๐Ÿ—ณ๏ธ Vote for us on PodRadar Security Theatre Exposed โ€” Passkeys, the CISA Leak & Your Cyber Insurance Vote now โ†’

About

The Small Business Cybersecurity Guy

Straight-talking security advice for UK businesses that can't afford to get it wrong.

Who is this?

I'm Noel Bradford โ€” CIO, CISO, and the person who ends up in the room when something has gone badly wrong. Four decades of enterprise experience, from managing security operations at Disney, BBC, and Intel to serving as CIO/CISO of a cryptocurrency exchange. I've seen the threats that never make the vendor white papers and cleaned up breaches that were entirely avoidable.

This blog exists because the cybersecurity advice available to UK small businesses is, largely, terrible. It's either vendor marketing dressed up as guidance, or enterprise-grade recommendations that assume a budget and a team that simply don't exist. Someone needs to say what's actually useful and what's expensive theatre.

That's what this is.

What you'll find here

Over 320 articles covering the threats, failures, and practical fixes that matter to UK small and medium-sized businesses. No affiliate links. No sponsored content. No "consult your vendor" hand-waving. Just direct, experience-backed guidance written for business owners and IT managers who have real problems to solve and limited time to solve them.

Topics covered include:

  • Threat intelligence โ€” the actual attacks hitting UK SMBs, not theoretical scenarios
  • Compliance reality โ€” Cyber Essentials, GDPR, and what they actually mean in practice
  • Incident response โ€” what to do when (not if) something goes wrong
  • MSP and vendor accountability โ€” how to spot bad advice and worse contracts
  • Budget-conscious security โ€” what to prioritise when you can't afford everything

The podcast

The Small Business Cybersecurity Guy podcast covers what doesn't make it into the blog โ€” or covers it with considerably less filtering. Co-hosted with Mauven Macleod, a former Government Cyber analyst with deep expertise in the UK threat landscape.

120,000+ downloads. Top 20 Apple Management chart. New episodes every Monday at noon GMT. Available on Spotify, Apple Podcasts, Amazon Music, Podbean, and YouTube.

Browse all episodes →

A note on tone

This blog is direct. It uses strong language when the situation warrants it โ€” which, given the state of UK SMB cybersecurity, is frequently. It calls out bad practices by name, including from named vendors and providers. If you're looking for a blog that says "it depends" and "consult a professional," this isn't it.

Everything here is based on real incidents, real failures, and real fixes. If you disagree with something, bring a counterargument. Bring evidence. That kind of pushback is welcome. Vendor assurances and appeals to authority are not.

Get in touch

Reader questions, topic requests, and war stories all inform future posts and episodes. If you've got something that needs saying โ€” or asking โ€” use the contact page.