In CyberVersed episode 47 Mandy Haeburn-Little is joined by two National Ambassador representatives: Wayne Selk, VP, Cybersecurity Programs & Executive Director, GTIA ISAO, and Jamie Akhtar, Co-Founder and CEO of CyberSmart. The topic of discussion is 'The MSP community,' which is Part 1 of a focus on MSPs.

It's a lively and engaging three-way discussion that provides excellent insights into the MSP community and why they are essential in the drive to make the SME community throughout the UK better prepared and ultimately more cyber resilient.

To begin the discussion, Wayne and Jamie define an MSP and discuss how the industry has developed in recent years from a 'Break-Fix' model to an essential provider of managed services to most businesses. Both Jamie and Wayne reinforce the pivotal role MSPs play in improving the cyber resilience of SMEs, explaining why they agree they are the key to greater protection for the SME community.

They chat about regulation and what they consider the best way to develop the MSP community going forward to ensure SMEs receive the best possible service from their providers.

Jamie provides insight into what their partners are telling them about their clients' attitude towards cybersecurity and shares some of the reasons cyber is not at the top of their list of priorities. Both then discuss the challenges of how cyber is presented and the need to reset the conversation around 'the why' rather than the technology. Wayne explains why he believes it should be much more about explaining business risk to business owners and how this approach is proving to be a revenue driver among their members.

Jamie also touches on what SMEs want and why MSPs must deliver solutions that provide complete cyber confidence.

Mandy then guides the conversation to 'two-way communication' and the efforts both organisations are making to improve the sharing of intel to and from the SME community. Wayne provides a great analogy to explain why everyone needs to share their piece of the jigsaw to see the whole picture. Jamie then reinforces that the MSPs are an essential element in completing the picture.

The conversation then moves on to the role that the CRC Network play in delivering the message to the SME community and why the National Ambassadors must do what they can to improve the amplification of the great work being done through the Cyber Resilience Centres.

Jamie also mentions the impending Cyber Security Resilience Bill and its impact on the MSP community. While Jamie describes it as one of the most significant shifts in the cybersecurity landscape, he expresses caution, believing it's a start but not the complete solution.

The whole discussion sets a good picture and leads nicely into the next CyberVersed episode, which will be part two of the MSP-focused discussion, when they will also be joined by team members from the CRC Network.

NCSC has also recently published guidance for SMEs when choosing an MSP. You can view it here.

In CyberVersed episode 46 Mandy Haeburn-Little is joined by Jamie Akhtar, Co-Founder and CEO of our newest National Ambassador, CyberSmart, a leading cyber security specialist. They are ideally suited as a National Ambassador company. With over 1,000 Managed Service Providers (MSPs) and over 6,000 SME customers in the UK, they are primed to act as an enabler to this crucial sector within the digital economy. In partnering with NCRCG, CyberSmart seeks to empower MSPs and SMEs around cyber resilience and signpost the support offered by the CRC Network and the national technical authority, NCSC.

Jamie begins by explaining what CyberSmart is and what it does, highlighting their 'obsession' with making cyber security more accessible for SMEs. He explains what he means when he says emotion is one of the great drivers in the business, and why their 'relentless pursuit' is to solve the cyber security problem.

The two talk about company culture, and Jamie provides insight into why culture is so vital to CyberSmart, as it should be for every organisation, empowering everyone to grow by investing in people. How they deliver - through teamwork, drawing on a broad range of skills and experience to make change happen. He goes on to define teamwork as being able to ask for help when you need it and being willing to assist when someone else needs it. For CyberSmart, it's about reflecting on what you have been doing and exploring ways to improve for the benefit of our customers.

Importantly, Jamie points out that they have actively developed the culture rather than simply letting it evolve.

Regarding MSPs, he explains why he believes they are fundamental to solving these challenges: they have access to and can influence many SMEs in their client portfolios. Understanding where the partner is and what they do with their customers. Who are you working with where security is not investable enough, and how can we help the partner provide better solutions to their customers.

