$ ls writing/ -lt
writing.
Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.
Total · 114 pieces
Latest · 2026·07·04 Page · 4 / 5 Locale · en_GB
License · CC BY 4.0
$ grep -l tag:* | sort | uniq
2024·07·09
Your network: Wi-Fi, routers, and home workers Your router is your only firewall. Here is how to configure it properly, secure your Wi-Fi, set up a guest network, and look after the staff who work from coffee shops and kitchen tables. small business · cyber essentials · plain english · series
6 min
2024·07·02
Open-source models and the on-prem option Post 5 of the AI series. Llama 3, Mistral, Mixtral. The serious open-source LLM era arrived in 2024. What it means for security teams who do not want to send data to a hyperscaler, and how the on-prem path reads against EmilyAI's single-tin posture. ai · soc · open-source · llm · series
7 min
2024·06·11
Patching: the unglamorous lifesaver Why software updates matter, what actually needs updating, and how to make patching manageable for a small business without dedicated IT staff. The vegetables of cyber security. small business · cyber essentials · plain english · series
5 min
2024·05·28
The hexagonal lesson: vendor agnosticism as structure Post 4 of the AI series. Most security AI products are anchored to one vendor's platform. EmilyAI was built in 2018 with a hexagonal architecture that decouples the analyst from the SIEM matrix. Six years on, the choice is paying back in a way I did not anticipate. ai · soc · architecture · series
7 min
2024·05·21
Clean devices and selective sync Part 14 of 18, second of three travel posts. The clean travel laptop and phone, what to put on them, what to leave at home, and how to remain effective without exposing the whole work footprint. privacy · travel · ned · series
7 min
2024·05·14
Email is the front door: spotting phishing and stopping BEC Over 90% of breaches begin with email. How to spot phishing, build a reporting culture, configure SPF/DKIM/DMARC, and prevent the single most expensive small business fraud: business email compromise. small business · cyber essentials · plain english · series
7 min
2024·04·23
International travel and jurisdictional risk Part 13 of 18, first of three travel posts. What actually changes when you cross a border — customs powers over devices, foreign-state interest, the practical implications of which countries you are visiting. Without the paranoid framing. privacy · travel · ned · series
8 min
2024·04·16
Locking the front door: passwords and access Password managers, multi-factor authentication, the principle of least privilege, and the leaver checklist. The single highest-value hour you will spend on cyber security all year. small business · cyber essentials · plain english · series
7 min
2024·04·09
The Copilot-for-security wave: what they actually do Post 3 of the AI series. Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple, Google Sec-PaLM — the wave of LLM-powered security assistants. What they actually do well, what they do less well, and how the framing reads against EmilyAI. ai · soc · copilot · vendor · series
8 min
2024·03·19
Operation Cronos: what disruption actually achieves A month on from the NCA-led takedown of LockBit's infrastructure, the affiliate group is already back online and claiming new victims. What Operation Cronos achieved is real and worth defending — but it is not the dismantlement the headlines suggested. ransomware · law enforcement · craft
7 min
2024·03·12
What a cyber attack actually costs a small business The financial number is the smallest part. Operational disruption, reputational damage, and regulatory consequences are the costs that compound. Plus the positive case for getting this right. small business · cyber essentials · plain english · series
5 min
2024·02·27
Deterministic inference: the property the market is losing Post 2 of the AI series. Same input, same output, every time. A property that used to be table stakes in production systems and that LLM-based security tooling has quietly let go of. Why it matters and how EmilyAI is built to preserve it. ai · soc · determinism · series
7 min
2024·02·20
Board portals and document handling Part 12 of 18. Diligent, BoardEffect, Nasdaq Boards, the email-attachment habit, and the moments in board-paper handling when sensitive material is most likely to leak. The practical posture for non-executive directors. privacy · work · ned · board-portal · series
7 min
2024·02·13
Know your enemy: the threats small businesses actually face Phishing, ransomware, social engineering, malware, credential stuffing, insider mistakes, denial of service. The actual menu of threats facing UK small businesses — in plain English, without the drama. small business · cyber essentials · plain english · series
7 min
2024·01·16
Cyber security for the small business: where to start An honest start to a year-long series. What cyber security actually is, why small businesses are targeted, and the five things every small business has that attackers want. small business · cyber essentials · plain english · series
6 min
2024·01·09
AI in cyber: the long view from 2018 Start of a six-weekly series tracking how AI in cyber security is developing through 2024 and beyond — and how each development reads against EmilyAI, the SOC analyst I have been running in production at Hedgehog since 2018. ai · soc · series · emilyai
6 min
2023·12·12
Assistants, drivers, and household staff Part 11 of 18. The people around a senior board director are, for practical purposes, part of the security boundary. The standing rules that protect everyone — the executive, the staff, the relationship — without becoming surveillance. privacy · work · ned · staff · series
7 min
2023·11·30
The CISO in the dock The SEC's charges against Tim Brown over the SolarWinds disclosures, alongside Joe Sullivan's conviction over Uber a year ago, signal a regime change in personal accountability for security leaders. What it means for UK CISOs and the boards that employ them. ciso · governance · regulation · ned
7 min
2023·11·14
23andMe, and the data with the longest half-life Last month 23andMe disclosed that attackers used credential stuffing against accounts opted in to relative-matching to scrape data on roughly 6.9 million people. The board lesson is about which data has the longest half-life — and it is not what most firms think. privacy · breach · governance · ned
6 min
2023·10·17
The board director's public exposure Part 10 of 18. Companies House, LinkedIn, conference speaker lists, the corporate website. The footprint your board role creates whether you want it or not, and the small set of choices that determine how much it reveals. privacy · work · ned · series
7 min
2023·09·12
Financial and identity hygiene at home Part 9 of 18. Credit freezes, the paper post, joint advisors, mortgage and bank communications, the family-office channel. The unglamorous half of personal privacy that, when neglected, costs the most. privacy · home · financial · identity · series
8 min
2023·08·15
Photo backup, family chat groups, and the extended family Part 8 of 18. iCloud, Google Photos, WhatsApp family chats, grandparents on Facebook. The household network you actually live in is wider than the four walls of the house. What to do about it without becoming the family killjoy. privacy · home · series · family
7 min
2023·07·11
Gaming, voice chat, and the communities that look least like social media Part 7 of 18, fourth of five children-focused posts. Roblox, Fortnite, Minecraft, Discord. The environments where British children spend more time than they spend on social media, what the risks actually look like, and what to do. privacy · children · gaming · series
8 min
2023·06·13
Children, social media, and the parent's reasonable role Part 6 of 18, third of five children-focused posts. The conversation about social media most parents avoid, written for the board-director parent who wants to be present without being absurd. privacy · children · social media · series
8 min
2023·05·16
School accounts and edtech: the parent's reasonable role Part 5 of 18, second of five children-focused posts. Schools collect a remarkable amount of data on children. Some of it is necessary; some of it is not. What a board-director parent should ask, and what they are entitled to. privacy · children · school · edtech · series
8 min