The Small Business
Cyber Security Guy
Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.
Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.
What you’ll get here (and on the podcast):
Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)
I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.
This blog and the podcast is where I unpack it all. Pull up a chair.
ISO27001 vs Cyber Essentials: Real Defence vs Checkbox Theatre
Another UK SMB just spent £40,000 on ISO27001 certification. Three months later: ransomware. The compliance industry has convinced every 15-person company they need enterprise-grade paperwork to survive. Bollocks. While you're documenting your password policy in 47 formats, criminals are walking through the digital front door you forgot to lock. Today's deep-dive exposes the real cost of compliance theatre vs actual security. Spoiler: Cyber Essentials might actually protect you, ISO27001 will definitely bankrupt you
Snap, Crackle, Compromise: How Kellogg's Quietly Served Up Employee Data to Hackers
Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers.
It’s another textbook example of supply chain negligence dressed up as digital transformation.
If your business relies on vendors without grilling their security, you might as well start pouring milk on your firewall and calling it breakfast. Here's how it happened—and why it should scare the cereal out of you.
Why Small Businesses Are a Hacker’s Favourite Snack (And How Not to Be One)
Small businesses love to think they’re “too small” for hackers to bother with. Reality check: that’s exactly why cybercriminals love you. No security team. No proper defences. Just an unlocked digital front door and a password that might as well be ‘password123’. If you’re not taking cybersecurity seriously, you’re practically begging to be hacked.
In this post, we break down why small businesses are an easy target, the biggest security mistakes they make, and how Cyber Essentials can stop your business from becoming a cybercriminal’s next easy payday. Spoiler: it’s easier (and cheaper) than you think.
⚠️ Full Disclaimer
This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:
My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity
Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.
Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.
In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.