The Small Business
Cyber Security Guy
Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.
Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.
What you’ll get here (and on the podcast):
Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)
I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.
This blog and the podcast is where I unpack it all. Pull up a chair.
Breach of the Month Club: March 2025 Edition
Welcome to the inaugural edition of Breach of the Month Club™, your monthly tour of reputational disaster.
March 2025 was a banner month for avoidable breaches, from Lloyds accidentally mailing out million-pound statements, to Jaguar Land Rover getting wrecked by leaked JIRA credentials.
Reform UK ignored GDPR completely, Morrisons got battered by a supplier breach, and 23andMe? Well, they lost your DNA and filed for bankruptcy.
We break it all down with just the right amount of sarcasm—and a reminder that no company is too big to fail at basic cyber hygiene.
Apple vs. The UK Government: A Petty Breakup Over Encryption
The UK government and Apple are in a messy breakup, and—spoiler alert—it’s not mutual. Apple has yanked Advanced Data Protection (ADP) from the UK faster than a politician dodging accountability, all because the government wants a sneaky backdoor into everyone’s iCloud. Apple’s response? “Yeah, no.”
The Investigatory Powers Act (IPA) 2016—affectionately nicknamed the Snooper’s Charter—gives the UK authorities the power to demand weaker encryption, which, as every cybersecurity expert knows, is about as smart as setting your password to “password123.” Apple, not one to be bullied, packed up and left, meaning UK users are now stuck with less protection and more vulnerability.
So, who wins? Not the everyday user, who now gets to live in constant fear that their private data is an all-you-can-eat buffet for cybercriminals. But hey, at least the UK government can pat itself on the back for really sticking it to privacy. Welcome to 2025—where security is optional, surveillance is mandatory, and Apple just swiped left on Britain.
⚠️ Full Disclaimer
This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:
My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity
Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.
Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.
In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.