The Haunted Lighthouse Limited has achieved Cyber Essentials certification (whole organisation scope).

Assessed under the IASME scheme, aligned with the UK National Cyber Security Centre baseline controls. Sensible fundamentals: patch management, MFA, least privilege, secure configuration, and disciplined backup practices.

Not glamorous, just solid security hygiene.

The lighthouse is officially audited.

#CyberEssentials #IASME #NCSC #CyberSecurity #InfoSec #SmallBusiness #PrivacyFirst

Providing some helpful and constructive feedback on the UK's Cyber Essentials scheme, a set of controls to ensure organisation have a base level of IT security.

That's right kids, full disk encryption for laptops in not considered a bare minimum of #infosec for #CyberEssentials.

To all my UK infosec fedi-friends, I've been thinking of upgrading my company's Cyber Essentials certification to the Plus version.

The auditing company I reached out to would be expecting us to install a proprietary end-point monitoring application, which I'm really not keen to do.

Anyone knows of a company that would carry out the auditing in any different way, e.g. via an open source app?

#uk #infosec #CyberEssentials

I've been enquiring about upgrading my company's #CyberEssentials certification to CE Plus, which would involve undergoing an actual audit by a third-party organisation. The auditing company I spoke to said I would need to install a proprietary endpoint detection thingy (from Qualys...?), which I would be extremely reluctant to do. I wonder if I could use an open-source alternative instead, perhaps one of the Greenbone open-source products...

#InfoSec #CyberSecurity

@BergerodeCyber are at the Lancaster District Business Support Expo 2025 hosted at the Platform in Morecambe via Lancaster City Council & Lancaster and Morecambe District Chamber of Commerce

Come & see us & our new banners & get some free swag

#CyberEssentials
#CyberEssentialsPlus

Healthcare practices are under cyber siege.

Ransomware, phishing, stolen records… and all while trying to run a clinic, not a data centre.

The reality? Patient records are gold to attackers. But most GP surgeries, dental clinics, and therapists don’t have enterprise IT teams or endless budgets.

✅ MFA
✅ Backups
✅ Staff training
✅ A risk-based plan
✅ A bit of guidance from someone who gets it

You can do cybersecurity without breaking the bank – and without losing focus on care.

Need help getting there? I speak fluent “healthcare on a budget.” Let’s talk 👽

https://paulreynolds.uk/cybersecurity-for-healthcare-providers/

#CyberSecurity #HealthcareIT #DSPToolkit #GPPractices #CyberEssentials #RiskManagement #YDC #PatientData #SmallBusinessSecurity

NIS2: It’s not just an EU thing.

A quiet shift in cybersecurity regulation is about to make noise – and UK businesses need to pay attention.

NIS2 massively expands the original NIS Directive. More sectors. More requirements. More pressure on leadership to actually care about cyber risk.

If your business touches the EU (or works with suppliers who do), it could be in scope – even if you’re based in the UK. And even if it’s not mandatory, aligning with NIS2 is quickly becoming a mark of credibility.

🔒 Risk-based security
⏱ Rapid incident reporting
🔗 Supply chain accountability
📈 Leadership-level responsibility

Not sure if you’re affected? Want to get ahead of the game? Let’s talk.

Compliance is moving fast. I’ll help you keep up 👽

https://paulreynolds.uk/nis2-compliance/

#NIS2 #CyberSecurity #Compliance #RiskManagement #SupplyChainSecurity #YDC #CyberEssentials #ISO27001 #Leadership

What is a Cyber Advisor & why do you need one for #CyberEssentials?

Read our article in “Plane Talk” summer 2025 from NorthWest Aerospace Alliance to find out more & why you should choose @bergerode_cyber as your #CyberAdvisor

https://shorturl.at/tAyD7

This week I've been:

✅ Finalising a strategic partnership with a vulnerability assessment company
✅ Creating video-based security training that people actually want to watch
✅ Conducting Cyber Essentials assessments (yes, they still catch critical gaps!)
✅ Providing technical leadership to growing companies
✅ Deep-diving into AWS security best practices

Cybersecurity isn't just about the latest tools or threats – it's about building security into the fabric of how organisations operate.

The manufacturing client who was eager to learn despite having basic gaps impressed me more than the financial services firm with all the right tools but inconsistent processes.

Security culture > Security technology. Every time.

Three things that stood out this week:

🎯 Cyber Essentials still matters – Even "basic" frameworks catch significant vulnerabilities when properly implemented
🎥 Training works when it's human – Scenario-based learning beats policy recitation every single time
☁️ "Security as code" is the future – Treating security configurations with the same rigor as application code

The variety in this field never stops amazing me. In five days I touched business development, content creation, regulatory compliance, technical consulting, and professional development. Each area informed the others in ways that wouldn't be possible in a more specialised role.

Question for my network: What's been the most surprising security challenge you've encountered recently? I'm always curious about the problems others are solving.

Full weekly roundup here: https://paulreynolds.uk/weekly-roundup-partnership-training-and-cloud-security/

#CyberSecurity #InfoSec #SecurityLeadership #CyberEssentials #CloudSecurity #SecurityTraining