Peter
Bassill.
I'm a British cyber security operator at board level — the CEO who still writes the code, the advisor who has actually carried the pager. Kernel to chair, in the same conversation.
What's on the desk this week.
No smoke. The brief says transparency, so here is the actual state of things. Updated when something changes, not when a content calendar says so.
LAST UPDATED — 2026-05-24 · drift since update: 0 days
Operator. At the board. Both at once.
Most people pick a side: the hands or the room. I've spent twenty-eight years refusing to.
I run a small British cyber defence company. I still write the production PHP, harden the Ubuntu boxes, and configure the Apache and MySQL myself. I also sit on the CREST European Council and CREST IR Pan Europe, where the people in the room have read the same incident reports I have, and we argue about what to do next.
The combination is rarer than it sounds. Most CEOs at this end of the industry have stopped touching the consoles. Most engineers good enough to run the consoles haven't sat in a regulator's office. I do both, deliberately, because the gap between those rooms is where most cyber security goes wrong.
If you're a board chair, I can brief you in plain English on Tuesday. If you're a CISO, I can argue with you about detection engineering on Wednesday. If you're a tier-three responder, I can stand at the back of the bridge on Thursday and not get in your way. The brand is just the shape of that.
Three positions. One job.
An executive role, two advisory ones. They share an audience and a remit: keep European cyber defence honest, and keep practitioners in the room.
Chief Executive Officer
Day-to-day operator of a British cyber defence firm formed from the November 2025 merger of Hedgehog Security and UK Cyber Defence. Strategy, delivery, and yes — still the one writing the more interesting bits of the platform.
European Council Member
One of the seats on the European Council of the body that accredits much of the industry. Policy, standards, and arguing on behalf of operators who'd rather be on the console than in the room.
IR Pan Europe
Working with the pan-European incident response scheme — the shape of how IR is practised, accredited, and held to a standard across borders. Less ribbon-cutting; more rota and runbook.
Some things I've written down.
Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, I haven't published it.
Where I've spoken. Where I'm speaking next.
I keep this list short on purpose. I'd rather give one good talk a quarter than four mediocre ones.
Under attack: cyber resiliency for your business.
Two hours on how attacks on UK SMEs actually happen, a live walk-through of a real breach (38 staff, professional services, £124K), and a one-page resiliency framework attendees take home as their own action list.
Oversharing with AI?
Forty-five minutes on what people are actually pasting into chatbots — source code, API keys, CVs, HR records — who they think they're sharing it with, and what could possibly go wrong. Plus a short list (not a manifesto) on using it right.
If you need someone who's actually done the thing.
I take on a small number of advisory engagements at any given time — board briefings, IR-readiness work, the occasional NED conversation. Not retainers I won't use. Not panels I haven't read for.
Direct channels.
No contact form funnels, no calendly. If you'd write to a colleague, write the same way to me — or use the form below if you'd rather not hand over your address book.
The form on the right sends straight to my inbox — same destination, less typing.