People think physical security testing is all action-movie moments… in reality it’s usually just me, hiding in some bushes on a site recce.

I’m halfway through Build by Tony Fadell (who led the teams behind the iPod, iPhone, and Nest) and it’s easily one of the most practical books I’ve read on leadership and building products (whence why I’m posting about it!). One lesson that really stuck with me is that feedback isn’t about being nice or harsh, it’s about being clear. I’ll admit, I’ve definitely softened feedback in the past to avoid awkwardness. But as Fadell points out, unclear or sugar-coated feedback doesn’t actually help anyone. If people don’t know what’s really expected, they can’t grow. That’s something I’m working on. Being clear without being unkind. Clarity + context > comfort. If you work in tech, management, or leadership, I’d really recommend this book. It’s packed with lessons that apply far, far beyond product development.

Cyber security often gets painted as purely a “tech” problem. But the truth is, if someone can just walk into your office/house and either steal your stuff or plug in a device… all the fancy tools in the world won’t save you. I’ve seen plenty of cases where the weak point wasn’t a firewall or an endpoint. It was an unlocked server room, an unattended laptop, or even just a friendly colleague holding the door open. Physical security isn’t glamorous by any means, but it’s the foundation everything else sits on.

I think this Core vs Knots debate is good for Bitcoin (in the long run). If this was a centralised monetary system you’d just have to fall in line with whatever rules you were told to follow. This has highlighted that no matter what side you fall on, people will always have the freedom to run whatever nodes and filters that they seem fit. And if people turn on both Core AND Knots in future then other node clients will likely be created, further decentralising the network.

People regularly ask me “What’s the most common way you actually hack into businesses?” They look at me with bated breath, expecting some mind-blowing story about zero-days or Hollywood-style exploits. Instead, I bitterly disappoint them by being honest and telling them that 9.9 times out of 10, I get in due to ‘Password1’ or plain human error. Not very glamorous. But very real. One thing I’ve learnt is that security fundamentals are nowhere near as exciting as EDR, SD-WAN or AI. But they’re almost always the difference between me getting in and keeping me out.

I get the same DM all the time: “What certifications do I need to land a job in cyber security?” When I first started out, I thought the answer was simple: stack up certs. I went into a pen test interview with all the right ones… and completely bombed it. Why? Because I couldn’t explain basic network security fundamentals. I walked out thinking, “But I had XYZ certs - wasn’t that enough?” It was not. What actually helped me break in wasn’t another course. It was going back to basics, Googling what I didn’t know, and proving I had the curiosity and drive to keep learning. Here’s what I’ve learned since: - You don’t need a degree or a pile of expensive qualifications to get into cyber. - Most of what you need is out there for free. - Fundamentals + hands-on practice (HTB, TryHackMe, GitHub, etc.) matter way more than a cert you got 5 years ago. Sure, certs can help tick a box for hiring managers. But the people you’ll actually work with? They mostly just care if you know your stuff and keep pushing yourself to get better.

One month into my new Head of Penetration Testing role, and the learning curve has already been steep (in a good way). Lessons learned: - Change works best in stages, not all at once. - I can’t (and shouldn’t) do everything. - Delegation isn’t optional - it’s essential. Wins so far: - We’ve delivered some awesome pen tests. - Focused on high-value, bespoke testing tailored to each client rather than rigid, one-size-fits-all methodologies. - Expanded our team’s experience and capabilities across more technologies. Plenty more to learn but I’ll get there!