Cybersecurity Now: AI Threats, Cloud Risks & Staying Ahead Artwork

The IT Naturally Podcast

IT is about more than systems and software – it’s about people, progress, and purpose.

In this podcast, our CEO, Julie Bishop, speaks to IT leaders, digital changemakers, and purpose-driven organisations to uncover how technology is being used for good – from transforming teams to tackling social challenges.

Julie loves chatting about her favourite subject – people and tech – especially with those who are doing IT differently.

All Episodes

The IT Naturally Podcast

Cybersecurity Now: AI Threats, Cloud Risks & Staying Ahead

August 19, 2025 • IT Naturally • Season 1 • Episode 5

Julie Bishop sits down with Phil Skelton from eSentire to explore the evolving cyber threat landscape. From AI-powered attacks to cloud misconfigurations and indiscriminate ransomware campaigns, Phil shares why no business, large or small, is safe from today’s hackers. They discuss the growing importance of cyber hygiene, the power of frameworks like Cyber Essentials, and how the IT Naturally eSentire partnership helps organisations build security by design.

Whether you’re an IT leader, business owner, or just curious about what’s keeping cybersecurity experts up at night, this conversation is packed with insights, practical advice, and real-world examples to help you protect your organisation and enable growth.

In this episode, you’ll learn:

Phil’s journey into cybersecurity and why he’s still passionate about the industry after 13+ years.
The biggest threats facing businesses today – including the rise of browser-based attacks, cloud security gaps, and AI-enhanced phishing.
Why the “we’re too small to be targeted” mindset is a dangerous myth.
The crucial role of cloud hygiene and “spinning down” unused environments.
How hackers are using AI to scale attacks and create more convincing social engineering tactics.
The value of frameworks like Cyber Essentials & ISO 27001 for improving resilience, securing cyber insurance, and winning new contracts.
How the IT Naturally–eSentire partnership delivers proactive, security-by-design protection for customers.
Why security should be an enabler, not a blocker, for business growth.
Career advice for anyone wanting to enter the cybersecurity field—no matter your background.
How strong security protects organisations doing good, like charities, from losing vital funds to cybercrime.

Get IT Naturally's practical 10 step guide to help your growing business stay ahead and stay protected here.

Connect with Julie from IT Naturally on LinkedIn

Connect with Phil from eSentire on LinkedIn

Visit the IT Naturally website

Follow IT Naturally on LinkedIn

SPEAKER_02: 0:00

You must listen to today's episode if you've got any concerns about IT security. And if you don't have any concerns, you probably need to listen even more. Today, I'm speaking to Phil Skelton from our partner eSentire. Welcome to the IT Naturally podcast. Today, we're diving into something that keeps many leaders up at night, cybersecurity. Phil, thanks so much for joining us.

SPEAKER_00: 0:23

It's great to be here. Thank you.

SPEAKER_02: 0:25

Can you tell us a bit about how you first got into cybersecurity? What drew you to it?

SPEAKER_00: 0:29

Yeah, sure. So ever since I kind of finished school, I did IT at college when I studied out at university as well. So IT as a whole has always been something that's really interested me. So I started off doing things like developing software for small businesses, database applications, then sort of moved more and more into infrastructure for a few years, probably as cybersecurity was starting to get going. A good friend of mine, someone I've worked for for a few times over my whole of my career, he got a job and a role for a cybersecurity business. And obviously we met for lunch. He would tell me how cool it was, how interesting it was, how often every day was like a James Bond film because he seemed to be fighting different villains. And that kind of really drew me in. But again, if you kind of look back in kind of the era I grew up as well, I was fortunate enough to sit there and watch that TV show like Airwolf or like Knight Rider or Street Hog. So all these programs that were starting to really show and demonstrate technology in the real world that we were still at that point waiting for it to come to existence. So I think for me is technology is always, I'm still a nerd. I'm still a bit of a geek. I've still got spare parts and electrical components dotted around my house with the evolution of AI. So I've always been interested in it. And cybersecurity was just sort of the natural thing thing for me after coming out of working in the IT industry as well. So yeah, I've been doing this now for about 13 years and still wake up every day and love the industry that I actually work in. It's brilliant.

