News and comment <

Travel advice

2026/01/14 - News round up.
Things have been a bit busy since the turn of the year preparing for some excellent news that will be announced shortly. As a consequence, we missed some really important news items:-

• The UK Government has exempted itself from the new Cyber Security and Resilience Bill. When those in authority say "do as I say, not as I do", you are on a very slippery slope to losing all accountability.
• And the UK Government has fragmented it's approach to IA again - with added AI. What role does the Government Cyber Unit have over GCHQ, NCSC, various factions within the Home Office and Cabinet Office, various devolved administration functions and a whole raft of arms-length organisations? This will end up as a land grab for power, but ultimately confusion over responsibility. No. Just no.
• Forty years ago, the Hacker's Manifesto was written. Is this a note of things to come?
• In some good news, the Government has made their thirteenth or fourteenth U-Turn and announced that the non-manifesto, optional, but mandatory for employment, Digital ID has been canned.

2026/01/01 - Happy new year.
As mentioned previously, the first of January, has brought a significant change to the website. Undoubtedly, the referencing of things in the past-tense and the notice of not accepting work or referrals will bring about a lot of questions:-

Firstly: BladeSec IA still exists - and will do at least for a little while yet. All existing contracts will be honoured and delivered in the relentless and passionate way that we do things.

Secondly: No, we are not accepting any new work. Sorry. It doesn't matter who sent you here, what assurance issues you have. We are no longer the security consultancy of last resort for you.

Third: Other than Suilly, the security card shed dog, who had an operation to stabilise his knee back in October, we are all in excellent physical health - especially given the time of the year.

Finally: All good things come to an end, and it is the turn of BladeSec IA to fade to black. The Principles that we lived and died on are no more. Whilst it does break my heart, we did make it to our fourteenth year. I recognise now those values we judged ourselves on are simply lost. It has been a hell of a journey, but fundamentally I am out of fight and the situation has been compounded by circumstances.

The industry is crying out for new IA professionals, with numerous industry journals highlighting massive skills shortages. The government is seemingly prioritising the creation of a "cyber industry" (not to mention an AI one!) at the expense of developing those of us that have been round the loop before. We have endless experience, but it doesn't matter. Better to do assurance by "one-size-fits-all" (Cyber Essentials) or spreadsheet (the Cyber Assurance Framework and it's variations). Create guidance that "security practitioners" can deliver with little or no experience, and there is no doubt that it's being dumbed down.

In the face of increased threat the current situation makes no sense to me and as I said, I am all out of fight. There are only so many times you can kick a dog before he stops coming back and I have been kicked black and blue this last 12 months.

I don't do the cult of the celebrity. I am not good at self promotion and saying, "Look at me". Over thirty years, I have led by example, with my actions showing my integrity, fairness and honesty. I have not talked about many things, because I couldn't and that won't change.

In the coming months, there will be some things that we need to sort out - not least of which, what gets done with Travel advice. And we know how popular some of the news and comment has become, so we'll leave that up for the time being, with the proviso that they represent solely my personal views unless otherwise specifically stated.

All that remains to be said, is "happy new year" to you and yours and watch this space. It's going to be an awfully big adventure for me and mine.