The Small Business
Cyber Security Guy
Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.
Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.
What you’ll get here (and on the podcast):
Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)
I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.
This blog and the podcast is where I unpack it all. Pull up a chair.
Five Questions That Reveal Your Business Needs Strategic IT Leadership (And It's Not What You Think)
Most UK businesses think they're fine without strategic IT leadership until they're not. These five diagnostic questions expose the difference between thriving with technology and merely surviving despite it.
Question 1: Are technology decisions made strategically or reactively? If you're replacing servers because they died rather than planned refresh cycles, you need help.
Question 5: Will current systems scale gracefully as you grow? Planning to double in size without considering technology impact is business suicide.
Answer honestly: reactive technology management costs more than strategic guidance. The question isn't whether you need leadership—it's whether you'll get it before competitors do.
£180k CIO vs £25k Fractional: Why Smart UK Businesses Choose the Latter
Full-time CIO in London: £180k-250k annually plus benefits. Fractional CIO: £15k-30k for strategic expertise when you need it.
The mathematics are brutal, but the quality difference might surprise you. Many fractional executives are senior professionals who prefer variety over corporate politics.
You get FTSE 250 CIO experience for a fraction of full-time cost. While your competitors burn budget on executives who spend half their time in meetings, you access strategic guidance scaled to actual needs.
Smart UK businesses are realising that technology leadership isn't about seat time—it's about strategic thinking that drives business results.
Stop Calling Dave from IT, Your CIO (He's Not, and It's Destroying Your Business)
Dave from IT is brilliant at keeping your systems running. But calling him your CIO is like calling your mechanic an automotive engineer.
Most UK small businesses confuse operational IT support with strategic technology leadership, and it's costing them millions. While Dave troubleshoots email issues, real CIOs design five-year technology roadmaps.
The difference? Strategic thinking that aligns technology investments with business objectives. Fractional CIO services deliver genuine C-level expertise for £15k-30k annually versus £180k+ for full-time hiring.
Stop expecting Dave to be everything. Give him the strategic backup he desperately needs.
Think You’re Too Small to Be Hacked? So did the Last 60%
Too many UK small businesses still believe they’re “too small to hack.” It’s the most dangerous myth in business today.
With 96% of cyberattacks targeting SMEs and 60% of victims closing within six months, denial is a death sentence.
This article pulls apart the excuses business owners use, exposes the real-world costs of breaches, and explains why simple, affordable steps like Cyber Essentials, MFA, patching, and staff training are the difference between survival and closure.
Think you’re too small to be hacked? So did the last 60%.
Why Small Businesses Must Rethink Cybersecurity NOW (Before It’s Too Late)
Cybersecurity is not just an enterprise problem. With 96% of attacks targeting small businesses and 60% of victims closing within six months, UK SMEs face a survival crisis.
This article exposes the myths keeping businesses vulnerable, the real financial impact of attacks, and the role of supply chain risk. It explains why Cyber Essentials and board-level governance are no longer optional, but essential.
Written for directors and leaders, it lays out practical steps to protect your business before it’s too late.
The Massive Lie That’s Killing UK Businesses: Cybersecurity is NOT Just an Enterprise Problem
Cybersecurity is not just an enterprise problem. With 96% of attacks targeting small businesses and 60% of victims closing within six months, UK SMEs face a survival crisis. This article exposes the myths keeping businesses vulnerable, the real financial impact of attacks, and the role of supply chain risk. It explains why Cyber Essentials and board-level governance are no longer optional, but essential. Written for directors and leaders, it lays out practical steps to protect your business before it’s too late.
60% of Small Businesses Die After Cyberattacks – Are You Next?
Sixty per cent of small businesses don’t survive a cyberattack. That’s not a scare tactic, it’s a reality. UK SMBs are under siege, targeted in 96% of attacks because criminals know you’re under-protected and overconfident. This post rips apart the myth that cybersecurity is “only an enterprise problem” and shows how MSP malpractice, human error, and supply chain risk are leaving businesses exposed.
Most importantly, it lays out the simple, affordable steps like Cyber Essentials that block 95% of attacks. Because once the breach hits, it’s already too late.
Podcast Ep7: Technical Debt - The Digital Quicksand Drowning UK Businesses
M&S lost £300 million because decades of technical debt left them unable to respond to basic social engineering. Co-op faced identical DragonForce attacks but recovered quickly through operational agility. The difference? M&S accumulated digital debt like a hoarder accumulates rubbish, whilst Co-op invested in resilience.
Technical debt isn't just old software - it's every deferred security decision, every "temporary" workaround, every vendor relationship without oversight.
Podcast Episode 7 reveals how your past shortcuts are creating tomorrow's business extinction events. Because criminals don't attack your current systems - they attack your accumulated incompetence.
Tonight at Midnight: The Password Archaeology Begins
Picture this: It's midnight, crisis hits, you need email access urgently. Staring at the login screen, mind completely blank. Was it your dog's name plus random numbers? Your old football team with an exclamation mark? Welcome to digital archaeology - the art of excavating your own memory for password variations you can't quite remember. Tonight's podcast reveals why we've become amateur archaeologists in our own digital lives, managing 250+ passwords while 78% of us reuse them. The midnight password panic is about to get much worse before it gets better.
⚠️ Full Disclaimer
This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:
My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity
Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.
Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.
In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.