading
This article explores how the word cyber evolved from its academic roots in cybernetics to its current role as shorthand for cybersecurity. It traces the rise of cyberpunk fiction, the growing association with digital threats in the 1990s, and how UK policy frameworks adopted and institutionalised the term, culminating in the creation of the National Cyber Security Centre (NCSC). From Greek etymology to modern geopolitics, cyber has shifted from describing control to denoting risk.
Continue reading
Between February and March 2025, I analysed the UK’s Cyber Resilience Testing (CRT) initiative and its associated Cyber Resilience Test Facilities (CRTFs). From that research, I developed three articles: one mapping the global standards landscape, one examining CRT’s practical challenges, and one exploring its role as a trust label. Together, they present CRT as a promising but evolving approach: not yet a standard, but under active NCSC development and consultation, with the potential to reshape product-based assurance if given clarity, support, and ecosystem alignment.
Continue reading
The West Midlands Growth Company (WMGC) is being restructured into a new Economic Development Vehicle (EDV) by 2026 to focus on investment and strategic delivery. While WMGC claims credit for attracting big business, many local startups, mine included, received no meaningful support. The restructuring is a chance to fix that, but only if the new EDV backs early-stage innovators with funding access, partnerships, and scale-up support. Otherwise, it’s just a rebrand, not reform.
Continue reading
Cyber in the West Midlands is no longer just a business activity, it’s a cluster. With the right action, it can become a strategic economic engine. This review critiques the Midlands Engine Cyber & Defence Report (April 2025) and sets out a ten-point plan to make that transformation real. The opportunity is clear. The data is in. Now we must deliver.
Continue reading
This blog article offers a critical yet constructive reflection on the UK’s Cyber Resilience Testing (CRT) initiative. While CRT is conceptually sound and timely, significant questions remain around cost, demand, usability, policy intent, and delivery responsibility. The article explores whether CRT is positioned to become a meaningful standard or risks being sidelined as another voluntary layer. It advocates for clearer articulation of purpose, audience targeting, and strategic alignment to unlock CRT’s full potential.
Continue reading
This reflection examines the Cyber Governance Code of Practice as published in April 2025. It compares government output with practitioner and IET responses from 2024, showing where influence carried through and where gaps remain. The conclusion: progress was made, but without law, incentives, and professional recognition, the Code risks becoming compliance theatre.
Continue reading
Two senior leaders, Sir Charlie Mayfield, former John Lewis chairman, and Sir Dan Moynihan, CEO of the Harris Federation, joined BBC Radio 4’s Today Programme on 1 May 2025 to discuss the impact of recent cyber attacks on Marks & Spencer, the Co-op, and UK schools. Their stories offer rare insight into how institutions respond to major breaches and what it really takes to recover.
Continue reading
This article compares my practitioner response, the IET’s institutional submission, and the final Cyber Governance Code of Practice published in April 2025. It shows where our ideas carried through (supply chain oversight, continuous process, assurance), where they were partly adopted (SME proportionality, professional recognition), and where they were ignored (incentives, legal duties). The conclusion: yes, we influenced the Code — but the hardest issues remain unresolved.
Continue reading
The UK’s Cyber Governance Code of Practice, published in 2025, sets out five principles for boards: risk management, strategy, people, incident response, and assurance. It places cyber in the boardroom and makes directors personally accountable, but stops short of embedding duties in company law. While clear and structured, the Code lacks incentives, SME pathways, and professional recognition — making uptake uncertain.
Continue reading
As Chair of the West Midlands Cyber Working Group, I’ve helped lead DSIT’s Cyber Local steering group for the region over the past two years. Working alongside regional experts, I’ve supported the selection of projects that strengthen cyber resilience on the ground, including Aston University’s powerful work on cyber violence against women and girls. This experience has reinforced just how critical locally informed funding is to building practical, inclusive, and impactful cyber capability.
Continue reading
A first-hand reflection on the UK Cyber Security Council’s recent “The Journey to Professionalisation” event at Conway Hall, exploring the ongoing professionalisation of the cyber security sector. Highlights include the expansion of recognised specialisms, the development of the UK Cyber Skills Framework, and discussions on AI, early-career challenges, and the need for a more inclusive, realistic skills framework to support a growing cyber economy.
Continue reading
The Women Shaping Cyber event at Aston University, held during International Women’s Day, highlighted the importance of diversity in the West Midlands cyber sector. Keynote speaker Sevgi Aksoy emphasised the human factor in cybersecurity, while roundtable discussions explored barriers facing women, how to attract and retain talent, and how to leverage regional strengths. With contributions from leaders across academia, industry, and government, the event underscored that growth in cyber must also be measured in inclusivity and representation, not just economics.
Continue reading
In the West Midlands, the definitions and boundaries of Cyber, Digital, and Tech are more than just academic semantics; they influence policy, investment decisions, and how the region positions itself on the national and global stage. While the rest of the UK and many parts of the world have moved towards recognising cyber as a distinct and critical sector, in the West Midlands, it still largely sits within the broader digital and technology categories.
Continue reading