peter bassill · operator
$ ls writing/ -lt

writing.

Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.

Total · 95 pieces Latest · 2026·05·23 Page · 2 / 4 Locale · en_GB License · CC BY 4.0
$ grep -l tag:* | sort | uniq
agent 1 agentic 2 ai 24 annual review 1 architecture 2 attribution 2 board 10 board-portal 1 breach 1 case-study 1 children 5 ciso 1 closing 2 cni 5 concentration 1 copilot 1 craft 16 crest 2 csr-bill 1 cyber essentials 13 cyberdeck 6 deepfake 1 deployment 1 determinism 1 edtech 1 emilyai 2 enforcement 1 family 1 financial 1 gaming 1 governance 28 hardening 2 healthcare 2 hedgehog 1 home 4 honesty 1 ico 2 identity 1 incident 2 incident response 2 iot 1 ir 1 law enforcement 1 leadership 3 learning 1 llm 1 mfa 1 ned 31 open-source 1 operational 1 operator 3 patching 1 pen testing 1 plain english 12 privacy 24 provenance 1 ransomware 6 reasoning 1 reflection 2 regulation 6 regulatory 1 resilience 2 retail 1 retrospective 5 scattered-spider 1 school 1 series 51 small business 13 soc 17 social engineering 1 social media 1 sovereignty 5 spyware 1 ssh 1 staff 1 standards 2 state-aligned 1 subtraction 1 supply chain 4 supply-chain 2 synthesis 1 technical 1 third-party 1 threat-model 1 travel 3 ukcd 1 vendor 1 vulnerability 1 weekly 5 work 3 all tags → series →
2025·12·29 The year 2025 was actually about An end-of-year reflection on what 2025 turned out to be, what the noise mostly was, and what the genuinely consequential shifts were for UK cyber security at board level. annual review · governance · ned · board 8 min 2025·12·20 Where I trusted, where I didn't Post three of six on the Covert Cyber Deck. The supply chain decisions behind the build — why I chose the parts I chose, why I rejected several I considered, and why I ended up drawing the carrier PCB myself rather than buying one. cyberdeck · supply-chain · craft · sovereignty 7 min 2025·12·09 Year in cyber AI 2025: the agentic year that mostly was not Post 17 of the AI series. The 2025 retrospective. Operator agents arrived but mostly in pilot, the determinism property went mainstream in procurement, the regulators caught up, and constrained agency became the named shape. The honest read going into 2026. ai · retrospective · soc · series 8 min 2025·11·22 The threat model, written down Post two of six on the Covert Cyber Deck. The threat model I have spent the last month writing down — what I am protecting against, what I am not, and why putting it in plain English changed the rest of the build. cyberdeck · threat-model · privacy · sovereignty 6 min 2025·11·17 What the merger was actually for Hedgehog Security and UK Cyber Defence merged this month. Here is the thinking the announcement did not contain — what we were trying to fix, and what kind of firm we are now trying to be. leadership · ukcd · hedgehog · craft 7 min 2025·10·28 Frontier AI in CNI: the regulators are paying attention Post 16 of the AI series. The autumn joint statements from the BoE, FCA and HM Treasury on frontier AI and operational resilience signal where financial-services regulators have arrived. The implications for AI in cyber security are sharper than the public conversation suggests. ai · regulation · cni · series 7 min 2025·10·18 Building a machine I can fully describe First in a six-post series on the Covert Cyber Deck — a portable slate I am building around a Pi CM5, two SDRs, a custom carrier PCB, and a hardened Ubuntu. The argument is not the hardware. It is what designing it forces you to think about. cyberdeck · privacy · sovereignty · craft 6 min 2025·09·27 The line the ICO is now drawing Capita £14m. Advanced Computer Software £3.07m. Neither fine was for the breach. Both were for the controls that preceded it. The ICO has redrawn what "adequate security" means in evidence — and most boards have not noticed. ico · enforcement · governance · regulatory 6 min 2025·09·23 The single-tin posture: why we still ship on a Dell Post 15 of the AI series. A single Dell PowerEdge R760, racked at the customer site, running the whole platform — analyst, inference, persistence, audit. The deployment shape the hyperscaler default would have us abandon, and why we have not. ai · soc · deployment · series 7 min 2025·09·15 What pen testing now actually buys you AI-assisted offensive tooling, cloud-native estates, supply-chain shaped scope — what pen testing in 2025 actually looks like, and what boards are still mis-reading in the deliverable. pen testing · craft · governance · ned 7 min 2025·08·23 The incidents that do not make the papers What three years on the CREST Incident Response Pan-Europe board has taught me about