peter bassill · operator
$ ls writing/ -lt

writing.

Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.

Total · 95 pieces Latest · 2026·05·23 Page · 4 / 4 Locale · en_GB License · CC BY 4.0
$ grep -l tag:* | sort | uniq
agent 1 agentic 2 ai 24 annual review 1 architecture 2 attribution 2 board 10 board-portal 1 breach 1 case-study 1 children 5 ciso 1 closing 2 cni 5 concentration 1 copilot 1 craft 16 crest 2 csr-bill 1 cyber essentials 13 cyberdeck 6 deepfake 1 deployment 1 determinism 1 edtech 1 emilyai 2 enforcement 1 family 1 financial 1 gaming 1 governance 28 hardening 2 healthcare 2 hedgehog 1 home 4 honesty 1 ico 2 identity 1 incident 2 incident response 2 iot 1 ir 1 law enforcement 1 leadership 3 learning 1 llm 1 mfa 1 ned 31 open-source 1 operational 1 operator 3 patching 1 pen testing 1 plain english 12 privacy 24 provenance 1 ransomware 6 reasoning 1 reflection 2 regulation 6 regulatory 1 resilience 2 retail 1 retrospective 5 scattered-spider 1 school 1 series 51 small business 13 soc 17 social engineering 1 social media 1 sovereignty 5 spyware 1 ssh 1 staff 1 standards 2 state-aligned 1 subtraction 1 supply chain 4 supply-chain 2 synthesis 1 technical 1 third-party 1 threat-model 1 travel 3 ukcd 1 vendor 1 vulnerability 1 weekly 5 work 3 all tags → series →
2024·01·16 Cyber security for the small business: where to start An honest start to a year-long series. What cyber security actually is, why small businesses are targeted, and the five things every small business has that attackers want. small business · cyber essentials · plain english · series 6 min 2024·01·09 AI in cyber: the long view from 2018 Start of a six-weekly series tracking how AI in cyber security is developing through 2024 and beyond — and how each development reads against EmilyAI, the SOC analyst I have been running in production at Hedgehog since 2018. ai · soc · series · emilyai 6 min 2023·12·12 Assistants, drivers, and household staff Part 11 of 18. The people around a senior board director are, for practical purposes, part of the security boundary. The standing rules that protect everyone — the executive, the staff, the relationship — without becoming surveillance. privacy · work · ned · staff · series 7 min 2023·11·30 The CISO in the dock The SEC's charges against Tim Brown over the SolarWinds disclosures, alongside Joe Sullivan's conviction over Uber a year ago, signal a regime change in personal accountability for security leaders. What it means for UK CISOs and the boards that employ them. ciso · governance · regulation · ned 7 min 2023·11·14 23andMe, and the data with the longest half-life Last month 23andMe disclosed that attackers used credential stuffing against accounts opted in to relative-matching to scrape data on roughly 6.9 million people. The board lesson is about which data has the longest half-life — and it is not what most firms think. privacy · breach · governance · ned 6 min 2023·10·17 The board director's public exposure Part 10 of 18. Companies House, LinkedIn, conference speaker lists, the corporate website. The footprint your board role creates whether you want it or not, and the small set of choices that determine how much it reveals. privacy · work · ned · series 7 min 2023·09·12 Financial and identity hygiene at home Part 9 of 18. Credit freezes, the paper post, joint advisors, mortgage and bank communications, the family-office channel. The unglamorous half of personal privacy that, when neglected, costs the most. privacy · home · financial · identity · series 8 min 2023·08·15 Photo backup, family chat groups, and the extended family Part 8 of 18. iCloud, Google Photos, WhatsApp family chats, grandparents on Facebook. The household network you actually live in is wider than the four walls of the house. What to do about it without becoming the family killjoy. privacy · home · series · family 7 min 2023·07·11 Gaming, voice chat, and the communities that look least like social media Part 7 of 18, fourth of five children-focused posts. Roblox, Fortnite, Minecraft, Discord. The environments where British children spend more time than they spend on social media, what the risks actually look like, and what to do. privacy · children · gaming · series 8 min 2023·06·13 Children, social media, and the parent's reasonable role Part 6 of 18, third of five children-focused posts. The conversation about social media most parents avoid, written for the board-director parent who wants to be present without being absurd. privacy · children · social media · series 8 min 2023·05·16 School accounts and edtech: the parent's reasonable role Part 5 of 18, second of five children-focused posts. Schools collect a remarkable amount of data on children. Some of it is necessary; some of it is not. What a board-director parent should ask, and what they are entitled to. privacy · children · school · edtech · series 8 min 2023·04·18 The digital footprint we create for our children before they can speak Part 4 of 18, first of the children-focused posts. The photos, the school records, the birthday Facebook posts, the WhatsApp groups, the smart toys. What we lay down for our children, before they have any say. privacy · children · series · ned 8 min 2023·03·21 The smart-home dilemma Part 3 of 18. Alexa, Ring, the smart thermostat, the smart TV, the connected fridge. The devices you have invited into your kitchen and what they are actually doing while you sleep. privacy · home · iot · series 7 min 2023·02·28 The home network you live on Part 2 of 18. Your home Wi-Fi router is the only thing between everything connected in your house and the rest of the internet. What boards should ask their household to look at this weekend. privacy · home · series · ned 7 min 2023·02·07 Digital privacy for board directors: the eighteen-post version An honest start to a long series. What digital privacy actually means for a board director in 2023, why the home / travel / work boundary is the right framing even though it leaks, and why children deserve four of the eighteen posts. privacy · ned · board · series 6 min 2022·04·26 What the teenagers taught the Fortune 500 LAPSUS$ compromised Microsoft, Okta, Nvidia, Samsung, Vodafone, and several others in a few months. They were teenagers using social engineering and MFA fatigue. The lesson, awkwardly, is that the dominant compromise vector in 2022 is social, not technical. incident · social engineering · mfa · governance 8 min 2022·01·12 Log4Shell, and the inventory question we cannot keep ducking A month on from CVE-2021-44228, the headline-grabbing exploits have slowed but the underlying problem has not. The discomfort of the past month was not really about Log4j. It was about how few firms could answer the question 'where is it running?' vulnerability · supply chain · governance · craft 7 min 2021·08·17 Pegasus, and the question for UK boards we have been pretending not to face The Pegasus Project disclosures last month confirmed what specialists have privately known for years: commercial spyware is a mature, well-funded industry, and its customer list includes governments most UK firms do business with. The board question is what to do about it. spyware · privacy · ned · governance 7 min 2021·06·10 Colonial Pipeline: the CNI lesson the UK should not need to learn the hard way Five weeks after the DarkSide ransomware attack on Colonial Pipeline shut down 45% of US East Coast fuel supply, what UK critical national infrastructure boards should be doing about it. cni · ransomware · governance · ned 7 min 2021·04·06 Hafnium and the patch-window asymmetry Five weeks after the Microsoft Exchange ProxyLogon disclosure, the dust is settling on what may turn out to be the most consequential mass-exploitation event of the decade. What it teaches us is structural, not tactical. incident · patching · craft · ned 7 min

back to home  ·  subscribe by email  ·  rss