The Small

Business

Cyber Security Guy

⭐100K+ Monthly Downloads

⭐Top 20 Apple Management

⭐100K+ Monthly Downloads ⭐Top 20 Apple Management

Welcome to the blog and podcast, where we share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my and the team’s thoughts, opinions forged in the heat of battle! And not those of our employers, clients, or any other professional with whom we are associated.

If you’re offended, take it up with us, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast are where we break it all down.

Grab a coffee and pull up a chair, you need to see this!

Latest Articles
UK SMBs Left in the Crosshairs
UK SMBs Left in the Crosshairs
Directors Should Face Criminal Liability for Cyber Security Negligence. Here's Why.
Directors Should Face Criminal Liability for Cyber Security Negligence. Here's Why.
Patch Tuesday, Technical Analysis Graham Falkner Patch Tuesday, Technical Analysis Graham Falkner

Three Zero Days And A Christmas Timebomb: December Patch Tuesday Will Hurt If You Ignore It

December 2025 Patch Tuesday is supposed to be the quiet cruise into Christmas, right? Instead we got fifty seven vulnerabilities, three zero days and one actively exploited Windows privilege escalation that hits almost every supported build.

Add in one hundred and thirty nine Adobe fixes and an awkward five week gap until the next Patch Tuesday in January and you have a perfect festive storm.

Are you really happy to leave servers and laptops unpatched while everyone is on holiday, or do you want to start 2026 without starring in a breach headline? What does your patch plan look like this week?

Read More
Technical Analysis, Authentication, Ransomware Defence Noel Bradford Technical Analysis, Authentication, Ransomware Defence Noel Bradford

Why Multi-Factor Authentication Could Have Prevented the Synnovis Death

When Beverley Bryant, former Chief Digital Information Officer at Guy's and St Thomas' NHS Foundation Trust, stated that the Synnovis attack "may not have happened" with two-factor authentication enabled, she was not speculating. She was describing technical reality.

The Qilin ransomware gang gained initial access through compromised credentials. Multi-factor authentication completely blocks this attack vector.

A patient died because a free security control was not enabled. This is not hindsight; it is basic cybersecurity hygiene that has been industry standard for over a decade.

Here is the technical explanation of exactly how MFA would have stopped this attack.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.