The Complexity of Security: Finding Balance with Tools and Processes

Control room with numerous monitors showing world maps and data analytics

Security tooling has become one of the primary ways organisation try to improve security posture. New platforms promise better visibility, faster detection, and more control. Budgets are allocated, tools are deployed, and dashboards begin to fill with data. On the surface, it looks like progress. But in many environments, the reality is different. More tools … Continue reading The Complexity of Security: Finding Balance with Tools and Processes →

Why Security Best Practices May Fail in Reality

Balance scale with piles of policy documents on one side and computer servers on the other in an office

It's been a little while since my last post. I went back to university in January, so things have been busy - but it's good to be back. One thing that's stood out to me recently is how much of the security advice we rely on is built around "best practices". On paper, they make … Continue reading Why Security Best Practices May Fail in Reality →

From Firefighting to Forward‑Looking: Building a High‑Impact Security Team

Most security teams are busy. That's a given. There is always another project, audit or incident competing for attention. In that environment, it is dangerously easy to confuse activity with impact. Everyone is working hard, but it is not always clear whether the organisation is genuinely safer or simply more exhausted. A high‑impact security team … Continue reading From Firefighting to Forward‑Looking: Building a High‑Impact Security Team →

Why Representation Matters in STEM Careers

Let's talk about people. Much of the conversation around cyber security and STEM focuses on technical controls, tooling, frameworks and policies. These discussions are necessary, they form the backbone of effective security and innovation. But they are not the whole picture. For this post, I will be stepping away from technology and process and discussion … Continue reading Why Representation Matters in STEM Careers →

When Shared Responsibility Means No Responsibility

Modern security environments are built on shared responsibility. Cloud providers, third-parties, internal teams, and business leaders all play a role in managing risk. In theory, this model enables scale and flexibility. In practice, it often creates gaps. Many security failures are not caused by a lack of controls or awareness, but by uncertainty over who … Continue reading When Shared Responsibility Means No Responsibility →

Cloud Resilience Lessons from 2025 Outages

The events of 2025 have challenged long-held assumptions about cloud resilience. Many organisations have implemented widely accepted best practices, multi-availability zone architectures, multi-region deployments, and cloud-native backup solutions, yet still experienced prolonged disruption. In each case, the underlying issue was not a failure of compute or storage. Instead, failures occurred in control-plane services such as … Continue reading Cloud Resilience Lessons from 2025 Outages →

Understanding Modern Threat Actors: Perspectives & Strategies

Threat actors are not a single, uniform group. They range from financially motivated gangs to state-linked operators and loosely structured criminal ecosystems, each with different objectives and levels of sophistication. Understanding a few prominent examples can assist teams in thinking more clearly about how attackers operate. This helps identify where defences are likely to be … Continue reading Understanding Modern Threat Actors: Perspectives & Strategies →

Transforming Security: From Blocker to Business Enabler

Security teams are often seen as the function that slows work down, adds extra steps, or blocks ideas at the last minute. That perception does not just impact team relationships; it directly affect how early people involve security and how willing they are to act on advice. Shifting security from "blocker" to "business enabler" is … Continue reading Transforming Security: From Blocker to Business Enabler →

Enhancing Incident Response Through Effective Communication

When a security incident occurs, technical response often becomes the immediate focus - isolating systems, analysing logs, restoring services. However, the effectiveness of an incident response also depends on how well teams communicate under time pressure and uncertainty. Clear, structured communication helps people understand priorities, coordinate activity, and avoidable delays. Communication will not remove risk … Continue reading Enhancing Incident Response Through Effective Communication →

40M Voters Exposed: Security Lessons from a Major Breach

Over the next 12 days, this mini-series will share short, real-world security lessons from recent incidents, and industry trends. Each post will focus on a single topic, highlight what happened, and outline practical steps organisations can take to reduce risk. The aim is to provide short, accessible insights that reflect how security challenges are unfolding … Continue reading 40M Voters Exposed: Security Lessons from a Major Breach →

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: