The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

The episode is dense with practical distinctions (controls vs. defense-in-depth, patching not proving no prior compromise, scope boundaries) and memorable reframings, though much sits at the level of solid intermediate advice rather than genuinely novel insight for a sophisticated operator.

“Patching isn't a time machine. It closes the known hole. It doesn't prove nobody walked through it yesterday.”

“If your report can't tell the difference between busy and dangerous, it isn't security reporting. It's confetti.”

The 'firewall worship' critique and defense-in-depth framing are well-trodden in security, but the episode adds fresh, vivid framing (watermelon dashboards, the KEV-vs-CVE distinction, MSP accountability scripts) that elevates it above recycled takes.

“watermelon dashboard. Nice green and smooth in public, but scratch the surface and it's red and sticky”

“Green dashboards are bedtime stories with traffic lights.”

This is an in-house roundtable of show personas (claimed 40-year veteran, former gov cyber analyst, accountability lead, etc.) rather than external practitioners; credentials are asserted but no guest demonstrably 'did the thing at scale' beyond one anecdote.

“I'm Noel Bradford. I've spent more than 40 years in technology”

“I'm Moven McLeod, former UK government cyber analyst”

Strong on concrete CVE counts, named survey statistics, a specific field anecdote with model and dates, and named vendors; somewhat weakened by reliance on a single real-world example and round 'tilde 50%' guesses.

“Fortinet has had 81 CVEs since January 1st, 2026... an average of three point something a week”

“a very old, like pre-COVID era Linksys router... gone full end of life in 2021”

The roundtable deliberately builds in challenge and steelmanning ('What does my argument risk getting wrong?'), which is better than a softball PR chat, but the disagreement is scripted and self-affirming rather than genuinely adversarial.

“I want to challenge something. Go ahead, I'm all ears. You keep attacking dashboards and reports, but businesses do need reporting.”

“Right. I want proper disagreement. What does my argument risk getting wrong?”