Tag Archives: strategy

The Virtuous Triangle: Rethinking Risk at Scale

This article introduces the Virtuous Triangle as a strategic framework for understanding cyber risk through the combined lenses of vulnerability assessment, threat intelligence, and contextual risk analysis. It argues that meaningful risk assessment only emerges when these components are integrated and automated at scale. Drawing on decades of experience, the piece reflects on the limitations of standalone data and the necessity of systems thinking in cybersecurity.

Continue reading

A Brief History of the Terms: Risk Assessment, Risk Management, and GRC

This article explores the historical development and convergence of three foundational concepts in organisational security: risk assessment, risk management, governance, risk, and compliance (GRC). Tracing their origins in engineering, finance, and corporate governance, it charts their institutionalisation across the UK and their modern evolution into digital, real-time resilience frameworks that underpin enterprise cybersecurity and compliance today.

Continue reading

Scaling Cyber: A Startup Founder’s Journey from Idea to Exit

This virtual book is a guide to the entrepreneurial journey, drawn from real-world experiences in cyber startups. It distils insights from my time on the NCSC for Startups accelerator (cohort 13, 2023), the DSIT Cyber Runway Scale programme (2024/2025), and my mentoring on DSIT’s Cyber ASAP programme. It’s a collection of lessons, reflections, and hard-earned knowledge from the founders, investors, and industry leaders I’ve met along the way. Thanks to Marcel Duchamp you can think of it as a “ready made”, a curated work built from my blog articles, assembled to help you navigate the path from startup to scale, and beyond.

Continue reading