SPEAKER_02: 2:08

Nice. It is. It's fantastic that it's such a changing industry. It keeps us on our toes. What are the kind of cyber threats you're seeing businesses face most at the moment?

SPEAKER_00: 2:20

So, again, if you kind of look at the evolution of kind of where threats have come from and where they've moved through, you know, we're still seeing a lot of attacks happening, which is typical, as you would expect, around ransomware right now as well. You know, it's still on the increase. It's still happening. I think, you know, with the evolution of things like AI now as well, that's really helping a lot of the threat actors really start to target organizations quicker, faster, in a more focused way. So, Ransomware is still there and it's still prevalent. People might think that, well, with all the latest technology that we've put into place, the latest security approaches that we may expect it to kind of go backwards a bit, but it's not, it's still there. And again, if you look at kind of the attack path of someone who wants to launch a ransomware attack as well, Weirdly, what we have seen is quite a significant shift. You know, phishing is still something that happens. Targets are phishing, we really, really see. But we're seeing more of a movement now into things like browser-based attacks as well to start to launch that attack chain and that kill chain around some of these ransomware attacks that are out there. So these are things that we're starting to see. And the other thing that you'd expect within emerging threats is the evolution over the past few years around everyone moving into cloud environments. So again, we're seeing things like a 40% increase in those types of attacks into cloud environments as well that we see. So as basically as the IT environment moves, the threat path tends to move as well.

SPEAKER_02: 3:54

Thank you. That's really, really interesting. And I think it belies the thought that people think that if they're in cloud, they're safe because they're definitely not.

SPEAKER_00: 4:04

No. One of the big things we see in cloud is because cloud's quite agile. That's why people move into the cloud. It gives people easier access to infrastructure. You don't have to put it all on-prem. People since COVID have got a very agile and disparate kind of workforce now out there. But what we are seeing is where some of the increase in attacks has come from is because people are spinning up environments quicker within the cloud, but they're not necessarily securing them. So we're seeing these types of attacks happen, especially in DevOps environments where they're spun up. They're not using, as they say, real data, but it is still customer data. It might be old data, but it's still there and it's still valuable. And those are the types of environments where we're seeing that threat actors and hackers are actually getting into and stealing that information and then obviously using it for their own gain.

SPEAKER_02: 4:53

We spend our lives hearing people saying spin up. We don't often hear people saying spin down.

SPEAKER_00: 4:58

SPEAKER_02: 4:59

agree.

SPEAKER_00: 4:59

What

SPEAKER_02: 5:01

SPEAKER_00: 5:02

can probably determine is cloud hygiene. You can probably compare it to the great, wonderful days of when Microsoft launched SharePoint. We left it to some of our staff and employees' own devices to create their own SharePoint websites, and they started spinning up quite a lot. That's one of the things that we always look at and again we do see like I was saying back in the day because it still really happens you know where active directories aren't being cleaned up you know no hygiene is being put in so passwords that have been used in multiple websites employees that have left they haven't been closed down they've been seen as a route into organisations and that's what we've seen a little bit more now happen within the cloud environments as well.

SPEAKER_02: 5:48

I mean we did a lot of work during COVID on trying to get people to just almost do what they're doing at home. So most people join, or a lot of people join COVID, went through the house, threw out all the stuff they don't need anymore. And you need to do that at work. You need to throw out the... And it's the fact that you've got it stored somewhere and you don't even look at it, it's still there. It still might be a payroll list or something, might be five years out of date.

UNKNOWN: 6:15

Yeah.

SPEAKER_02: 6:15

Still data that you need to secure. And that whole good housekeeping thing is essential that... We often find when we talk to companies, they'll say, we're too small to be targeted. We won't be, you won't be targeted. Tell us the truth, Bill. Tell us the truth.

