“Cornflake box degrees” is a rude little phrase, but it points at a real pattern, credentials that look respectable on a CV, yet represent far less learning than the label implies. In UK cyber security, where the cost of incompetence can land as outages, breaches, regulatory pain and reputational damage, the gap between “has a…

(Moved from old site. Originally posted June 25, 2025) Organisations often treat cybersecurity as an afterthought, especially if it conflicts with business goals. This can create a dangerous disconnect between security operations (SecOps) teams and management. Instead of trusting the expertise of in-house SecOps staff, some companies downplay warnings, insisting on external validation. In practice, this often…

The cybersecurity market has become a hotbed of venture investment and hype, spurring a flood of startups pursuing the latest trends, from AI-powered detection to Extended Detection and Response (XDR) platforms. In 2020 alone, investors poured a record $7.8 billion into security startups, with insiders noting that “investors rush to get in on the ground floor…

(Moved from old site. Originally posted 26 June 2025) IntroductionAcross the UK, and globally, organisations increasingly pursue certifications such as ISO/IEC 27001 and Cyber Essentials as visible signals of trust. In theory, that is sensible. Buyers want assurance, regulators want consistency, and boards want a measurable story about risk. In practice, certifications can accidentally reward…