Simon Jones

🔒 The UK is building the world's most secure defence supply chain through Defence Cyber Certification (DCC). To help organisations working with the Ministry of Defence understand and meet the requirements, we’ve created a practical playbook that explains it all in plain English. It includes a clear breakdown of the requirements and step-by-step guidance to help you prepare with confidence. Check it out below, and download the PDF here: https://lnkd.in/dnQaNEct I hope you find this helpful. When you’re ready to get certified - for your organisation or your clients - feel free to book a call with our team.

28

2 Comments

An informative document from Make UK Defence and Lloyds, for anyone considering working with UK Defence. 'Good security isn’t about doing more – it’s about doing the right things, consistently'. 

6

MDR sharpens visibility. Because resilient businesses need a clearer lens. In today’s cyber landscape, what you don’t see often matters more than what you do. Modern security teams face an overload of alerts. MDR steps in to give clarity where it matters most: - Filters noise so only real threats demand attention - Adds context to alerts for faster understanding - Guides action with expert-driven recommendations - Accelerates decisions when time is critical - Strengthens resilience by spotting what tools alone may miss MDR makes your defenses sharper, faster and more reliable. Graftronics is a Sophos MDR partner, transforming IT teams across organizations in multiple industries. Reach out to us for assessing MDR for your setup. - Vimesh Avlani Managed Detection & Response | Cyber Resilience | Trusted by Mid-Market CXOs

20

4 Comments

Really excited to share that Adversify are now accredited by CREST to provide penetration testing services. Here are some of the reasons why we’re different: ▪️Attack surface-led penetration testing. ▪️Engagements that are bespoke to your organisation. ▪️Help gauge the level of risk your organisation faces from assessed attack surfaces. ▪️Discover attack paths through the assessed environment.    ▪️Fixed project fees, focused on outcomes and not time. And these are only some of them! 😅 Looking to switch things up with your offensive security testing program? Give us a shout 🔥 Don’t assume. Test.

26

7 Comments

This week, Senior Technical Consultant, Bradley Potter, attended the UK Overseas Territories Cyber Security Conference in London, alongside colleagues from the Falkland Islands Government. The conference brought together cyber security professionals from across the Overseas Territories to share knowledge and best practice, with a strong focus on: - Incident response  - Threat hunting  - The use of Artificial Intelligence  - Cyber defence  - Information risk management  - Increasing investment in cyber security It was a valuable opportunity to strengthen collaboration, stay ahead of emerging threats, and continue building resilient and secure digital services for the Falkland Islands. #UKOT #cybersecurity

12

With the release this week of Cyber Security Model v4, there will be some clear changes to cyber compliance to companies in the defence supply chain. To make sense of the changes, Make UK Defence Fit for Defence cyber partner Pera Prometheus Consulting Ltd have created a number of short video on what this means: 🔗CSM v4 Implementation as of 3 Dec 25: https://lnkd.in/dMt6Hs9Q 🔗DEFSTAN 05-138 and CSM v4 Explained: https://lnkd.in/d-Mves5x 🔗ISN 2025/07 – Implementation of CSM v4 https://lnkd.in/dzGwZFbJ #MakeUKDefence #DefenceSupplyChains #UKManufacturing #ukmfg #UKDefence #CyberSecurity #CyberSecurityModelv4 #BusinessDevelopment Andrew Kinniburgh Estelle Exelby Samantha Hill Maria Winsper Kelly Maddison Charline Diomande James Watson Olivia Bayes-Garrould Dan Parvaz Helen Hastie Stuart Tingley Chris Hague Jenny Bridge Jenny Wright Cathy Williams Mandy Leadbitter

14

After years of work, we have decent security standards, but we'll continue to struggle until we adopt security by default. Take the relationship between TLS 1.2 and 1.3, for example. Both protocols can provide reasonable security, but TLS 1.2 supports a kitchen sink of options, and you need to know what you're doing to configure it correctly. TLS 1.3, on the other hand, just works, no further work needed. This is just one example; there are dozens of standards and situations for everyone to consider when it comes to their network infrastructure. Until we get security by default, the only way to stay ahead is to have comprehensive configuration monitoring to catch problems and drift. I created Hardenize to solve exactly this problem. Our free test is still available at hardenize.com, and the commercial product has been rolled into Red Sift's. Now that Mail Check and Web Check are being retired, I am very happy that there is still a way for Hardenize to continue to serve.

