Asset Register for UK Businesses: What You Need to Track
An asset register is the foundation of Cyber Essentials, ISO 27001 and good security hygiene. Here's what to track and why.
Read post
Cyber Security Policy: What UK Businesses Actually Need
A cyber security policy doesn't need to be 100 pages. Here's what to include for Cyber Essentials, ISO 27001, or general good practice.
Read post
Why Cyber Essentials Is Still the Best First Step for MSPs
A decade on, it remains the most practical starting point for any MSP serious about building a security practice — and the most underused commercial lever available.
Read post
What to Expect from a Penetration Test — and How to Scope One Correctly
A pen test is only as useful as the scope it's given. We walk through the most common scoping mistakes and how to avoid a report nobody acts on.
Read post
The 48 Hours After a Breach: What MSPs Need to Have Ready
Most incidents aren't a technical failure — they're a response failure. A minimal but practical playbook for the decisions you need to have made before the phone rings at 2am.
Read post
Alert Triage Automation for a UK MSP — Under 60 Seconds from Alert to Analyst
How we built an automated enrichment pipeline using Splunk, TheHive and Cortex — cutting alert-to-notification time to under 60 seconds, with a structured 10-task audit trail on every qualifying case.
Read case study
Post-Quantum Cryptography Is Coming: What the Transition Really Costs
NIST's post-quantum signature standards are 52–267× larger than Ed25519. Benchmarked at 4.3M transactions/day, the bandwidth cost difference between Ed25519 and ML-DSA-65 is over £450 per year — and that's before compute.
Read post
Six Security Headers Every Web Application Needs — and How to Check Yours
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, secure cookies, server header suppression. Six headers. Six classes of attack mitigated. Most applications are missing at least three of them.
Read post
Key Management for MSPs: A Practical Approach to the Full Lifecycle
From Azure Key Vault to automated expiry alerts in Hudu — a practical framework for managing cryptographic keys across the full lifecycle, built from real MSP experience.
Read post
What a Vulnerability Risk Assessment Actually Looks Like
A worked example following NIST SP 800-30: Apache 2.4.57 on a production server, four CVEs including a Critical SSRF, and a prioritised remediation plan grounded in real context — not just CVSS scores.
Read post