tag: ned.

2026·05·23 The nine-second problem An AI agent took nine seconds to delete a production database and its backups. The agent did what it was authorised to do. That is the finding. ai · governance · ned 4 min 2026·05·23 The week in cyber — 18 to 22 May 2026 A self-spreading npm worm, a government letter that boards should read, and the second-quietest Patch Tuesday in two years. What the past working week looked like through a UK board lens. weekly · governance · ned · board 6 min 2026·05·16 The week in cyber — 11 to 15 May 2026 A self-spreading npm worm hit TanStack, Patch Tuesday had its quietest month in two years, the Cyber Security and Resilience Bill moved to Report Stage, and the ICO issued a five-step plan boards should actually read. weekly · governance · ned · board 6 min 2026·05·14 Things I wish boards would actually ask Twelve questions that would tell you more than any maturity score. None of them mention zero-trust. governance · ned · board 7 min 2026·05·09 The week in cyber — 4 to 8 May 2026 The ICO fined South Staffordshire Water nearly £1m, the DSIT cyber newsletter quietly confirmed the regulatory direction of travel, and the Canvas extortion played out on a public timeline. weekly · governance · ned · board 5 min 2026·05·04 The £320 myth: what Cyber Essentials actually costs Cyber Essentials is marketed from £320. For an unprepared 10-person UK business under the new v3.3 Danzell question set, the true first-year cost is £13,000 to £30,000 over 10 to 14 weeks. Here is the breakdown. cyber essentials · small business · ned · board · governance 9 min 2026·05·02 The week in cyber — 27 April to 1 May 2026 A learning platform serving thirty million people was breached, cPanel disclosed a zero-day that had been live in the wild for months, and April closed as the worst month for ransomware on record. weekly · governance · ned · board 5 min 2026·04·25 The week in cyber — 20 to 24 April 2026 NCSC and CISA named the Beijing-based outfit running covert botnets, the UK cyber chief told businesses to brace, and a sitting MP's website was hit with 142 million requests. A busy week. weekly · governance · ned · board 6 min 2026·04·02 In defence of writing the code yourself On staying technical while sitting in chairs that don't expect you to be. ned · craft · operator 5 min 2026·02·14 The Cyber Security and Resilience Bill, a board read What the Bill actually does, what it changes for boards in and out of scope, and what the executive should be preparing to evidence over the next twelve months. regulation · governance · ned · board 8 min 2026·01·17 SolarWinds at five Five years on from the disclosure of the SolarWinds Orion compromise, what actually changed in how UK boards think about third-party software risk — and what did not. A practitioner's retrospective on the case study that defined the decade. supply chain · governance · ned · retrospective 8 min 2025·12·29 The year 2025 was actually about An end-of-year reflection on what 2025 turned out to be, what the noise mostly was, and what the genuinely consequential shifts were for UK cyber security at board level. annual review · governance · ned · board 8 min 2025·09·15 What pen testing now actually buys you AI-assisted offensive tooling, cloud-native estates, supply-chain shaped scope — what pen testing in 2025 actually looks like, and what boards are still mis-reading in the deliverable. pen testing · craft · governance · ned 7 min 2025·06·29 Synnovis, a year on One year after the Qilin ransomware attack on Synnovis took NHS pathology services in south-east London offline, what did we actually learn — and what is still unfixed? case-study · healthcare · ransomware · ned 7 min 2024·11·19 Passing it on: to the next director, to your children Part 18 of 18, the closing post. The privacy work you have done over the last two years has to outlive you in the role. How to write it down, how to teach it, and how to make sure the people who inherit it can actually use it. privacy · series · ned · closing 6 min 2024·10·22 Building a personal privacy posture Part 17 of 18. Sixteen posts of specifics, condensed into a posture rather than a list. The five sentences that should govern personal privacy for a board director and their household. How to keep it current. privacy · synthesis · ned · series 7 min 2024·08·20 CrowdStrike: cyber resilience without a bad actor Four weeks after the CrowdStrike Falcon update that took 8.5 million Windows machines offline, the post-mortem is in. The interesting question is not what CrowdStrike did wrong. It is what the rest of us did wrong by assuming this kind of event