Opinion & Analysis

Commentary

Practitioner perspectives on security strategy, threat trends, and industry challenges. Opinionated, argued from experience, and written for professionals in the trenches — not the boardroom.

Opinion

Patch Tuesday Is Not a Patching Programme

Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill — and the real security question is whether we're measuring the right thing.

CipherWatch Editorial

Security Intelligence Platform
Opinion

Security Awareness Training Is Solving the Wrong Problem

We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.

CipherWatch Editorial

Security Intelligence Platform
Opinion

TOTP MFA Is Security Theatre and We Need to Admit It

Adversary-in-the-Middle toolkits that defeat time-based one-time passwords are commercially available for under £400. The security industry's continued recommendation of TOTP as meaningful phishing protection is not a minor technical nuance — it is a significant misrepresentation of what MFA actually protects against in 2026.

CipherWatch Editorial

Security Intelligence Platform
Opinion

The CISO Role Is Structurally Broken — and Fixing It Requires Honesty About Why

The average CISO tenure is 18 to 26 months. We treat this as a talent pipeline problem. It isn't. It's a governance problem that the industry has been unwilling to name clearly for fifteen years.

CipherWatch Editorial

Security Intelligence Platform
Opinion

The Threat Intelligence Report That Nobody Reads

Most organisations have a threat intelligence subscription. Fewer have a threat intelligence programme. The gap between the two is not a budget problem — it is a clarity problem about what intelligence is actually for, and it costs the industry significantly in both money and security posture.

CipherWatch Editorial

Security Intelligence Platform
Opinion

Vendor Security Ratings Are a Confidence Trick — And We Keep Buying Them

The third-party security ratings industry has built a billion-dollar business on a simple premise: that an outside-in scan of your suppliers' infrastructure tells you something meaningful about their security posture. It doesn't. And the gap between what these tools imply and what they deliver is creating a false sense of supply chain security in boardrooms everywhere.

CipherWatch Editorial

Security Intelligence Platform