$ ls writing/ -lt
writing.
Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.
Total · 114 pieces
Latest · 2026·07·04 Page · 1 / 5 Locale · en_GB
License · CC BY 4.0
$ grep -l tag:* | sort | uniq
2026·07·04
The week in cyber — 29 June to 3 July 2026 A CitrixBleed sequel exploited within a day, on-prem SharePoint on a patch clock that runs out today, the police pricing UK ransomware and asking you not to pay, and the Cyber Security and Resilience Bill heading for the Lords. weekly · governance · ned · board
6 min
2026·06·29
The week in cyber — 24 to 28 June 2026 Cisco phone systems, an engineering PLM vault and the Linux kernel each turned into a route to root in the same week — against a CISA patch deadline that fell on Sunday. weekly · governance · ned · board
5 min
2026·06·25
School edtech in 2026: the lay of the land Updating the 2023 post on school accounts and edtech, three years and one AI cycle later. What schools collect now, what the regulator has done, and the new category that did not exist in 2023 — AI tutors, AI markers, AI safeguarding tools. privacy · children · school · edtech · update
7 min
2026·06·21
Least certain exactly where it has to decide: the Home Office age guesser A facial age-estimation system whose error margin is widest at the one line it exists to draw is not a decision aid. Setting the immigration politics aside, it fails on accuracy and privacy alone. ai governance · privacy · data protection · biometrics
6 min
2026·06·20
FortiBleed: your firewall, turned into a wiretap An update on the FortiGate exploitation story. SOCRadar's dismantling of FortiBleed shows 430,000 firewalls targeted and 110 million credentials harvested — by turning the appliance's own diagnostics into a credential tap. A board read, then the technical detail. fortinet · credential theft · threat analysis · board
8 min
2026·06·20
Prinz Eugen: the ransomware that takes your newest work first A new Go-based encryptor takes your most recently modified files first, inverting the assumption that fast response limits the damage. One data-broker turned operator, a UK firm already on the leak site. A board-level read, then a full technical teardown. ransomware · threat analysis · technical · board
15 min
2026·06·20
The week in cyber — 15 to 19 June 2026 The NCSC calls it a contest, Parliament widens the net, and the actual ways in this week were an unpatched log server and a hijacked npm account. weekly · governance · ned · board
6 min
2026·06·19
Breached without being touched: the Klue attack and the case for digital sovereignty Two security firms were caught in a data theft this week without an attacker going anywhere near their systems. The way in was a sales tool they had connected to their CRM themselves. This is the clearest argument I have for owning your stack that I have seen in a while. supply chain · saas · digital sovereignty · oauth
8 min
2026·06·19
The criminals have a product team now: The Gentlemen and the industrialised EDR-killer A ransomware crew is shipping its affiliates a polished, standardised tool whose only job is to switch off your endpoint protection before the encryptor runs. The interesting part is not the malware. It is the business model. ransomware · byovd · endpoint · board
6 min
2026·06·13
The week in cyber — 8 to 12 June 2026 Oracle PeopleSoft zero-day hits UK universities, Qilin ransomware exploits Check Point VPNs, Microsoft patches a wormable kernel flaw, and two regulatory deadlines land within days of each other. weekly · governance · ned · board
6 min
2026·06·06
The week in cyber — 1 to 5 June 2026 A self-propagating worm hiding under Red Hat's npm name, two actively-exploited flaws at the edge and the core of the typical UK network, an Android zero-day in the June update, and the Cyber Security and Resilience Bill reaching its final Commons stage. weekly · governance · ned · board
5 min
2026·06·04
The digital footprint we create for children, three years on Revisiting the 2023 post on children's digital footprints, with what has actually changed by 2026 — the Children's Code enforcement, generative AI making the training-set argument operational, and Smartphone Free Childhood moving the position to the mainstream. privacy · children · series · update
7 min
2026·05·30
The week in cyber — 25 to 29 May 2026 GCHQ's director on a 'moment of consequence', the TrapDoor supply chain campaign reaching into AI coding assistants, the Cyber Security and Resilience Bill still grinding through Report Stage, and quantum quietly becoming a 2026 planning item. weekly · governance · ned · board
6 min
2026·05·27
What is AI in 2026 One word is doing too much work. What people actually mean when they say "AI" in 2026 — neural networks, NLP, LLMs, generative AI, and agentic AI — what each one is, and which conversation you are actually in. ai · explainer · governance · board · series
22 min
2026·05·23
The nine-second problem An AI agent took nine seconds to delete a production database and its backups. The agent did what it was authorised to do. That is the finding. ai · governance · ned
4 min
2026·05·23
The week in cyber — 18 to 22 May 2026 A self-spreading npm worm, a government letter that boards should read, and the second-quietest Patch Tuesday in two years. What the past working week looked like through a UK board lens. weekly · governance · ned · board
6 min
2026·05·22
The regulator pivot Four documents in May, from four different parts of the UK regulatory apparatus, tell one story. ICO five-step guide. BoE/FCA/HMT joint statement. Cabinet Office letter. South Staffordshire Water fine. The polite phase is over. regulation · ico · governance · ai
6 min
2026·05·19
The agent age and the analyst in the loop Post 21 of the AI series, and the closing piece. Where this is heading. The agent age has arrived; the analyst is still in the loop; the architectural decisions that made EmilyAI durable are now the wider field's emerging consensus. What I will be writing about next. ai · soc · series · closing
8 min
2026·05·16
The week in cyber — 11 to 15 May 2026 A self-spreading npm worm hit TanStack, Patch Tuesday had its quietest month in two years, the Cyber Security and Resilience Bill moved to Report Stage, and the ICO issued a five-step plan boards should actually read. weekly · governance · ned · board
6 min
2026·05·14
Things I wish boards would actually ask Twelve questions that would tell you more than any maturity score. None of them mention zero-trust. governance · ned · board
7 min
2026·05·11
April 2026, in retrospect The worst single month for cyber attacks on record. 105 publicly disclosed ransomware incidents globally. The UK third by volume. Looking back at it with a week's distance, three patterns matter more than the count. retrospective · ransomware · attribution · governance
7 min
2026·05·09
The week in cyber — 4 to 8 May 2026 The ICO fined South Staffordshire Water nearly £1m, the DSIT cyber newsletter quietly confirmed the regulatory direction of travel, and the Canvas extortion played out on a public timeline. weekly · governance · ned · board
5 min
2026·05·04
The £320 myth: what Cyber Essentials actually costs Cyber Essentials is marketed from £320. For an unprepared 10-person UK business under the new v3.3 Danzell question set, the true first-year cost is £13,000 to £30,000 over 10 to 14 weeks. Here is the breakdown. cyber essentials · small business · ned · board · governance
9 min
2026·05·02
The week in cyber — 27 April to 1 May 2026 A learning platform serving thirty million people was breached, cPanel disclosed a zero-day that had been live in the wild for months, and April closed as the worst month for ransomware on record. weekly · governance · ned · board
5 min
2026·04·25
The week in cyber — 20 to 24 April 2026 NCSC and CISA named the Beijing-based outfit running covert botnets, the UK cyber chief told businesses to brace, and a sitting MP's website was hit with 142 million requests. A busy week. weekly · governance · ned · board
6 min