Mandy and Jamie go on to have a fascinating chat about Cognitive Bias in Cyber Psychology. It's a brief conversation Mandy would like to revisit with him in the future. Still, he does share nuggets to whet the appetite, such as how some people believe the internet provides people the opportunity to create a different version of themselves. Dissociation allows them to say things they wouldn't in real life. For example, he cites how teenagers committing cybercrimes is, in many ways, a version of this, where people are disconnected and further removed from a moral compass.

Both Jamie and Mandy agreed that it's a fascinating space; understanding why people are involved in cybercrime is part of the solution, and how intervention could win around some of the bright talent to do positive cyber work.

Jamie also turns the tables on Mandy and becomes the interviewer; he asks, "What's the itch you were trying to scratch when you got into cyber?" to which Mandy provides insight into her passion for all things cyber.

To finish, Jamie explains why he's never been more concerned or more excited about the future. Concern stems from the increasing sophistication of cybercrime, excitement comes from the fact that cyber is very much part of the conversation in the UK and now has a national voice, acknowledging that recognition of the problem has never been greater.

In CyberVersed episode 45, we explore and explain the Cyber PATH programme. Mandy Haeburn-Little is joined by David Socha, Interim Head of Cyber PATH, Martin Wilson Head of Cyber & Innovation, North East Business Resilience Centre, and Sophie Powell, Talent Manager at Cyber PATH.

Martin kicks off the discussion with a summary of what Cyber PATH is and what it does: essentially, it helps micro, small, and medium-sized organisations (SMOs) understand how they might be attacked and how to avoid it, while providing real-world experience for students exploring careers in cyber.

Martin touches on the changes that have taken place since he started working on the programme, and their willingness and ability to adapt services to address the latest threats and trends.

David Socha explains why his experience in managing change and building teams perfectly suits his current role and why it is right for him to take an interim position to manage the structural changes underway to enable the programme to develop and grow. He also highlights that the primary focus of the changes is designed to create even better engagement with Academia, the CRC Network, students, and SMO businesses.

Martin explains the differences in the service since it began and how relationships among the various stakeholders have blossomed, enabling them to provide a better, more comprehensive range of services.

Asked about the most popular services, David points to Security Awareness Training, Microsoft 365 Service, and Internal Vulnerability Assessments as the three most prominent. Still, he notes that all services are helpful and popular with the SMO community.

Former Cyber PATH student and the 2023 Cyber Student of the Year, Sophie Powell, provides insight from a student perspective and explains how the programme helped her develop essential, valuable skills that she wouldn't necessarily have learned through her scheduled university coursework. Now, as the Talent Manager, she outlines her new role within Cyber PATH and her ambitions for the programme's future development.

Martin explains how service demand is changing and cites Microsoft 365 as an example of a popular emerging service, driven by the growing number of businesses using the tools as an integral part of their operations. He also highlights the power of clearly defined policies and the enormous benefits of having them adequately examined as part of the Policy Review service.

Martin also explains some of the hidden benefits of the programme, which he takes great pleasure in, namely how it helps develop the student's ability to communicate and articulate the findings to business owners or operators.

The podcast is a fascinating examination of the Cyber PATH programme, with three key personnel overseeing specific areas of delivery, yet all clearly sharing a passion for Cyber PATH and its success in developing students and supporting SMOs in building better cyber resilience.

In episode 44, Mandy Haeburn-Little is joined by Nick Bell, Police CyberAlarm Lead for NPCC National Cybercrime Team.

Nick Bell is an award-winning security leader and former Detective Superintendent with 30 years in policing. He is a former CEO of the National Cyber Resilience Centre Group, where he launched the CRC network, National Ambassador programme, and Cyber PATH to support SMEs and develop future cyber talent. Nick is experienced in leading investigations into cybercrime, digital forensics, fraud, and cryptocurrency, with a track record of building national programmes and partnerships. Nick was also named Outstanding Security Director of the Year 2023 at the Tackling Economic Crime Awards.

