The Engagement Paradox

By Amy Stokes-Waters | 2 February, 2026

On cyber awareness, and why it keeps failing. In cyber security, we bloody love the word “awareness”. It goes into strategies and programmes. We measure it. We report on it (kind of). We even dedicate a whole bloody month to it, worshipping the idea as if it’s an end state in its own right. And…

Read More

Attention Seeking B*tch

By Amy Stokes-Waters | 29 January, 2026

Why being an attention-seeker makes me better at producing outstanding cyber security training. Let’s get the title out the way first. I’ve been called an attention-seeker most of my adult life. Sometimes it’s affectionate. Sometimes it’s a joke. Sometimes it’s said with the full intent of landing as an insult and staying there. I’ve never…

Read More

Why We Occasionally Say Fuck

By Amy Stokes-Waters | 26 January, 2026

We like a well-timed F-bomb. I like them a lot, if I’m honest. Within our professional content, though, we use them sparingly and on purpose. You may have noticed. Some of you may hate us for it. We certainly hear about it. People comment. People talk. Which, frankly, is part of the point. We don’t…

Read More

We Don’t Protect Ideas. We Apply Pressure.

By Amy Stokes-Waters | 16 January, 2026

Most organisations talk about innovation like it’s a badge you earn once and pin to your chest forever. We’ve learned the harder, more honest truth. Innovation doesn’t survive on intention. It survives on challenge. That belief shaped how we build our board and why we built it to push back, not clap along. Most companies…

Read More

The Definitive CISO Gift Guide

By Amy Stokes-Waters | 3 December, 2025

You know how regular gift guides tell you to buy personalised wash bags, grooming kits, and drones? Yeah… no. This is for the people who spend their days blocking hackers, herding vendors, wrestling auditors, reporting to the board, and drinking strong black coffee because, let’s face it, decaf is for amateurs. Here are your go-to…

Read More

When Learning Becomes Real

By Amy Stokes-Waters | 24 September, 2025

There’s a particular kind of madness in the corporate world where we ask people to defend their company from sophisticated cyber criminals, then hand them a slide deck with clipart padlocks and a three-question quiz at the end. It’s the equivalent of teaching someone to defuse a bomb by reading aloud from a manual. And…

Read More

The Myth of “Not My Job”

By Amy Stokes-Waters | 8 August, 2025

The strange thing about security rhetoric is how quickly it slides into fantasy. A few LinkedIn posts, a handful of panel quotes, and suddenly we’re entertaining the idea that security is not everyone’s problem, that it belongs to the blessed few sitting somewhere between IT, compliance, and a metaphorical fucking fire exit. It’s a seductive…

Read More

Attention Before Awareness

By Amy Stokes-Waters | 27 January, 2025

The ignition point Attention. That’s the game. That’s the god(dess). And until we start worshipping it, every awareness campaign that we build will collapse under its own dullness. Cyber awareness isn’t failing because employees are careless, stupid, or “the weakest link”. It’s failing because we’re not competing for their attention. Not even trying, half the…

Read More