About

The Small Business Cybersecurity Guy

Straight-talking security advice for UK businesses that can't afford to get it wrong.

Who is this?

I'm Noel Bradford — CIO, CISO, and the person who ends up in the room when something has gone badly wrong. Four decades of enterprise experience, from managing security operations at Disney, BBC, and Intel to serving as CIO/CISO of a cryptocurrency exchange. I've seen the threats that never make the vendor white papers and cleaned up breaches that were entirely avoidable.

This publication exists because the cybersecurity advice available to UK small businesses is, largely, terrible. It's either vendor marketing dressed up as guidance, or enterprise-grade recommendations that assume a budget and a team that simply don't exist. Someone needs to say what's actually useful and what's expensive theatre.

That's what this is.

What you'll find here

Over 320 articles covering the threats, failures, and practical fixes that matter to UK small and medium-sized businesses. No affiliate links. No sponsored content. No "consult your vendor" hand-waving. Just direct, experience-backed guidance written for business owners and IT managers who have real problems to solve and limited time to solve them.

Topics covered include:

  • Threat intelligence — the actual attacks hitting UK SMBs, not theoretical scenarios
  • Compliance reality — Cyber Essentials, GDPR, and what they actually mean in practice
  • Incident response — what to do when (not if) something goes wrong
  • MSP and vendor accountability — how to spot bad advice and worse contracts
  • Budget-conscious security — what to prioritise when you can't afford everything

The podcast

The Small Business Cybersecurity Guy podcast covers what doesn't make it into the blog — or covers it with considerably less filtering. Co-hosted with Mauven Macleod, a former Government Cyber analyst with deep expertise in the UK threat landscape.

Over 200,000 downloads. Top 20 Apple Management chart. New episodes every Monday at noon GMT. Available on Spotify, Apple Podcasts, Amazon Music, Podbean, and YouTube.

Browse all episodes →

Who writes here

Articles are written by a team of contributors: security practitioners, policy analysts, intelligence professionals, and journalists. Each brings a different angle on the same underlying problem. You can read more about each contributor on their author pages.

All contributors write independently. No contributor is required to clear articles with any employer, client, or commercial partner. When a contributor has a potential conflict of interest in relation to a topic, that is declared in the article.

A note on tone

This publication is direct. It uses strong language when the situation warrants it and it names bad practices, including by specific vendors and providers. If you are looking for a publication that says "it depends" and "consult a professional", this is not it.

All claims are grounded in verifiable evidence: real incidents, documented failures, published research, and named sources. Opinion is clearly labelled as such. Where we get something wrong, we correct it — see our Editorial Standards.

Get in touch

Reader questions, topic requests, and war stories all inform future posts and episodes. If you've got something that needs saying — or asking — use the contact page.