The Small Business
Cyber Security Guy
Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.
Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.
What you’ll get here (and on the podcast):
Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)
I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.
This blog and the podcast is where I unpack it all. Pull up a chair.
Patch Tuesday July 2025: When Shadow IT Makes Security Updates a Nightmare
Microsoft's July 2025 Patch Tuesday just dropped 130 security fixes while most UK SMBs remain blind to 42% of applications running on their networks. From my NCSC experience, this represents a systematic organizational failure: you cannot patch what you cannot see.
Critical vulnerabilities in Windows Kernel, BitLocker, and authentication systems require immediate deployment, but Shadow IT applications will break unpredictably.
Worse, the buried Secure Boot certificate expiration warning affects every Windows system since 2012 and could cause boot failures by June 2026. Patch management with unauthorized applications is like performing surgery blindfolded while the patient keeps moving.
The Hidden Apps Undermining Your Business Security
Yesterday's Episode 6 dropped the bombshell: 42% of business applications are unauthorized. Today we're diving deeper into the hidden app epidemic destroying UK SMB security.
Karen's Dropbox backup strategy with password "Password" shared via email. Marketing teams feeding confidential data to AI platforms. Customer service operations running through WhatsApp Business storing financial information in chat logs.
DNS monitoring revealing 200+ cloud connections in a single week. This isn't isolated incidents, it's systematic security failure hiding in plain sight. The digital squatters have moved in, and most businesses have no idea they're paying rent to criminals.
Week Ahead Preview: Microsoft's Monthly Security Roulette
This week we explored compliance theatre vs real security. Next week, we're diving into the monthly war zone that every IT team knows: Microsoft's Patch Tuesday roulette where one wrong decision can sink your business.
Monday's podcast takes you inside the 6 PM chaos when UK teams scramble with late-breaking updates, and Tuesday's deep-dive exposes why traditional patch management advice is built for enterprises that don't exist.
Plus, practical survival strategies for when you're fighting attackers who reverse-engineer fixes faster than you can deploy them.
⚠️ Full Disclaimer
This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:
My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity
Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.
Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.
In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.