$ ls writing/ -lt
writing.
Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.
Total · 95 pieces
Latest · 2026·05·23 Page · 1 / 4 Locale · en_GB
License · CC BY 4.0
$ grep -l tag:* | sort | uniq
2026·05·23
The nine-second problem An AI agent took nine seconds to delete a production database and its backups. The agent did what it was authorised to do. That is the finding. ai · governance · ned
4 min
2026·05·23
The week in cyber — 18 to 22 May 2026 A self-spreading npm worm, a government letter that boards should read, and the second-quietest Patch Tuesday in two years. What the past working week looked like through a UK board lens. weekly · governance · ned · board
6 min
2026·05·22
The regulator pivot Four documents in May, from four different parts of the UK regulatory apparatus, tell one story. ICO five-step guide. BoE/FCA/HMT joint statement. Cabinet Office letter. South Staffordshire Water fine. The polite phase is over. regulation · ico · governance · ai
6 min
2026·05·19
The agent age and the analyst in the loop Post 21 of the AI series, and the closing piece. Where this is heading. The agent age has arrived; the analyst is still in the loop; the architectural decisions that made EmilyAI durable are now the wider field's emerging consensus. What I will be writing about next. ai · soc · series · closing
8 min
2026·05·16
The week in cyber — 11 to 15 May 2026 A self-spreading npm worm hit TanStack, Patch Tuesday had its quietest month in two years, the Cyber Security and Resilience Bill moved to Report Stage, and the ICO issued a five-step plan boards should actually read. weekly · governance · ned · board
6 min
2026·05·14
Things I wish boards would actually ask Twelve questions that would tell you more than any maturity score. None of them mention zero-trust. governance · ned · board
7 min
2026·05·11
April 2026, in retrospect The worst single month for cyber attacks on record. 105 publicly disclosed ransomware incidents globally. The UK third by volume. Looking back at it with a week's distance, three patterns matter more than the count. retrospective · ransomware · attribution · governance
7 min
2026·05·09
The week in cyber — 4 to 8 May 2026 The ICO fined South Staffordshire Water nearly £1m, the DSIT cyber newsletter quietly confirmed the regulatory direction of travel, and the Canvas extortion played out on a public timeline. weekly · governance · ned · board
5 min
2026·05·04
The £320 myth: what Cyber Essentials actually costs Cyber Essentials is marketed from £320. For an unprepared 10-person UK business under the new v3.3 Danzell question set, the true first-year cost is £13,000 to £30,000 over 10 to 14 weeks. Here is the breakdown. cyber essentials · small business · ned · board · governance
9 min
2026·05·02
The week in cyber — 27 April to 1 May 2026 A learning platform serving thirty million people was breached, cPanel disclosed a zero-day that had been live in the wild for months, and April closed as the worst month for ransomware on record. weekly · governance · ned · board
5 min
2026·04·25
The week in cyber — 20 to 24 April 2026 NCSC and CISA named the Beijing-based outfit running covert botnets, the UK cyber chief told businesses to brace, and a sitting MP's website was hit with 142 million requests. A busy week. weekly · governance · ned · board
6 min
2026·04·18
What it changed about my other machines Last in the six-post series on the Covert Cyber Deck. The deck as catalyst, not destination — what designing and living with it changed about how I look at my work laptop, my home network, the firm's estate, and the boards I advise. cyberdeck · reflection · governance · sovereignty
6 min
2026·04·14
Six years of EmilyAI: what we kept, what we changed, what we should have done sooner Post 20 of the AI series. A longer reflective piece. Eight years on from the first sketch of the system that became EmilyAI, six years on from production deployment, the architectural retrospective the series has been building toward. ai · soc · retrospective · emilyai · series
9 min
2026·04·04
Healthcare's reckoning Three months of attacks have produced a clarifying set of numbers. £32.7m at Synnovis. 150,000 households warned at NHS Dumfries and Galloway. At least one patient death attributed. Healthcare is where concentration risk meets the lowest acceptable downtime threshold. healthcare · ransomware · governance · cni
7 min
2026·04·02
In defence of writing the code yourself On staying technical while sitting in chairs that don't expect you to be. ned · craft · operator
5 min
2026·03·28
What I got wrong An honest account of the calls I have made in the past three years that did not land — what I was reading into the evidence that was not there, and what I would do differently. reflection · craft · leadership
6 min
2026·03·14
Living with it: the costs of offline-first Post five of six on the Covert Cyber Deck. Honest notes on using the slate as a daily driver for several months. What I gave up. What surprised me. Where the bargain felt good and where it felt silly. cyberdeck · craft · honesty · sovereignty
7 min
2026·03·07
The two disciplines that quietly do most of the work Default-deny on USB and hardware-backed multi-factor authentication. Two unfashionable practices that, between them, would prevent more compromise than any tool a CISO will buy this year. operational · craft · hardening
5 min
2026·03·03
DeepSeek and the supply chain of intelligence Post 19 of the AI series. The open-weight reasoning models from DeepSeek and others have changed the supply chain of intelligence. The provenance, licensing, and operational properties of the models you run are now a cyber security question worth taking seriously. ai · supply chain · provenance · series
7 min
2026·02·14
The Cyber Security and Resilience Bill, a board read What the Bill actually does, what it changes for boards in and out of scope, and what the executive should be preparing to evidence over the next twelve months. regulation · governance · ned · board
8 min
2026·02·11
fail2ban is not access control. It is not nothing, either. A short essay on the long argument I keep having with people who should know better. technical · hardening · ssh
4 min
2026·01·24
What I deliberately left off Post four of six on the Covert Cyber Deck. Every component is a question. These are the things I chose not to include — Bluetooth on the management plane, a camera, GPS, cellular, several others — and the single question that flushed each one out. cyberdeck · subtraction · privacy · craft
7 min
2026·01·20
The CSR Bill and AI in cyber: what the regulator now expects Post 18 of the AI series. The Cyber Security and Resilience Bill is moving toward commencement. What it changes for AI in cyber security specifically, what the secondary legislation drafting suggests, and what vendors and customers should be preparing. ai · regulation · csr-bill · series
7 min
2026·01·17
SolarWinds at five Five years on from the disclosure of the SolarWinds Orion compromise, what actually changed in how UK boards think about third-party software risk — and what did not. A practitioner's retrospective on the case study that defined the decade. supply chain · governance · ned · retrospective
8 min
2026·01·10
The supplier underneath the supplier Three disclosures last month tell the same story from three angles: NHS England's tech provider, an NHS GP software supplier, and the Foreign Office. None of them is the headline brand. All of them are where the actual attack surface lives. supply-chain · third-party · governance · cni
6 min