Nick and Mandy discuss his new role and his vision to achieve significant growth for Police CyberAlarm and for it to become a trusted brand in the digital space. During the discussion, Nick explains why it is essential to raise Police CyberAlarm's profile, which he hopes will be achieved by working with third-party organisations such as the National Ambassador companies to demonstrate and deliver exceptional value to businesses and policing.

During the podcast, Nick and Mandy explore what PoliceCyberAlarm is and why it is an essential tool for both businesses and policing. Police CyberAlarm is a free monitoring tool that Nick likens to CCTV for your business. It is an 'always on' monitoring tool installed on your external systems to track activity, such as attempted intrusions. Users receive a monthly activity report that is easily digestible, enabling them to take any required action to bolster their cyber resilience.

Simultaneously, law enforcement can build an accurate picture of the current and ever-changing threat landscape, enabling them to issue targeted alerts to specific businesses about threats that may affect them. So, businesses are not only protecting themselves, they are also helping to gather information and intelligence at scale by providing critical, real-time intelligence that provides law enforcement with relevant data to reduce cybercrime harm and improve national cyber resilience.

Nick also shares some helpful examples of how Police CyberAlarm has assisted a range of organisations, from those in the public sector to small businesses in the private sector.

Nick is clearly passionate about expanding the adoption of Police CyberAlarm throughout the UK, and is hopeful that he and his team will see real growth, especially with Managed Service Providers and public sector partnerships and with a simplified sign-up and installation process.

In episode 43, Mandy Haeburn-Little is joined by Joseph Boland-Scott, Security Product Marketing Lead at Microsoft, to discuss the topical issue of Deep Fakes.

In a light-hearted start to the conversation, Mandy opens by asking Joe how she can be sure that it really was him on the call. Joe responds by providing some great suggestions about how you can look out for specific audio or video cues to help spot fake audio and video.

Joe goes on to explain the difference between Deep Fake and AI-generated content; in general terms, he explains that AI content is created from scratch for legitimate purposes, whereas Deep Fake is more about image, video and voice manipulation and is more often than not used much more for malicious purposes.

Mandy and Joe then chat about the areas we are seeing Deep Fakes being used, to which Joe provides some of the more common examples, such as in the onboarding of new employees remotely, where the team has never met the new employee. In these helpdesk vulnerabilities, cybercriminals are posing as current employees looking to restore access to their devices.

Mandy then asks what you should do when you suspect something is not quite right. Joe outlines typical things to look for when you don't feel everything is 100% right. Primarily, question if the person you think you're speaking to would contact you on a particular channel, or would they make such a request at an unusual hour?

By way of encouragement, Joe points to the fact that people are generally much more aware of telephone scamming than they were a few years ago. So, he suggests, in the same way, people will get better at questioning the authenticity of audio and video content. However, he emphasises that awareness is only a small part of the solution; there is a need for much greater collaboration among tech, policy and education to combat the increasing criminal use of Deep Fake.

It is a fascinating insight into the world of Deep Fakes and how to identify and protect yourself against this growing threat.

Microsoft has many resources and guidance to help with cybersecurity awareness. You can explore these here.

Joe also refers to Microsoft's Digital Defence Report, which you can download here.

In episode 42, Mandy Haeburn-Little is joined by Gordon Adam, Manager, Cyber Threat Intelligence Partnerships at Mastercard.

Gordon begins by explaining his role and how his department serves as the first port of call for incidents of cybercrime or fraud. He describes how they operate proactively by analysing the threat landscape and reactively responding to incidents and emerging threats.

