Category: Linkedin

The fifth gap we’re going to look at is around prioritising and taking action.

Clients tell us that they have so much data and results that it’s almost paralysing. The data should be the key that unlocks their ability to take risk, but instead it simply paints a terrible picture that ends up stalling progress.

What’s missing for many people we speak to? Insight. The data contains all the facts, but it’s knowing how to use that data. What is it really telling us? Where’s the biggest opportunity? What presents the biggest risk? Where should we start? Where should we focus?

This is somewhat similar to Gap 1 in some respects, but the specific customer conversation that sparked this post is a little different.

The customer in question had got on the front foot, taking the risk presented by Quantum Computers seriously. It had begun to survey it’s infrastructure and networks to form a picture of it’s use of different cryptography methods and algorithms. Which is something you should do by the way! (Talk to us at Taylor Harrow for help).

The problem was, the results of the scans were lengthy and complex. The client didn’t know how to turn this data into insight, and into action. Fortunately, Taylor Harrow can help to summarise complex cyber data, prioritise the findings, and collaborate with you on an action plan.

Taking acting to reduce Quantum Risk in your organisation is going to take some time, and it’s going to involve nearly every corner of your organisation. If you’re looking a hint on when you need to start your Quantum activities, the answer simply is now. Check out our Quantum Timeline should you need further background and persuasion.

If you’d benefit from some support from the team that’s able to translate data into insight, action and forward momentum, please get in touch via Linked In.

LINK – Taylor Harrow – Linked In or Mark Sones – Linked In

The fourth gap we’re going to look at is around customer opinion… and not the usual NPS kind of thing.

We’re all familiar with NPS (Net Promoter Score), and the associated customer satisfaction surveys. Oh, and the inevitable link to personal objectives/team scorecards and all that metrics nonsense. Am I the only person who marks everyone as a 7 just to wind them up? 😉

We’re not talking about that. We’re talking about the people who actually evaluate, buy, deploy and use your service, your product or your software! And the key people to get an opinion from might not be the people you expected.

The technical lead or technical leader closest to the PoC that’s evaluating or deploying your stuff has an incredible amount of sway over how an opportunity develops, or doesn’t. Their opinion and the opinion of their people is paramount. And most companies forget these people entirely, and only really hear from procurement, and CTO/CIO/CISOs.

The opinion of these people is important. They ultimately make the investment decisions, but their opinion is strongly informed by the people at the coal face.

Unfortunately, you’re unlikely to get much access to these people, ever. Or they are unlikely to be terribly honest with you. They are more likely to be highly guarded and reserving of their views, which they’ll only share within their organisation.

That’s clearly a problem, as this opinion is literal gold! And most organisations can’t hear it. I was speaking to a client last week, and they recognised this gap. And fortunately Taylor Harrow could help.

Taylor Harrow has some pretty unique experience and skills in it’s locker! Our team led Security Futures for BT, spotting future trends, positioning company wants with vendors/partners, and evaluating new technology…. both for BT’s own use, and for onwards sale at BT’s Go To Market Security Unit, a successful MSP in it’s own right.

We offer what we call a ‘Test Drive’ service. We answer the key questions:-

• How easy is it to understand, deploy, debug, consume and use your product?

• Does it do what it says on the tin?

• What’s our honest feedback on the experience?

• What slows implementation or could be a blocker in a large corporate enterprise?

We can help you with insight that will improve your product, your documentation, your communication, or your sales approach.

We can offer a straightforward evaluation and report, through to packages including social media commentary and so on.  We would jointly agree a technical/product scope, a set of aims, deliverables and a budget.  Then Taylor Harrow takes over and creates a target architecture, into which we deploy your product.

We evaluate every step from obtaining the software, reading the documentation, initial deployment, integration, testing, scaling and so on.  And you get the feedback and insight from a team with serious experience.

So if you’d like some support from the team that’s done this kind of thing for a living, or this is an area where your organisation could benefit from some help, please get in touch via Linked In.

LINK – Taylor Harrow – Linked In or Mark Sones – Linked In

The third gap we’re going to look at relates to the AI explosion that we’re all currently ‘enjoying’.

I say enjoying, when I probably mean enduring. Sure, there’s some great AI tools and models out there. The technology can do incredible things. But every bit of cyber tooling seems to be claiming it now includes the power of AI. Sometimes yes, I can see that AI is being used to good effect. But, often I’d proffer the opinion that the term AI only applies loosely.

So, this isn’t a gap that Taylor Harrow is going to have much of a role in closing. Simply put, we’re not going to stop people trying to sell snake-oil.

But, we do have fairly well attuned bullshit detectors, and strong experience in determining what works and what doesn’t, in some of the most complex environments.

What we CAN offer is our experience to help you run a proof of concept project…. Put the claims to the test, so to speak.

Taylor Harrow has some pretty unique experience and skills in it’s locker! Our team led Security Futures for BT, spotting future trends, positioning company wants with vendors/partners, and evaluating new technology…. both for BT’s own use, and for onwards sale at BT’s Go To Market Security Unit, a successful MSP in it’s own right.

So if you’d like some support from the team that’s done this kind of thing for a living, or this is an area where your organisation could benefit from some help, leadership or direction setting, please get in touch via Linked In.

LINK – Taylor Harrow – Linked In or Mark Sones – Linked In

The second gap we’re going to look at is potentially a new issue for many organisations. New, and critically important.

