The Small Business

Cyber Security Guy

Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast is where I unpack it all. Pull up a chair.

Man wearing glasses and a light gray sweater, smiling
ISO27001 vs Cyber Essentials (Part 2/3):Big Names, Big Certs, Big Breaches: The Truth Behind the Logos
Industry Analysis, Compliance & Certification, uk-compliance, uk-business Noel Bradford Industry Analysis, Compliance & Certification, uk-compliance, uk-business Noel Bradford

ISO27001 vs Cyber Essentials (Part 2/3):Big Names, Big Certs, Big Breaches: The Truth Behind the Logos

You’d think ISO27001 and SOC 2 certifications mean a business is secure. But if 2023 and 2025 have shown us anything, it’s that those badges don’t stop breaches. From Capita’s data leaks to Harrods’ containment chaos, and Co-op’s app disruption to the MOVEit dominoes, governance frameworks have failed where basic cyber hygiene would have succeeded.

Cyber Essentials, often dismissed as small business fluff, turns out to be the missing frontline control in all of these high-profile failures. This article names names, unpacks the gaps, and shows why CE+ is no longer optional, it's essential.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.