could not happen. resilience · supply chain · ned · governance 7 min 2024·07·23 Hotels, conferences, and public Wi-Fi Part 15 of 18, third and last of the travel posts. The day-to-day mechanics — the hotel network, the conference Wi-Fi, the airport lounge, the coffee shop on the way to the meeting. The small kit and habits that compound over a year of travel. privacy · travel · ned · series 7 min 2024·05·21 Clean devices and selective sync Part 14 of 18, second of three travel posts. The clean travel laptop and phone, what to put on them, what to leave at home, and how to remain effective without exposing the whole work footprint. privacy · travel · ned · series 7 min 2024·04·23 International travel and jurisdictional risk Part 13 of 18, first of three travel posts. What actually changes when you cross a border — customs powers over devices, foreign-state interest, the practical implications of which countries you are visiting. Without the paranoid framing. privacy · travel · ned · series 8 min 2024·02·20 Board portals and document handling Part 12 of 18. Diligent, BoardEffect, Nasdaq Boards, the email-attachment habit, and the moments in board-paper handling when sensitive material is most likely to leak. The practical posture for non-executive directors. privacy · work · ned · board-portal · series 7 min 2023·12·12 Assistants, drivers, and household staff Part 11 of 18. The people around a senior board director are, for practical purposes, part of the security boundary. The standing rules that protect everyone — the executive, the staff, the relationship — without becoming surveillance. privacy · work · ned · staff · series 7 min 2023·11·30 The CISO in the dock The SEC's charges against Tim Brown over the SolarWinds disclosures, alongside Joe Sullivan's conviction over Uber a year ago, signal a regime change in personal accountability for security leaders. What it means for UK CISOs and the boards that employ them. ciso · governance · regulation · ned 7 min 2023·11·14 23andMe, and the data with the longest half-life Last month 23andMe disclosed that attackers used credential stuffing against accounts opted in to relative-matching to scrape data on roughly 6.9 million people. The board lesson is about which data has the longest half-life — and it is not what most firms think. privacy · breach · governance · ned 6 min 2023·10·17 The board director's public exposure Part 10 of 18. Companies House, LinkedIn, conference speaker lists, the corporate website. The footprint your board role creates whether you want it or not, and the small set of choices that determine how much it reveals. privacy · work · ned · series 7 min 2023·04·18 The digital footprint we create for our children before they can speak Part 4 of 18, first of the children-focused posts. The photos, the school records, the birthday Facebook posts, the WhatsApp groups, the smart toys. What we lay down for our children, before they have any say. privacy · children · series · ned 8 min 2023·02·28 The home network you live on Part 2 of 18. Your home Wi-Fi router is the only thing between everything connected in your house and the rest of the internet. What boards should ask their household to look at this weekend. privacy · home · series · ned 7 min 2023·02·07 Digital privacy for board directors: the eighteen-post version An honest start to a long series. What digital privacy actually means for a board director in 2023, why the home / travel / work boundary is the right framing even though it leaks, and why children deserve four of the eighteen posts. privacy · ned · board · series 6 min 2021·08·17 Pegasus, and the question for UK boards we have been pretending not to face The Pegasus Project disclosures last month confirmed what specialists have privately known for years: commercial spyware is a mature, well-funded industry, and its customer list includes governments most UK firms do business with. The board question is what to do about it. spyware · privacy · ned · governance 7 min 2021·06·10 Colonial Pipeline: the CNI lesson the UK should not need to learn the hard way Five weeks after the DarkSide ransomware attack on Colonial Pipeline shut down 45% of US East Coast fuel supply, what UK critical national infrastructure boards should be doing about it. cni · ransomware · governance · ned 7 min 2021·04·06 Hafnium and the patch-window asymmetry Five weeks after the Microsoft Exchange ProxyLogon disclosure, the dust is settling on what may turn out to be the most consequential mass-exploitation event of the decade. What it teaches us is structural, not tactical. incident · patching · craft · ned 7 min