(Moved from old site: Originally published 22 Nov 2024) In the fast-paced world of cybersecurity, even industry leaders can occasionally stumble. In 2024, CrowdStrike—a company renowned for its cutting-edge endpoint security—faced an unexpected issue with a routine patch. What was meant to bolster protection instead disrupted critical systems across the globe. This incident, particularly serious…

(Moved from old site. Originally posted June 23, 2025) Transparency or Reconnaissance-as-a-Service? In today’s hyperconnected digital ecosystem, security scorecards have emerged as tools for evaluating and publicising an organisation’s cybersecurity posture. Built on publicly accessible data, these platforms compile metrics into simple ratings or dashboards. The ostensible goal is to promote transparency, benchmarking, and proactive…

(Moved from old site. Originally posted June 25, 2025) Organisations often treat cybersecurity as an afterthought, especially if it conflicts with business goals. This can create a dangerous disconnect between security operations (SecOps) teams and management. Instead of trusting the expertise of in-house SecOps staff, some companies downplay warnings, insisting on external validation. In practice, this often…

The cybersecurity market has become a hotbed of venture investment and hype, spurring a flood of startups pursuing the latest trends, from AI-powered detection to Extended Detection and Response (XDR) platforms. In 2020 alone, investors poured a record $7.8 billion into security startups, with insiders noting that “investors rush to get in on the ground floor…

(Moved from old site. Originally posted 26 June 2025) IntroductionAcross the UK, and globally, organisations increasingly pursue certifications such as ISO/IEC 27001 and Cyber Essentials as visible signals of trust. In theory, that is sensible. Buyers want assurance, regulators want consistency, and boards want a measurable story about risk. In practice, certifications can accidentally reward…