SPEAKER_00: 6:33

If you kind of look at cybercrime as an industry, if we just start at that point there, before we kind of look at the level of different types of businesses it affects, some people are surprised. If you add up kind of the, like you would like with China or with North America, and you look at the economies and the scale of things, if you kind of now start to put cybercrime in there, you may be surprised to realize that some of the analysts talk around cybercrime now is worth about 10 trillion a year. year,$10 trillion a year. And what they're starting to talk about is because cyber crime is worth that much and you stack it up against all the other countries that are what their output is, it could literally be like the third largest economy in the world right now. So on the basis of the fact that it's such a big thing that's happening out there right now from a cyber crime point of view and the economy effect, is when you can then tend to look at, well, who are these individuals actually targeting? you actually kind of find that it's indiscriminate, especially with the increase in cyber criminals using automation. They're not sometimes necessarily, yes, they will target specific businesses for specific gains, but they'll also just automatically go out there and launch certain types of scans or looking for certain types of vulnerabilities that they know are out there or just come out. And they'll target those organizations, whether they've got 10 employees, 100 employees, 1,000 employees. Because bear in mind, these individuals, these hackers are trying to get into an organization to launch some form of ransomware, then to hold you to ransomware. and get you to pay. So that's what they're trying to do, getting to pay. And it could be equivalent, say, on a small business. It could be equivalent to a pickpocket or something else. But what we are seeing is because it is quite indiscriminate across small organizations, it's much bigger risk to them than a large enterprise because large enterprise companies can often have larger budgets, They may have better technology, but even when they get breached, they've got a larger budget to help them recover. You know, they also may have different divisions that can perform while other divisions lock down. And what I've seen, unfortunately, in some of these smaller organizations is they are actually going out of business. You know, you only have to Google it to see that there's a lot of industries out there. You know, several years ago, there was an escrow business that went out because, you know, the data got breached. They lost their IP. You know, there was a haulage company not so long ago. They got breached. They got attacked. They just could not operate because they just couldn't recover from the losses that they sustained plus the cost to get their data back and get their business up and running. So when you look at this and you say, you know, we won't be targeted, everyone's open to target, whether you're an individual business and a business owner just on your own, it can be how valuable that data is that you store that can actually affect you as well. You know, one thing about ransomware, again, is it's indiscriminate. It just equalizes everyone out, as simple as that, and it'll put a ransom on the screen and they'll want you to pay to get your data, whether, again, you're a small organization or a large enterprise organization.

UNKNOWN: 9:40

Yeah.

SPEAKER_02: 9:40

And I was at a thing recently in London and I was talking to a lawyer and he's got 100 lawyers or 100 people in his company, probably not all lawyers, but a lot of them lawyers. And he's got a couple of very junior people looking after their IT. And he's saying, yeah, that's fine. They get the laptops in, they put the software on, they know what we're doing. And I was thinking, when that thing comes on your screen, when you get the ransomware attack, who are you going to call? It's not going to be your two teenagers. They're not going to be able to sort it out. But there is still that level of naivety out there as to the industry that, sadly, in a way, that we're having to have.

SPEAKER_00: 10:25

Yeah, and again, to take you back to my childhood, as we say, it's the old ghostbusters routine. Who are you going to call when something actually happens and there's actually an attack? And you're right in saying this is... organizations who are better prepared, but also use probably what I call like a diverse approach. if something goes wrong. So yes, they'll use their own internal resources as well, but then they'll have access to external resources who are potentially like organizations like eSentai, like yourselves at IT Naturally. Because you look after a wide variety of customers across a spread of sectors, across even sometimes global locations, that knowledge and that threat expertise that you're seeing or identifying can actually help individual organizations as well by sharing that information and to help them better protect themselves in the event of a breach or a hack that actually is successful.

SPEAKER_02: 11:21

What's the emerging technologies or trends that you think that we should be paying attention to

SPEAKER_00: 11:27

Yeah, so again, businesses like us exist because there's always the latest threat comes out. It can be day in, day out. It can be week in, week out as well. But if you kind of look at it from a technology standpoint or things that are coming out there in the market right now, we couldn't get away with doing any podcast this day and age where we don't talk around AI and generative AI and the AI marketplace and where that's actually going right now as well. So if you kind of look at where that comes from a threat point of view, AI has been used a lot more by hackers now. It helps them do things like build code, believe it or not, fine-tune some ransomware, and also allows them to automate part of the attack chain as well. So it allows them to potentially attack more with them doing actually less effort on the side of it. So attackers are really starting to use AI right now in the marketplace. Again, we see it day in, day out. It allows them to create often more sophisticated attacks, which are then harder to actually be able to detect. And it also allows them to scale out the level of attacks they're doing, so basically achieve more And as I say, we've seen things like, you know, if you remember, you know, not so many years ago, phishing emails were easy to detect because there'd be the odd spelling mistake in there or something like that. Well, hey, now you can use AI to really pull on the psyche of the individual you're trying to target and ask AI to help you build a really good phishing email. We've seen it with deep fake videos, you know, things like that, that are trying to get through voice control systems, you know, other things. We've seen it with social engineering. So yeah, so all of that AI AI that's in there from just a happy to do what I class as the psychological part of the attack chain. And then you get to the technology bit where AI is helping hackers actually be able to write code to launch attacks as well. So what that can mean is, is part of the risk is you can have what I probably class as maybe a junior hacker who can use AI that then helps them out a lot more than a more sophisticated hacker who's doing it for a number of years. So that's really helping often accelerate the level of attacks that are actually happening. And it does make it difficult often for the human to try, so especially the human defenders, to try and keep up with that pace within the market.

