Tag Archives: cybersecurity

UK Cyber Skills Landscape: The Real Gatekeepers of Talent and Training

Beyond bootcamps and degrees, who actually shapes how the UK finds, trains, and qualifies its cyber workforce? The UK cyber skills gap is well known, but less discussed is who actually defines what “skilled” means, who sets the standards, and who controls the flow of talent into real jobs. From formal certifying bodies to regional academies, neurodivergent networks to employer-led bootcamps, this article maps out the real gatekeepers of UK cyber skills and training, the organisations, programmes, and influencers that determine who gets hired, funded, or fast-tracked.

Continue reading

From Policy to Procurement: How Standards Bodies Influence UK Cyber Buying Cycles

It’s not just what’s secure, it’s what’s accepted, assured, and approved. Here’s how standards quietly determine what gets bought in cybersecurity. In cybersecurity, buying decisions are rarely made on features alone. Especially in the UK public sector and regulated industries, procurement is often shaped by frameworks, certifications, and official guidance issued (or heavily influenced) by standards bodies. These organisations, from NCSC and NIST to IASME, ISO, and CIISec, may not sell products, but they define the guardrails within which procurement happens. They help determine what “good” looks like, what qualifies as “secure enough,” and what’s required to win a bid. This article breaks down how standards bodies and frameworks influence what UK organisations actually buy, adopt, and fund when it comes to cybersecurity.

Continue reading

The Shadow Ecosystem: Alumni Networks, Closed Groups, and Whisper Influence in Cyber

Beyond public policy and LinkedIn posts lies a quiet web of influence, trusted groups, off-book referrals, and unseen signals that shape who gets funded, hired, or heard in UK cybersecurity. Cybersecurity in the UK has a formal face: policy frameworks, standards bodies, public panels, and professional networks. But beneath that, there exists a shadow ecosystem, informal, invitation-only, and often more influential than any official organisation. This is where reputations are made (or unmade), where partnerships are brokered before anyone sees a press release, and where quiet nods matter more than job titles. This article explores the informal infrastructure of UK cyber influence, the alumni groups, private chat channels, Slack collectives, and backchannel referrals that quietly shape decisions in hiring, procurement, investment, and policy.

Continue reading

What CISOs Really Read: Reports, Forums, and Signals That Shape Decisions

Forget the vendor hype. Here’s what makes it to the top table when security leaders plan, buy, and act. Chief Information Security Officers (CISOs) are drowning in noise. Every week brings new whitepapers, vendor webinars, analyst reports, and threat briefings, but only a handful cut through and shape decisions at the enterprise level. So, what do CISOs trust? What do they read, bookmark, cite, and share internally when building strategy or justifying spend? This article examines the forums, publications, briefings, and individuals that significantly influence CISO thinking in the UK, beyond vendor brochures.

Continue reading

The Quiet Power Players of UK Cybersecurity: Who Really Shapes the Agenda?

Behind the acronyms and front-facing roles lies a network of advisors, committees, and convenors quietly setting the pace for cyber strategy in Britain. When we talk about power in UK cybersecurity, we often mention the big institutions… NCSC, DSIT, UK Cyber Security Council, or heavyweight companies like BT, BAE Systems, and Microsoft. But step closer and a more nuanced picture emerges: one shaped less by job titles and more by trust, networks, and proximity to policy formation. This article explores the real power players… not always in the spotlight, but instrumental in influencing policy, procurement, public guidance, and funding flows. These are the advisors, secondments, committee members, and convenors who quietly shape the UK’s cyber agenda.

Continue reading

Cyber and Academia Worldwide: Where Research Meets Real-World Impact

From Singapore to São Paulo, academic institutions are becoming key players in the global cybersecurity landscape. While the US, UK, and EU often dominate discussions of academic cybersecurity, universities and research institutions across Asia, Africa, Latin America, and Oceania are rapidly gaining ground, shaping national policy, developing sovereign cyber capabilities, and launching novel technologies tailored to regional challenges. This article explores how academia across the world is influencing cybersecurity practice, producing talent, and collaborating across borders to tackle today’s most pressing digital threats.

Continue reading

Cyber and Academia in the US: Ivy League Labs to Federal Research Programmes

In the United States, academic institutions are deeply embedded in the architecture of national cybersecurity. Universities and colleges serve as research engines, policy advisors, workforce pipelines, and launchpads for venture-backed startups. From federally funded research to deep partnerships with DARPA, NIST, and the Department of Defense, U.S. academia drives both innovation and influence in cybersecurity.

Continue reading

Cyber and Academia in Europe: Horizon Projects, Hubs, and Collaboration

Europe’s cybersecurity academic landscape is distributed, multi-lingual, and deeply integrated into public policy and industrial ecosystems. With powerful funding mechanisms like Horizon Europe, a strong regulatory backdrop (e.g. NIS2, Cyber Resilience Act), and a rising number of EU-funded collaborative hubs, academia in Europe isn’t just producing talent and research, it’s driving long-term cyber resilience at national and EU levels.

