peter bassill · operator
peter@hardened:~$ whoami

Peter
Bassill.

I'm a British cyber security operator at board level — the CEO who still writes the code, the advisor who has actually carried the pager. Kernel to chair, in the same conversation.

CEO · UK Cyber Defence CREST · European Council CREST · IR Pan Europe en_GB · since 1998 Status · available for advisory
$ cat /var/log/now
00 / Now

What's on the desk this week.

No smoke. The brief says transparency, so here is the actual state of things. Updated when something changes, not when a content calendar says so.

RUNNING
UK Cyber Defence, year one.
Eight months on from the Hedgehog merger. The stack and the rota are mostly rationalised; the arguments now are about what we stop doing, not what we start.
WRITING
The Small Business Cyber Strategy.
A four-part plan for UK SMEs, aligned to Cyber Essentials, Cyber Essentials Plus and ISO 27001. Just shipped, in the writing.
READING
Post-quantum cryptography, at the source.
NIST, the NCSC and the Nature papers rather than the trade-press version. The write-up is here.
SHIPPING
A PHP rewrite of an old triage tool.
Yes, PHP. No, I won't apologise for it. Ubuntu, Apache, MySQL, fail2ban.

LAST UPDATED — 2026-07-11 · drift since update: 0 days

$ man peter.bassill
01 / About

Operator. At the board. Both at once.

Most people pick a side: the hands or the room. I've spent twenty-eight years refusing to.

I run a small British cyber defence company. I still write the production PHP, harden the Ubuntu boxes, and configure the Apache and MySQL myself. I also sit on the CREST European Council and CREST IR Pan Europe, where the people in the room have read the same incident reports I have, and we argue about what to do next.

The combination is rarer than it sounds. Most CEOs at this end of the industry have stopped touching the consoles. Most engineers good enough to run the consoles haven't sat in a regulator's office. I do both, deliberately, because the gap between those rooms is where most cyber security goes wrong.

If you're a board chair, I can brief you in plain English on Tuesday. If you're a CISO, I can argue with you about detection engineering on Wednesday. If you're a tier-three responder, I can stand at the back of the bridge on Thursday and not get in your way. The brand is just the shape of that.

2026CREST · IR Pan Europe (advisory)third year on the body.
2025CEO · UK Cyber Defenceformed Nov 2025 from the Hedgehog merger.
2023CREST · IR Pan Europe (joined)incident response, Europe-wide remit.
2022CREST · European Council (joined)the accrediting body for much of the industry.
Hedgehog Security · Founder / CEOtwenty years on the consoles before this.
1998First production box, first pagera Sun box in a basement.
$ ls -l /etc/roles
02 / Work

Three positions. One job.

An executive role, two advisory ones. They share an audience and a remit: keep European cyber defence honest, and keep practitioners in the room.

EXECUTIVE

Chief Executive Officer

UK Cyber Defence

Day-to-day operator of a British cyber defence firm formed from the November 2025 merger of Hedgehog Security and UK Cyber Defence. Strategy, delivery, and yes — still the one writing the more interesting bits of the platform.

SINCE — 2025·11
ADVISORY

European Council Member

CREST

One of the seats on the European Council of the body that accredits much of the industry. Policy, standards, and arguing on behalf of operators who'd rather be on the console than in the room.

SINCE — 2022
ADVISORY

IR Pan Europe

CREST

Working with the pan-European incident response scheme — the shape of how IR is practised, accredited, and held to a standard across borders. Less ribbon-cutting; more rota and runbook.

SINCE — 2023
$ ls writing/ -t | head
03 / Writing

Some things I've written down.

Notes from the desk, not thought leadership. Specifics over slogans.

2026·07·11 It wasn't a misdirected email: the NHS Forth Valley breach The headlines called it an email blunder. It wasn't — a staff member moved a spreadsheet of 150 maternity patients' data to their own personal inbox. Why that distinction matters, where NHS Scotland keeps going wrong, and the controls that actually stop it. 10 min 2026·07·11 Quantum computing: the machine that doesn't exist yet Does quantum computing really work, is the threat real, and is any of it viable? A straight answer: real physics, a threat deferred but already forcing your hand through harvest-now-decrypt-later, and a defence that is standardised, hybrid, and already running in your browser. 9 min 2026·07·11 The week in cyber — 6 to 10 July 2026 Whitehall credentials for sale after a Fortinet campaign that needed no zero-day, a voluntary pledge launched at Number 10 that most of the FTSE ignored, the Bank of England naming frontier AI as a stability risk, and npm about to break your build on purpose. 7 min 2026·07·11 Three weeks with the door open A cybercrime crew backdoored 25,000 websites using nothing but public exploits — then left its own server open on the internet for three weeks. The exposed working directory shows an adversary far less polished, and far more industrialised, than its victims imagined. 8 min 2026·07·09 Five shifts for cyber resilience in an AI-driven world The long-form version of a panel talk — five shifts AI forces on cyber resilience and assurance: assure the model not just the infrastructure, AI as threat and shield, a supply chain reaching upstream into the model, the accountability gap, and sovereignty at the edge. 8 min 2026·07·09 Ghosts and runners: living off GitHub Attackers have stopped bringing their own infrastructure and started borrowing GitHub's — dormant accounts aged for years to blend in, and CI runners turned into backdoors. A look at the ghost-account and hijacked-runner campaigns, and the dull controls that would stop them. 8 min

all posts  ·  subscribe by email  ·  rss

$ cat talks.tsv
04 / Talks

Where I've spoken. Where I'm speaking next.

I keep this list short on purpose. I'd rather give one good talk a quarter than four mediocre ones.

$ contact --advisory

If you need someone who's actually done the thing.

I take on a small number of advisory engagements at any given time — board briefings, IR-readiness work, the occasional NED conversation. Not retainers I won't use. Not panels I haven't read for.

replies within 2 working days · en_GB · pgp on request · no agency intros
$ finger peter
05 / Contact

Direct channels.

No contact form funnels, no calendly. If you'd write to a colleague, write the same way to me — or use the form below.

Email is fastest. If your message includes who you are, what you'd like, and a rough sense of when, you will get a useful answer within two working days.

EMAILcomms [at] peterbassill {dot} com
GITHUB@pbassill
CRESTEuropean Council · IR Pan Europe
LOCATIONUnited Kingdom · en_GB
no tracking · no third parties · stored only in my inbox