
In today's episode, experts Stephen and Rich discuss a real Agony Uncles challenge with another of their listeners' questions.I work for a decent-sized retail company. We have a few hundred stores selling all sorts of products. I am fairly senior in the cyber security team, and I'm absolutely petrified by the attacks on M&S, Coop and Harrods. I'm genuinely concerned that we could be next. The thing is, security is the one area where the board have been underinvesting for years, and whilst we have nice shiny shops on the high street, the rest of our operations are held together by duct tape and string. I've been screaming into the void about our lack of tools, processes and manpower on the security front for nearly a year, nothing's improved. Now that we're at dire risk of a cyber attack, how do I tell the business that it's now or never in terms of getting secure?
May 8, 2025
29 min

In today's episode, experts Stephen and Rich discuss a real Agony Uncles challenge with another of their listener's questions.I'm a security analyst with 4 years experience. Prior to that I worked in IT infrastructure for 3 years after years of help desk roles . I'm in my early 30's. Now, I'm not getting any younger and feel the need to move into leadership roles, with a view to climbing the corporate ladder in the next couple of years. I've been keeping an eye on LinkedIn and the job boards, to see what my potential career path may look like. Ultimately, I would like to reach a board level role, maybe a CESO or CIO in the next 10 years or so, but what I'm seeing is that the CESO and CIO roles are few and far between, and CESO roles don't seem to either pay well or be very genuine senior roles. What's going on? How does the role have a C-level job title but then often report to IT, CTO's or CFO's? Is the hierarchy in cyber security broken? Do I have a long-term future in cyber?
Apr 13, 2025
31 min

In this episode of Cyber Security Agony Uncles, Stephen and Rich work through an issue facing one of our listeners. They wrote: "I work as a security engineer for a company that has put out a massive RFP for cybersecurity services. On the surface, it looks like an open competition, and several businesses have been invited to submit proposals. But behind the scenes, the higher-ups have already chosen who’s getting the contract—so much so that the winning vendor actually wrote the RFP themselves, and we even paid them consulting fees to do it. I can’t shake the feeling that the other businesses are wasting their time and resources bidding on something they have no chance of winning. Is it unethical to let them believe they have a shot? Should I find a way to discreetly warn them, or is that just asking for trouble?"Listen in to catch Stephen and Rich offering some guidance on this issue.
Mar 5, 2025
23 min

In this episode, Stephen and Rich discuss the following listeners cyber work issue: "I'm the Head of IT in a reasonably large company in Birmingham. The execs hired a cyber security team last summer and they're making my life miserable! They seem to be the department that always says "no!". I get that we need to be secure, but they're demanding so many changes that we can't get through any of our BAU work. They want us to rip out the tools that took forever to implement and now seem to be set on their own agenda. They're not aware of the change and disruption we went through to get where we are, they're just hell-bent on having things their way. It's making my team miserable and we just seem to be constantly clashing with the cyber team. How can we coexist with them? Things seemed to be so much easier before...."
Feb 10, 2025
31 min

Stephen and Rich dive into listeners' concerns, offering expert guidance and insights into the world of cybersecurity. This week, they're tackling a tough topic: the challenges of becoming unemployed in this industry.
They share tips on how to approach your job search and where to start when looking to re-enter the cybersecurity field.
Jan 21, 2025
23 min

Stephen and Rich dive into listeners' concerns, offering expert guidance and insights into the world of cybersecurity. This week, they're tackling a tough topic: the challenges of becoming unemployed in this industry.
They share tips on how to approach your job search and where to start when looking to re-enter the cybersecurity field.
Jan 8, 2025
31 min

Stephen and Rich answer our viewers' questions. This month...
"I'm Head of Security Operations at a retailer. I'm absolutely shitting myself all the time. I don't have incontinence issues, not literally crapping my pants but basically I can't take the stress. We're bombarded from all directions every day. I have no clue if our defences work. I'm crossing my fingers every day. The SOC are mediocre on a good day, mainly because we're a retailer not GCHQ. I'm constantly being tasked with driving down costs to the point where we're under staffed and I'm loosing sleep thinking what the heck do I do, if and when something happens. I can't sleep. I've aged 50 years in 5 years. I guess I'm not cut out for this job but at the same time I worked hard to get to this point and my wife likes to spend money like you'd not believe. She'd probably leave me if I ditched my job or took a demotion. There isn't really a question here. Other than.."
Question: Who can cope with this? Please don't tell me it's just me.
Nov 5, 2024
31 min

Stephen and Rich answer our viewers' questions. This month...
"I'm responsible for budget at one of your competitors, hush, hush. I'm responsible for allocating security practitioners onto projects for our customers. I'm also a senior securities VCSO myself, so not only am I delivering billable work, I oversee the other FTE consultants and make sure they are doing billable work correctly. So many of them aren't good. The business has hired graduates with absolutely no work ethic and I find it hard to resist parachuting in and doing the work myself to fix the problems they're creating. I'm absolutely exhausted. When I go to the business to discuss this, they make out it's a problem with my leadership style but trying to get work out of these grads is like trying to get blood out of a brick. My I also clarify that customers do not know that these are grads, they think that they are senior security practitioners. I'm the only senior and I feel like I'm the proxy for everyones knowledge."
Question: What do I do?
Oct 1, 2024
26 min

Stephen and Rich answer our viewers' questions. This month...
Question: How can someone with decades of tech industry experience as a software developer, engineering manager, advisor etc., transition into Cyber Security? How can that wealth of experience be applied to a Cyber Security company, to be the most effective and utilised?
Sep 3, 2024
28 min

Agony Aunts Special! Eliza and Rosie answer our viewers' questions. This month...
"I'm the Head of IT for a tech company in the UK and I've been tasked with getting everyone back in the office for 4 to 5 days a week. This is not going to go down well with the team."
Question: How on earth do I manage this situation?
Aug 6, 2024
21 min
Load more