Continue reading

Tech Nation Rising Stars Midlands Final 2025 – Notes from the Canopy

There’s a quiet satisfaction in sitting on the edge of things, absorbing detail, thinking clearly, watching structure unfold. Last April, at The Canopy at The Bond in Birmingham’s Digbeth district, I was glad to attend the Midlands Regional Final of Tech Nation Rising Stars 2025. This wasn’t just a pitch competition; it was a sharp snapshot of the region’s entrepreneurial promise, delivered without bluster but full of energy.

Continue reading

Cyber and Academia in the UK: Research Centres, Spinouts, and Influence

The UK’s academic institutions play a foundational role in shaping the country’s cybersecurity ecosystem. They don’t just educate the workforce, they produce world-class research, support government policy, commercialise IP into high-growth spinouts, and influence standards through international collaboration.

Continue reading

Cybersecurity Meets Health Innovation: Rethinking Risk at the OT Frontline

Cybersecurity in healthcare isn’t an IT sidebar; it’s now a core operational risk and a foundational element of patient safety and innovation. This write-up captures the highlights, insights, and next steps from our June 2025 event (last Monday), convening leaders across health, cyber, academia, and business.

Continue reading

Global Cyber Powerhouses: The Leading Vendors and What They Offer

Cybersecurity is a global industry, but it’s also a geopolitical one. The vendors featured in this guide are not just tech companies. They’re often strategic assets, embedded in national security frameworks, powering defence alliances, and influencing cyber norms across continents.

Continue reading

The Virtuous Triangle: Rethinking Risk at Scale

This article introduces the Virtuous Triangle as a strategic framework for understanding cyber risk through the combined lenses of vulnerability assessment, threat intelligence, and contextual risk analysis. It argues that meaningful risk assessment only emerges when these components are integrated and automated at scale. Drawing on decades of experience, the piece reflects on the limitations of standalone data and the necessity of systems thinking in cybersecurity.

Continue reading

The US Cyber Giants: Vendors, Solutions, and Federal Reach

The United States is home to the most powerful cybersecurity vendors on the planet. These companies don’t just sell products, they influence standards, embed themselves in national security supply chains, and shape global policy through their scale, threat intelligence, and lobbying power.

Continue reading

Environments That Are Actually OT (But Often Misclassified as IT)

This article identifies and evaluates real-world environments that function as Operational Technology (OT) systems but are typically treated as standard IT infrastructure. It outlines the cyber-physical risks of this misclassification and calls for a shift in risk posture, governance, and tooling to reflect the real operational realities of these spaces.

Continue reading

Understanding OT: Operational Technology in Context

This article defines Operational Technology (OT) as distinct from traditional IT, highlighting its core characteristics, such as real-time control, safety-critical processes, long-lifecycle assets, and minimal security by design. It is the first in a short series of articles that argues that failure to recognise OT environments as such leads to systemic cybersecurity blind spots, particularly in sectors like healthcare, logistics, and building management.

Continue reading

Cyber Is New: Why We’re Just Getting Started… Emerging Trends and Future Directions

Cybersecurity feels foundational today, but as a discipline, it is startlingly young. This article argues that cyber is still in its infancy, especially when compared to IT or financial governance, and outlines why this newness matters. From AI security and quantum disruption to the structural challenges facing certification, education, and regulation, the piece maps both future directions and the underlying trends shaping the field. In a world where cyber is everywhere, this article insists: we’re just getting started.

Continue reading

A Brief History of the Term Cyber (Meaning Cybersecurity)

This article explores how the word cyber evolved from its academic roots in cybernetics to its current role as shorthand for cybersecurity. It traces the rise of cyberpunk fiction, the growing association with digital threats in the 1990s, and how UK policy frameworks adopted and institutionalised the term, culminating in the creation of the National Cyber Security Centre (NCSC). From Greek etymology to modern geopolitics, cyber has shifted from describing control to denoting risk.

Continue reading

A Brief History of the Terms: Risk Assessment, Risk Management, and GRC

This article explores the historical development and convergence of three foundational concepts in organisational security: risk assessment, risk management, governance, risk, and compliance (GRC). Tracing their origins in engineering, finance, and corporate governance, it charts their institutionalisation across the UK and their modern evolution into digital, real-time resilience frameworks that underpin enterprise cybersecurity and compliance today.

Continue reading

A Brief History of Penetration Testing: From Tiger Teams to PTaaS

This article traces the history of penetration testing from its military and intelligence roots in the 1960s to its formalisation through U.S. Tiger Teams and J.P. Anderson’s security frameworks. It follows the growth of pen testing into the commercial sector during the 1980s–90s, highlights key tooling milestones like SATAN, and explores its professionalisation in the 2000s via OWASP and PTaaS models. A dedicated UK section explains the roles of CESG, CHECK, CREST, and the NCSC in standardising and accrediting pen testing within British institutions. The article concludes with a reflection on how penetration testing continues to evolve in parallel with modern cyber threats.

Continue reading