The Small Business
Cyber Security Guy
Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.
Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.
What you’ll get here (and on the podcast):
Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)
I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.
This blog and the podcast is where I unpack it all. Pull up a chair.
The DORA Reckoning: How September's Cyberattacks Just Triggered Europe's First Cross-Border Regulatory Crisis
September 2025's Collins Aerospace and JLR cyberattacks weren't just operational disasters - they triggered Europe's first cross-border regulatory crisis under DORA. While aviation experts focused on flight delays, they missed the real story: EU authorities now have direct oversight powers over US companies like Collins Aerospace serving European financial infrastructure. DORA's January 2025 implementation created unprecedented cross-border enforcement mechanisms that most businesses don't understand. Collins faces potential Critical Provider designation, direct EU regulation, and millions in fines. Meanwhile, UK businesses remain spectacularly unprepared for a regulatory framework that can penalize their technology dependencies. The DORA reckoning has begun.
The JLR and Collins Aerospace Disasters: When Britain's Critical Infrastructure Becomes a Criminal Playground
September 2025 delivered the most devastating supply chain cyberattacks in UK history. Jaguar Land Rover's £72 million daily losses and Collins Aerospace's airport chaos weren't isolated incidents - they exposed systematic vulnerabilities destroying British business resilience.
The same criminal networks using identical social engineering tactics have paralyzed critical infrastructure worth billions. While government offers reactive support, these attacks validate every cybersecurity warning ignored throughout 2025.
From M&S to the BHA, the pattern is undeniable: basic security failures enable sophisticated criminals to systematically destroy economic infrastructure.
The regulatory reckoning is coming, and most businesses remain spectacularly unprepared.
⚠️ Full Disclaimer
This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:
My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity
Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.
Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.
In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.