Tag Archives: UK cyber security

The NCSC Annual Review 2025: Between Capability and Stasis

The article examines the NCSC Annual Review 2025 as both a testament to accomplishment and a warning. It praises the NCSC’s technical competence but questions its identity: regulator, delivery agency, or state-backed market player? It highlights contradictions — DSIT hailing it as “the jewel in the crown” while eroding its remit, diluting CyberFirst into TechFirst, ending its startup work, and overstating the benefits of Cyber Essentials. The piece concludes that the NCSC is overextended and under-defined, needing clarity of purpose more than new initiatives — less performance, more direction.

Continue reading

A Brief History of Penetration Testing: From Tiger Teams to PTaaS

This article traces the history of penetration testing from its military and intelligence roots in the 1960s to its formalisation through U.S. Tiger Teams and J.P. Anderson’s security frameworks. It follows the growth of pen testing into the commercial sector during the 1980s–90s, highlights key tooling milestones like SATAN, and explores its professionalisation in the 2000s via OWASP and PTaaS models. A dedicated UK section explains the roles of CESG, CHECK, CREST, and the NCSC in standardising and accrediting pen testing within British institutions. The article concludes with a reflection on how penetration testing continues to evolve in parallel with modern cyber threats.

Continue reading