SPEAKER_02: 13:40

Yeah, no, definitely, definitely. And here at IT Naturally, we're very proud to partner with eSentire. Can you tell us a little bit about what eSentire does and how our partnership will help strengthen security for our customers?

SPEAKER_00: 13:55

Yeah, sure. So again, if we look at where we stand quite nicely with IT Naturally is a lot of the services you're providing around those support, those IT pieces is putting a security layer around it as well. So where we kind of integrate and where we work really well with you in helping your customers and defending your customers is being able to stand shoulder to shoulder with you as an organization, being able to give you threat intelligence information that you can pass into your customer base. It also allows some of that threat intelligence information to make subtle changes within the services you're providing if we're finding things like, I don't know, a firewall device that has a certain vulnerability in it. And we can gather that information to you quickly that you can get in and pass into your customers as well. So where you're helping the customers, which is really great from an IT services point of view and being able to best advise on key technologies, we can then assure that that is a secure approach as well. So basically, as we call it, security by design with both of us together, really helping and digging deep into those customers as well.

SPEAKER_02: 15:01

It's a lovely partnership. It works really well. We sometimes get questions about security and user experience. So things like, I don't know, a simple one, using complex passwords and not using the same password across other accounts and people sharing accounts and all sorts of things that make me want to run screaming, but I know I'm an IT person and that's not fair. So how do we support people in balancing their security and the fact that it can be a bit of a pain at times with the need to actually keep secure.

SPEAKER_00: 15:46

Yeah, so you're right. I'm always a firm believer that security should be seen as an enabler to businesses as well. It shouldn't be there to be prohibitive. Security should allow an organization to go into a new marketplace, go in a different direction, securely from that side of it. And one of the mistakes we often see, especially when we're looking at an IT project, is it'll be like, okay, so we've got a tower for our services, we've got a tower for our IT infrastructure environment, and we have a tower for our cloud, and then we put a security tower on the end of it. And we're like, okay, take the security tower, turn it the other way around and put it right across every other tower that you've just developed because it shouldn't be seen as a tower on its own. But rightly as you say, is we have to get it right. And the way we work, especially as you know this with yourself and we work with your customers and your prospects is, is, The first thing we're trying to do is understand not just what the customer security objectives are, but also their IT objectives and their business objectives. Because if the business wants to open a new branch, a new office in a certain territory of the world, or they want to go somewhere else, then we'll have to look at that as in, what's the data regulatory? What's the compliance? What's the government backing? And that's why I say security should be as kind of, it sounds like a marketing phrase, but that golden thread that kind of weaves through what the is trying to do. Because yes, by the way, I can tear around, I can sell you some stuff, and I'm going to make you more secure. But where success comes from is making you secure, enabling you as a business that helps you achieve your business objectives. And that's where you're kind of right, is we should see it as that enabler to help an organization grow, but also protect them as well.

SPEAKER_02: 17:27

I think we're probably both at the mature end of the IT professional scale. And it's often people of our age who that are in business that aren't really aware of just how different it is. You know, they set up the business, they set up their IT, it's all working well, but what worked well five years ago is not safe today. And it's quite hard to understand that. And I think sometimes we have challenges. We're saying to people, actually, the cheapest thing that you had then isn't secure, the cheapest Microsoft license, the cheapest whatever. Sadly, That might have been fine five years ago, but actually your IT budget, to keep safe, your IT budget needs to increase. And that's a difficult message to give to business leaders.