13

1 Comment

🎉 Speaker Announcement — Anicet Fopa Tchoffo 🎉 We're excited that Anicet Fopa Tchoffo, CISSP will be at BSides Leeds to present 'Beyond Research - Deploying Operational Honeypots for High-Fidelity Threat Detection and Intelligence' on our 101 track. Summary: Drawing on real-world scenarios and best practices, this session will demystify honeypot deployment, address common pitfalls, and demonstrate how to integrate these powerful deception tools into a robust, layered security strategy, exploring how carefully placed decoys can provide high-fidelity alerts for lateral movement, credential abuse, malware activity, and even threats targeting specialized environments like ICS/OT networks. Catch Anicet's talk at 13:30 on the 21st! #BSidesLeeds #BSides #CyberSecurity #Infosec

15

Big Change from the NCSC: Mail Check & Web Check to End in 2026 The National Cyber Security Centre (NCSC) has announced that it will retire its Mail Check and Web Check services on 31st March 2026. Why? Because the commercial market has caught up, and in many cases, surpassed, what these NCSC tools were originally built to do. The NCSC’s focus is shifting toward areas where it can make the biggest national security impact, leaving organisations to choose from a growing ecosystem of capable External Attack Surface Management (EASM) solutions. If you’re responsible for your organisation’s cyber resilience, now’s the time to start planning. The NCSC has even published a buyer’s guide to help you choose the right EASM product for your needs. But remember: your external attack surface is only one part of the picture. True security comes from understanding all of your attack surfaces, internal, external, human, and supply chain, and backing that up with continuous testing and effective remediation. The retirement of these tools isn’t a setback, it’s a signal. The ecosystem has matured, and the responsibility (and opportunity) is now in our hands. #CyberSecurity #EASM #NCSC #InfoSec #AttackSurfaceManagement #CyberResilience https://lnkd.in/e-kVnP_e

10

1 Comment

This new framework aimed at the UK Defence sector's supply chain is a more structured approach to assessing cyber security compliance. The Defence Cyber Certification (DCC) has tiered levels and each contract will require a level of certification (0-3), which is determined by the Cyber Risk Profile of each contract. Fortis Cyber® is able to provide support and consultancy for those currently seeking level 0. #MODsuppliers #supplychainMOD #supplychaincybersecurity #cyberrisksupplychain #Defencecybercertification

15

If your organisation relies on the NCSC’s Web Check or Mail Check services, this is worth your time. These services are being retired next month, and for many public sector teams they’ve quietly provided baseline visibility of: • Website configuration issues • Email security weaknesses (SPF, DKIM, DMARC, MTA-STS) • Exposed domains and TLS posture We’re running a short 30-minute webinar next Thursday at 10am to explain: • What’s actually changing • What risk you may lose visibility of • What the NCSC is encouraging organisations to do next • Practical steps to maintain - and improve - external visibility We’ve been participating in the NCSC’s ACD 2.0 work around external attack surface monitoring and will share what we’re seeing across UK public sector environments. No sales pitch - just clarity on what happens next and how to stay ahead of it. Link to register 👇

3

National incident response ‘cadre’ provides hands-on support to cyber victims. Team of 'trusted professionals' helping Scottish SMEs respond to and recover rising tide of cyberattacks ⬇️ https://lnkd.in/eeP4x6tv #cybercrime #support #Scotland

35

🔐 What is the Defence Cyber Certification (DCC)? The UK Ministry of Defence has launched a new cybersecurity assurance scheme DCC to strengthen cyber resilience across its defence supply chain. Whether you’re a defence supplier or operate within a supporting industry, understanding and achieving the right DCC level is now crucial for winning and maintaining MOD contracts. ➡️ With 4 certification levels and requirements aligned with Cyber Essentials, the DCC is set to become the gold standard for cybersecurity assurance in defence. 📖 Read the full breakdown in our latest blog post: 👉 https://lnkd.in/eusvQX9w #CyberSecurity #Defence #MOD #DCC #IASME #CyberEssentials #SupplyChainSecurity #UKCyber #InfoSec #UtopianKnight #CyberCompliance #DefenceSector

1

#ICYMI: ComputerWeekly.com have published an article talking about the recent launch of the Defence Cyber Certification (DCC) scheme. 📣 In the article, Eleanor Fairford, Director of Cyber Defence and Risk at the UK Ministry of Defence said: “Defence Cyber Certification (DCC) strengthens cyber resilience in the UK’s defence supply chain. Organisations obtaining and maintaining DCC prove their ongoing commitment to UK defence.” Learn more about how the DCC scheme is enhancing cybersecurity in the defence sector 👉 https://lnkd.in/eKNSYnUb

8

Chris Roberts speaking against a punitive approach via phishing tests, with Avishai Avivi on the CISOnomics podcast. Links in comments👇