Mandy is also keen to understand why Mastercard has earned a reputation for being approachable, particularly for SMEs. Gordon then highlights how 'doing the right thing' is a fundamental part of the company's culture; they are keen to make business owners feel secure, and that's why they provide resources such as the GCA Toolkit and Mastercard Trust Centre. For Mastercard, it's about sharing their wealth of knowledge, especially with the SME community. He also explains how they invest time and effort in creating the right messaging when it comes to cyber; Mastercard break it down to make it interesting and simple for those not familiar with cyber. Fundamentally, they are keen to promote the idea that every step an SME takes will improve its resilience.

Gordon also outlines some of the red flags that SMEs should look for, such as unexpected logins, suspicious emails, and tech update prompts. His advice is to start with employee training to build an understanding of the threats and how to prepare for them.

The two discuss why it's essential that businesses feel safe when adopting new technology; otherwise, it can stifle innovation and growth. It is in everyone's interest that businesses thrive, so by providing free support and guidance, Mastercard is helping them become more resilient and confident when adopting an inclusive attitude to new technology.

Gordon offers advice on where to start, reiterating that it's about the basics, including visiting the Mastercard Trust Centre, exploring the GCA Toolkit, and the Cyber Readiness Programme. He also emphasises it's all about preparedness and recommends the GCA Toolkit as an accessible and free resource with actionable guidance to reduce cyber risk.

In conclusion, Mandy asks Gordon how he feels about the industry, to which he responds that it is worse in terms of the volume of attacks. However, he also points out that we are much better prepared than we were in the past. The knowledge of how to mitigate and respond, as well as our capabilities in defence, is significantly greater than it was a few years ago.

His final comments are sound advice, stating that preparation is the best defence. Take the time now to accept advice and have a response in mind, rather than panicking when something goes wrong.

In episode 41, Mandy Haeburn-Little is joined by Justene Ewing, Vice President, Health, Care and Life Sciences for UK & Australia at CGI.

It is a fascinating conversation that explores the role technology plays in healthcare and the associated risks as we adopt digital solutions to improve services and productivity.

Justene outlines some of what we already know about the Government's 10-year healthcare plan; primarily that the following three essential elements will be the main focus:

1. Helping people to stay in their home environment
2. The role that data will play in helping the NHS workforce and the patients, and the family's relationship with their data
3. Prevention before cure

Justene explains why digital and data is the 'Golden Thread' running through all three, and why it is increasingly vital to help cope with the demands and pressure on the NHS, which is set to increase significantly in the coming years.

Justene highlights that while digital can improve productivity, she warns that the more we rely on and introduce digital solutions, the greater the risks become. She also believes that while it is getting better, there are still misconceptions around the board table about the scale of the risk, and perhaps even whose 'headache' it is! But, she also acknowledges there's no easy solution because budgets, resources, and capabilities are all very challenging.

On the fascinating topic of AI, Justene touches on the misuse of tools like ChatGPT, which is caused purely by a lack of understanding of the risk and where the data is shared. She advises that while they are great tools that will save time, the risk must be adequately managed.

Justene cites some good examples of how AI is being used to make a difference in healthcare in areas like screening and bed management. These are excellent examples of how AI has been developed with a purpose, rather than innovation for innovation's sake. Her main point around the increasing adoption of AI solutions is that we must ensure there is complete transparency so that we have total confidence in data and that there will always be humans in the loop.

It is a fascinating conversation and insight into the adoption of technology in the health sector and why we must ensure the data is safe in order to prevent the disruption and threat to critical care at all times.

Episode 40 is a short podcast recorded when Mandy Haeburn-Little caught up with Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai, and Paul Croker, UK & I Executive Committee Member at GTIA (Global Technology Industry Association. Both attended Infosec (Infosecurity Europe 2025) from 2nd - 4th June and were kind enough to join Mandy for a quick chat about the conference.

Richard and Paul provide a brief overview of their experience over the three days at ExCel London and what they took away from the conference. Both also discuss the value of being NCRCG National Ambassadors and how much they are enjoying the engagement and collaboration with fellow National Ambassadors.