SPEAKER_00: 18:16

Yeah, it is. And again, the industry we're in, cybersecurity, as I said, I think early on, is the threat landscape's changing quite a lot. So, you know, Is it a case of we're always playing catch-up? It's never really playing catch-up, but it's always saying, right, where do we need to go next? Where do we need to go next? What is the latest thing? The evolution of cloud, the evolution of AI. In our own portfolio of services over the last just over 12 months, we've really built out. We always had some automation in. We really built our AI. We really look at where we can use that and where that really benefits organizations so we can move quicker as well. And one thing we're conscious of is network. never replacing the human or the human intelligence elements because the humans within our organization are one of the most critical parts but how do we actually use ai to help service them as well as individuals but as you're saying this is is what you bought three years ago five years ago you know we talk around If I look at MDR, which I'm trying to cast my mind back now, is probably something that started coming out as a phrase probably at least five years ago, if not a little bit longer now. When we look at people who are buying now, or they might be coming to a contract renewal, or the business might be growing so they need more help, we start to look at them as second and third generation buyers. what my advice is to anyone who's in the market is you're right is don't look at what you've just had go to market but don't just go to market looking at who's got the biggest nice big logo whose thing looks the shiniest the things that that is is what we're finding and this is great in our market now is people are coming to us with more like scenarios so yeah they come to us with quite a deep not overly detailed but details is in If a ransomware attack happens and hits this, how would you detect it? What would you have in place? How would you detect it? How would you respond to it? What would the timeline look like? And we're just finding that sometimes buyers have become more mature in the marketplace, maybe because of what they've bought before. They've had issues with it. But definitely start to look at that sort of scenario and make sure it aligns so you know then, okay, well, this is what I expect to happen. Don't just assume it does. Ask the question. What happens to this, this, this, this, and this? And then, as I said earlier on, is go back and align that back into what your business objectives are. It's all around the understanding bit right at the beginning because we look at, as you know this with yourself and with your customers, we look at Who are they? What sector are they in? What are the type of attacks that could actually affect them? And are we putting a solution in place that gives them an outcome that stops those types of attacks or detects those types of attacks as well? And then what else could possibly hit as well on the back of it? So it's more around an intelligent buy right now, digging a bit deeper in.

SPEAKER_02: 21:05

And we worked with one company that wanted us to make their cloud environment secure. And we were saying, And the day we've finished our project, you start being insecure again. And it's that continuous improvement that you have to do to keep security going. So for the business person that isn't an IT person necessarily, how important is it for them to look at frameworks like Cyber Essentials or ISO 27001?

SPEAKER_00: 21:39

for several reasons it's really important I'm Personally, anyone that knows me knows I love a good framework. And I'll explain some of the reasons why I'm there as well. If you're an organization, especially in the UK market, you should be looking at cyber essentials without shadow of a doubt. And it's good. It's a good first step. It makes you think about your organization. So when you look at a framework, and for those people listening who probably think of a framework as like, oh, I have to become compliant. What books do I need to take? How much Work is going to cost me. Change the thought pattern around to this is going to help me as a business. It's going to put a stake in the ground to understand how mature I am right now. It's then going to give me an aim to something I'm aiming for because I want to become compliant. It's going to open up some doors. When you look back into your own organization as well, a framework is also good for those of you who have to go through a budgeting purpose. When you've got to go through, you've got to ask for budget. For those of you who have to go to a finance committee to get things signed off, sometimes see cyber like an insurance policy. Well, I'm paying all this money. Why? Someone will be saying, well, I paid all this money. What's happened? I haven't seen anything. Well, that's because it's probably working for you and you're not having an issue because you've got this in place. What it allows you to do is quite clearly map on a framework and say, this is where we are now. And if you give me X amount of money, we'll jump to this stage. When I've completed this, give me a bit more money. So it shows how you're going to become mature across a framework that is well known out there in the industry. So they're the reasons I love a good framework because I think it really helps organizations. For those who don't know what good looks like it helps them understand what good looks like and it also helps them prove back to the business how they're moving through the maturity model as well on the side of it so yeah i absolutely i absolutely love them love compliance with frameworks

SPEAKER_02: 23:38

and and certainly for if you want to get cyber insurance they're just uh yeah you've got no choice if you want to work with government you've got no choice but yeah we have worked We worked with one company that was very keen to get their cyber insurance, but they were trying to do as little as they could to get the tick in the box. And we were trying to persuade them, if you go the extra couple of percent, it's really worth it.

