The Small Business

Cyber Security Guy

Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.

What you’ll get here (and on the podcast):

Straight-talking advice for small businesses that want to stay secure
Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense
The occasional rant — and yes, the occasional expletive
War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast is where I unpack it all. Pull up a chair.

Man wearing glasses and a light gray sweater, smiling

News Desk 01/10/2025 News Desk 01/10/2025

Windows 11 25H2: Microsoft's Security Update You're Probably Ignoring (And Why That's Bloody Stupid)

Windows 11 25H2 landed on 30 September 2025, and you're probably ignoring it because "it's just another update." Wrong. This is Microsoft finally removing the attack surfaces ransomware gangs have been exploiting for years. PowerShell 2.0? Gone. WMIC? Gone. Both are documented malware vectors that criminals use to bypass your security. The update weighs 200KB for existing 24H2 systems. One restart. Done. Enterprise editions get 36 months of support. But you're still on 23H2, aren't you? Your support clock is ticking faster than you think. Deploy this or explain to the ICO why you didn't.

Noel Bradford 27/09/2025 Noel Bradford 27/09/2025

Building Sustainable IT Support: Beyond the Single Dave Model

You don't need to choose between Dave and professional IT support. The best approach? Dave becomes your strategic IT leader while specialist MSPs handle the complex stuff Dave shouldn't have to figure out alone.

Noel Bradford 26/09/2025 Noel Bradford 26/09/2025

Documentation: Getting Critical Knowledge Out of Dave's Head Before It's Too Late

Dave's the only one who knows the admin passwords. Dave's the only one who understands the custom configurations.

Dave's the only one who knows which cables do what. When Dave goes, that knowledge disappears. Forever.

Noel Bradford 25/09/2025 Noel Bradford 25/09/2025

Warning Signs Your IT Manager is Drowning (And You're Ignoring Them)

Dave's first in, last out every day. Dave hasn't taken a proper lunch break in months. Dave gets defensive when you ask about the systems. Sound familiar?

Your IT manager is drowning, and you've been pretending not to notice

Mauven MacLeod 24/09/2025 Mauven MacLeod 24/09/2025

Analyzing the Patterns: When Single IT Manager Models Fail Spectacularly

Let's examine the data: 30 years of single IT manager failures. The patterns are consistent, the outcomes predictable, and the business impact devastating. Here's what happens when your "Dave from IT" model reaches its inevitable breaking point.

Noel Bradford 23/09/2025 Noel Bradford 23/09/2025

The Financial Madness: Expecting £400k Worth of Expertise for £50k

You want a network admin, security expert, help desk manager, systems architect, IT consultant, cloud specialist, compliance officer, and data protection expert. For £50k. Are you having a laugh? Here's what you're actually asking for.

Noel Bradford 22/09/2025 Noel Bradford 22/09/2025

Why "Dave from IT" is Your Business's Biggest Security Risk in 2025

It's Monday morning. Your server's having a wobble. Your email's down. Half your team can't access the customer database. And where's Dave? Probably fixing Janet's printer. Again. Welcome to the single point of failure that's about to snap and take your business with it.

Noel Bradford 10/06/2025 Noel Bradford 10/06/2025

ISO27001 vs Cyber Essentials: Real Defence vs Checkbox Theatre

Another UK SMB just spent £40,000 on ISO27001 certification. Three months later: ransomware. The compliance industry has convinced every 15-person company they need enterprise-grade paperwork to survive. Bollocks. While you're documenting your password policy in 47 formats, criminals are walking through the digital front door you forgot to lock. Today's deep-dive exposes the real cost of compliance theatre vs actual security. Spoiler: Cyber Essentials might actually protect you, ISO27001 will definitely bankrupt you

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

My employer
Any current or past clients, suppliers, or partners
Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.