⭐100K+ Monthly Downloads

⭐Top 20 Apple Management

⭐100K+ Monthly Downloads ⭐Top 20 Apple Management

The Small

Business

Cyber Security Guy

Welcome to the blog and podcast, where we share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my and the team’s thoughts, opinions forged in the heat of battle! And not those of our employers, clients, or any other professional with whom we are associated.

If you’re offended, take it up with us, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast are where we break it all down.

Grab a coffee and pull up a chair, you need to see this!

Latest Articles
Why SMBs Draw Their Cyber Essentials Scope Around the Comfortable Parts
Why SMBs Draw Their Cyber Essentials Scope Around the Comfortable Parts
March Patch Tuesday 2026: No Zero-Days, No Excuses
March Patch Tuesday 2026: No Zero-Days, No Excuses
Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message. Stop the Security Industry Bullshit. Wear Your Message.
Stop the Security Industry Bullshit. Wear Your Message.
Compliance & Risk Management Mauven MacLeod Compliance & Risk Management Mauven MacLeod

Why SMBs Draw Their Cyber Essentials Scope Around the Comfortable Parts

After years observing how organisations navigate security certification, I have reached a fairly uncomfortable conclusion: most scope failures in Cyber Essentials are not technical errors. They are decisions. Somebody looked at the full picture of what should be in scope, felt the weight of what that would require, and drew the line somewhere more manageable. I understand the impulse.

I have watched it play out at every scale. But CE v3.3 closes the ambiguities that made that line defensible. And post-breach, the scope document is not filed quietly away. It becomes the first thing lawyers and insurers read.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and any contributors and ours alone. They do not reflect or represent the views, beliefs, or policies of:

  • Our Day Job employers

  • Any current or past clients, suppliers, or partners

  • Any other organisation We affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where we mention products, services, or companies, that’s based purely on our own experiences and opinions — We are not being paid to promote anything. If that ever changes, we’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.