SPEAKER_00: 24:05

Definitely. I mean, interestingly, the point that you make, because we've actually seen and worked with across kind of our global reach, we've worked in certain areas of the world where companies where cyber insurance and people are taking it out, with them proving that they've put a framework in place to follow the framework and we've showed where they're up to and where the risk is and so on and so on, they've only actually seen a decrease in their premiums. So they've, I think at one point we had up to 25%, but on average we've seen up to about 10% of premiums will drop when you present and say, well, this is where I'm at, this is what I've taken, I've been assessed against this, and this is where I'm at right now. And the cyber insurance company is like, okay, so great. know as opposed to the old as we know this in in our uk markets is when we get asked about a five locked mortis door if you're doing home insurance it's very it's kind of sort of similar in a way and saying hey here's a framework and that's where i'm locked against it that'll help you with your premiums as well so it can reduce cost

SPEAKER_02: 25:01

and i just want to ask a couple of questions that are more sort of about you phil and you and you at work um so can you Has there been a standout moment in your career where you really felt what you've done has made a difference?

SPEAKER_00: 25:16

There's probably been a few over the years is where we've actually helped customers. So we're sat with a customer, really understood their requirements, helped them put a solution in place. And then over the period of the contract is then seeing the thwarted attacks that have actually tried to help on that customer. And that just gives you comfort that, you know what, we've done this, we've stopped this, this didn't materialize or move or evolve into something else. And that's always a really great feeling when you work with customers as well. I think with other customers as well, especially long term customers, I think you'll feel this the same is as they go on to that. the business evolution so watching them grow from the revenue point of view from the size and point of view you know for now you're moving from one builders the next building and your technology choices and the cyber security that we put in places move with them as well it's always been nice to see those businesses actually grow and be on those really long journeys which are multi-year journeys with organizations as well so things like that is good um and probably finally is is over my career is uh because you got to be careful don't go to touristy you appreciate, but actually being involved with a great team of individuals that have, when a customer has had an issue, is getting a forensics team involved, a dis-forensics team involved, and then actually being able to hand evidence over to police force and actually then hearing around successful convictions at the end of it as well. So yeah, after long investigations and doing things like that, that's where you kind of feel like we added something to that. Not only did we helped the organisation get back up and running, but we also provided enough evidence that we collected during our investigation to actually put people behind bars as a part of a successful investigation.

SPEAKER_02: 27:06

We get work experience, students come to us and then we also have people join on our service desk that aren't necessarily from a technology background and learn it. And if they want to go into technology, It's IT security all the way. Everybody wants to work in IT security. I don't, but a lot of the youngsters do. What advice would you give someone who wants to have a career in IT security?

SPEAKER_00: 27:32

So I think if you look at– the probably best thing to kind of relate to is if you look at our SOC. So we have two SOCs. We've got one over in Canada in a place called Waterloo, and we've got one in Cork and Ireland. And I spend quite a lot of time to where I'm based at the one over in Ireland. And if you kind of look at the hard work they do, And they build a really diverse team of individuals within the SOC that they've actually got, which really helps innovation, creativity, and also analytical behaviors as well. So anyone who wants to get into a career is you don't necessarily, you know, an education, university education is great. You know, we take quite a number of intake every single year from local universities where our SOCs are based. In fact, in one of the SOCs in Ireland, we actually provide a bursary each year. So we actually provide pay for students each year to come to actually go through the course things like that as well but you know interesting stories when i went to talk to the staff over there and the people that had the sock up you know when they're interviewing the i think they were the other 12 months ago they interviewed someone who's a carpenter but when they spoke to the individual just because of the way they thought and the logical thought pattern they had and things like that they're like This is great. We'll bring you in. We'll train you up. So I always talk around skill and will. Having skills is great and really helps out. But if you've got the will to learn and to do your own research and to really analyze and dig deep into things, that's a really good starting point. So don't worry too much about it. It's good to have basic understanding of IT infrastructure and IT networks so it plays well. But there are a lot of positions where you can get into an organization. But if you are going into an organization, a cybersecurity to your organization, you probably want to ask questions around, how am I going to be mentored? How am I going to be developed over that period of time? Because that's really key and critical to you as an individual, because that's what you want. You want to go in, you want to grow your knowledge out as well. And again, it's critical. We have a great development path for all of our staff that come through, whether you're in sales, whether you're in a technical role, a delivery role from there. But I would not shy away. I mean, there is a skill shortage in cybersecurity right now. So it's a really good time to get in and to look at it. But there's a lot of cybersecurity companies out there. Have a look. They all have career sections on their website. They're always really interested to take on new people as well for that side of it. And don't worry too much about having a lot of experience if you're just starting out.

