First Monday of July. Half-year. The customer-portfolio H1 has been steady — Operation Cronos in February, Change Healthcare through Q1, XZ Utils in March-April, the Snowflake-and-NPD activity through Q2 — but operationally absorbed without the kind of acute-pressure period that 2021's Q2 produced. The CrowdStrike outage on the 19th hit the customer-portfolio in Q3's second week and is the principal H2 operational consideration.
The institutional-capital decision. The conversations through 2023 and Q1-Q2 of 2024 have advanced to the point where I have made a decision: the company will not raise institutional capital at this stage. The conversations were substantive and the deal-shapes were commercially attractive, but the strategic-decision-making freedom that the bootstrapped position produces is, on the careful balance, more valuable than the capital injection would be. The final deal-shape negotiations through Q2 produced the moment of decision; I declined and the conversations are paused. The optionality remains and the company-shape may produce different conditions for revisiting in future, but the 2024 disposition is settled.
The portfolio. Six vCISO clients carrying through. Eighteen SOC customers. Twenty-two EmilyAI commercial customers (added two through H1, no churn). The team is at forty at mid-year (one hire in Q1, one hire in Q2). H1 revenue is at approximately 107% of plan, with the EmilyAI side modestly over and the services side slightly above plan. The financial position is healthy.
The book reception. "The Model Is Part of the Programme" has had the most commercially-positive reception of the four published books — the launch event in February produced substantive customer-prospect conversations that have converted to two engagements in Q2, the trade-press pickup has been moderately better than the prior books' (with several specific reviews-and-features in security-trade-publications producing useful audience). The book is, as planned, working as a strategic-positioning artefact for the company's customer-engagement work as much as a publishing project in its own right.
The personal note. Twenty-five posts on the blog at mid-year, on track for a 50+ year-total. The next book is in early outline; the working theme is the post-NIS2-and-post-AI-Act regulatory-environment-as-a-customer-organisation-discipline material. Drafting target Q4 2024 and 2025, publication probably 2026.
Onward to H2. The CrowdStrike-outage-driven customer-organisation programme work. The NIS2 transposition deadline (October 17 — three months). The continuing supply-chain-and-credential-driven attack pattern. The continuing language-model-environment progression. The work continues.