the work the headlines never cover, and the kind of firm a customer should actually want to be on the end of the phone with. crest · incident response · craft · standards 6 min 2025·08·22 Carrying the pager: a list, not a manifesto Things you can only learn by being woken up by them. Plain language. No revelations promised. ir · operator · craft 5 min 2025·08·09 From prepositioning to action Iran has shifted its UK-facing cyber activity from quiet infrastructure presence to operational disruption. The NCSC's August advisory on Salt Typhoon names three Chinese firms. The trajectory of 2025 is no longer ambiguous. state-aligned · attribution · governance · cni 5 min 2025·08·05 Determinism and regulatory defensibility, eighteen months later Post 14 of the AI series. The bit-identical-inference property I wrote about in 2024 is showing up in regulatory drafting. What the Cyber Security and Resilience Bill drafting work suggests about how regulators are going to evaluate AI-driven security decisions. ai · regulation · soc · series 7 min 2025·07·26 Carrying the pager, revisited A reflection on a year of mature incident-response practice — what carrying the on-call pager has taught me about the shape of leadership, the cost of not training your successor, and what the work actually looks like at three in the morning. incident response · craft · leadership 6 min 2025·07·08 The thing an accreditation cannot do I have sat on the CREST European Council since 2022. This is what the work has taught me about what accreditation can and cannot do, and why I think the next chapter is harder than the last. crest · governance · craft · standards 6 min 2025·06·29 Synnovis, a year on One year after the Qilin ransomware attack on Synnovis took NHS pathology services in south-east London offline, what did we actually learn — and what is still unfixed? case-study · healthcare · ransomware · ned 7 min 2025·06·24 Agents in production, eighteen months on Post 13 of the AI series. The agent demos at RSA and Black Hat have got slicker. The agent in production cyber operations has, mostly, not arrived. The honest 18-month read on a category whose marketing has run ahead of its engineering. ai · agentic · soc · series 7 min 2025·06·14 What the retail wave actually cost M&S resumed online orders this week after 46 days offline. Co-op is counting £206m. Harrods got off relatively lightly. Three compromises, one actor, one Easter weekend — and a lesson UK retail boards are still digesting. retail · ransomware · scattered-spider · governance 6 min 2025·05·13 Cross-tenant intelligence: the privacy architecture problem Post 12 of the AI series. The architecture that turns one customer's experience into another's protection — without exposing either to the other. The privacy engineering problem nobody in the LLM space is talking about, and EmilyAI's seven principles. ai · soc · privacy · architecture · series 8 min 2025·04·01 Continuous learning at scale Post 11 of the AI series. EmilyAI has been learning from analyst feedback for six years. The LLM-as-frozen-artefact shape gets the operational properties of *the model that improves over time* structurally wrong. What that means in practice. ai · soc · learning · series 7 min 2025·02·18 Computer Use and the operator question Post 10 of the AI series. Anthropic's Computer Use, OpenAI's Operator, Google's Project Astra. The category where AI literally moves the mouse. What this shape changes for cyber operations — and how it reads against EmilyAI's tighter action vocabulary. ai · agent · operator · series 8 min 2025·01·07 Year in cyber AI 2024: what was real, what was not Post 9 of the AI series. The 2024 retrospective. Six security copilots shipped; one major outage reshaped the resilience conversation; reasoning models arrived; agents mostly did not. The honest read going into 2025. ai · retrospective · soc · series 8 min 2024·12·10 The law, the insurance, the incident plan, and the culture that holds it all together Year-end consolidation. Your UK GDPR obligations, cyber insurance, the one-page incident response plan you need, and how to build a security culture that lasts beyond this series. small business · cyber essentials · plain english · series 9 min 2024·11·26 Agentic AI, year one: the demo vs the deployment Post 8 of the AI series. AI agents in cyber operations have been demoed everywhere this year. The agent that actually ships looks different from the demo. The honest read after twelve months — and the shape of agent EmilyAI already is, not by accident. ai · agentic · soc · series 8 min

back to home  ·  subscribe by email  ·  rss