SPEAKER_02: 30:04

Thank you, Phil. Thank you. And it sounds like you've got the same recruitment as us. We call it attitude and aptitude. I think it's the same thing. So we're saying, have they got aptitude. Have they got the right way of thinking to do technology, problem solving, logical, keeping, you know, all of that stuff. But have they got the right attitude? Are they going to be learning and they're going to be developing? Are they good in a team? Are they good in the pressure? Those sort of things. So, yeah. And we don't look at, we don't look at qualifications. We look at, are you the right person for us? A very, very similar recruitment way. My My final question to you is, we believe good IT enables people to do their best work. Without good IT, it's really difficult to be successful. How does cybersecurity play into that, especially for businesses really trying to make a difference?

SPEAKER_00: 31:02

Yeah, so I think if you kind of look where security plays in it, it's kind of similar in terms of, you know, if you put a great, you know, if you give someone a laptop and that laptop is efficient, it works effectively, it's set up perfectly on day one, it kind of gives that great impression. Similar to cybersecurity, you know, you want to make sure if people are working for an organization, they need to feel secure because there's nothing worse than if you're sat in an organization and the next minute you get called into a meeting room to tell I'll do that. Sorry, I'm going to have to send you home today because ransomware attacks happen. And then you find out not only has a ransom attack happened, but all your personal details, sorry, have gone as well. That's not going to give you the greatest impression of the organization you've walked into. So, you know, one thing to do is, as you say, is making sure that, again, I think we touched on it earlier on, that cybersecurity is not going to be a problem for people working in organizations. They should see it as something that's advantageous to them. We see that as in security doing good in terms of organizations where we help things like, you know, fishing exercises in place, tabletop exercises in place, so they know how to react in that kind of level. If you kind of then look at some of the other work we do around some charitable organizations and things like that out there, you know, one of the things I remember, and this was a while back, so it's always stuck in my head when working with charitable organizations and even education establishments as well, is that People often in charitable, they're making donations. There's a lot of the big charities out there. They have a lot of big donors. They have a lot of smaller individual donors. And that money they receive, they take some of it for operating costs. And then the chunk of it they take and they donate out to do goodwill. And there's nothing worse than the way me feel worse is the fact that all that good money that they've been out there collecting, doing events for, has to unfortunately be spent on a ransomware or being spent on services to recover. because they had an incident. And that's why ensuring that security in your organizations that are doing good out there is absolutely critical. Because as we said earlier on, it doesn't matter what type of organization you are, it's not like people leave you alone. Although you do hear about the stories where some charities that have been accidentally hacked into part of the automation, where threat actors have actually just said, okay, here's the key, we'll go away. But, you know, it doesn't always happen. So all that hard-earned money should be pumped into helping them do well as opposed to going back. The other thing you do find within a lot of organisations, charitable organisations, is what we call high-profile, high-profile individuals that put their name to that organisation and really, again, help with donations either through themselves or by using their name and their networks to help. And again, it's making sure that that's all protected as well. So the money goes in the right place and goes to the people that need it, as opposed to going out to threat actors who have initiated a ransomware attack.

SPEAKER_02: 34:03

Phil, this has been brilliant. I've really enjoyed our talk. I've learned loads. I always enjoy talking to you, but it's been really, really helpful. So if you're listening and you want to learn more about how to improve your organization's cyber resilience, you can download our free guide and the link will be in the show notes. But you can also find both Phil's and my LinkedIn profile links. So thanks very much for joining us. And please do subscribe to hear our next episode.