The world is waking up each day to unexpected advances in Quantum Computing. It seems that every week there’s a new announcement from a big player that tells us that things are accelerating. Recently that’s been about stability, scale, improved error correction, or indeed refined algorithms.

All up, Quantum Computers are already more powerful, capable and stable at this point in time that we had predicted. We’re doing more work with fewer Qubits, and the Qubits we have are more reliable. AND, the pace of change appears to be increasing. Oh, and there are at least 3 different technologies competing as the basis for those Qubits – so even if a brick wall is encountered on one technology, there are still 2 horses running!

This is likely to have a profound impact on the risk timeline… We all know that at some point Quantum Computers will be used to undermine large amounts of our current encryption methods. The maths used to make those encryption techniques work just isn’t difficult enough any more.

So, with an accelerating timeline, and an increased understanding that a massive existential scale risk is coming at us all, organisations are starting to take note and take action.

Well, some are. Those who are lucky enough to have the bandwidth, scale, or have an obvious role in one of their teams to take on the leadership and direction setting for the organisation’s response to Quantum Risks.

However, many companies don’t have that bandwidth, time, the obvious person/role, or indeed the skills. So that’s the gap. The need for an entire role, that doesn’t exist. The need to review, discover, plan, create policy, and drive change.

A way to satisfy that challenge could be with a Fractional hire. Call them your Chief Quantum Officer, or Quantum Steward. They can work 2 hours a week, or 2 days a weeks. They can get to know your organisation, your priorities, your specific risks, your technology, your aspirations, your direction, and plot you a course for the next 3-4 years, or just get you started and on the right path.

Here at Taylor Harrow, we have the expertise in house to be that Quantum Officer or Quantum Steward. And we’ll happily chat about it, and explore what you need and what might work for you.

If this sounds like an area where your organisation could benefit from some help, or you’d like a discussion to explore the possibilities, please get in touch via Linked In.

LINK – Taylor Harrow – Linked In or Mark Sones – Linked In

The first gap we’re going to look at is the gap that exists between the output of your favourite vulnerability scanning tool, and whatever process, person or tooling your organisation is using for remediation.

Some organisations have literally millions of open vulnerabilities reported by the scanners. It’s simply not humanly possible to action complete remediation across a dataset like that, when the reality of the organisation’s IT estate is likely to be complex, fragmented, and sometimes simply unpatchable.

I’ve seen organisations ‘start at the top’ and try to work down through the vulnerabilities or work in chronological order. That wouldn’t seem to make a lot of sense. Or I’ve seen organisations paralysed by the sheer volume and don’t know where to start. Or worse, I’ve seen organisations that know they have an issue, but simply don’t prioritise the remediation.

Sometimes this is simple delinquency. Sometimes it’s wanton risk taking. Occasionally it’s just being ill informed. “We have nothing connected to the internet, so we’re fine.” Mmm, so no interest in horizontal movement for actors already inside? No interest in insider threat, phishing, lost credentials, etc etc.

So how do you plug this gap?

Well, first, the dataset can be refined by severity. Organisations can set their own thresholds here, and begin to decide what their risk tolerance is.

Second, the dataset can be enriched with business application asset data (hopefully from your CMDB) to add context. What service or app does this piece of infrastructure underpin? How critical is it to our business? What are it’s points of interconnection? Is it exposed to untrusted networks or the internet? Does it contain any legacy or unpatchable infrastructure? What data does it host, how critical and how valuable is it? What regulatory regimes apply?

Third, the dataset can be sliced by platform, OS, OS version, kernel/patchset etc, to identify quick wins. For example, if eradicating a certain version of Windows Server gets you the biggest bang for your buck, then a focused project can be undertaken to look at upgrading those specific servers. Or patching can be mandated on a certain OS to a minimum level.

Fourth, the organisation needs to be encouraged to leverage this data in some way. Gamification works, with directors of various departments competing to see who can get their portion of the estate ‘cleanest’ the fastest. You might argue that gamification is just a modern way to say ‘name and shame’, and you’d kind of be right, but it can be positioned in a positive way. Businesses also need leadership on the issue. What’s our risk tolerance? What’s our stance? What’s our policy? What does good look like? Is this important?

I guarantee that if organisations work on their governance/leadership, agree a risk tolerance to severity, enrich their data to include context/criticality, and slice the data to allow sensible project planning around tech-refreshes and so on, it’s far more likely to make significant headway into really rather chunky numbers of vulnerabilities quite quickly.

Taylor Harrow has experience of having led exactly these kinds of initiatives, with >70% reduction in vulnerability risk delivered within 3 months. Every organisation is unique, so it’s the experience in making the right decisions that unlocks the ability to drive progress.

If this sounds like an area where your organisation could benefit from some help, leadership or direction setting, please get in touch via Linked In.

LINK – Taylor Harrow – Linked In or Mark Sones – Linked In

Quantum Risk? Need to build awareness in your organisation? Help yourself to our free one page PDF guide to give you an initial feel for the issues at hand. Obviously, we have loads more detailed help tailored to you.

LINK – Quantum Risk One Pager PDF

Checkout our current view (as of June 2025) on the potential timeline for Quantum Threats…. Find out when Q day is likely to be!

Kick off your organisation’s response and plans now. You only have 4 years!

LINK – Taylor Harrow Quantum Threat Timeline

Gaps. Gaps. Gaps. Gaps have come up three times today in conversation.

“We have a gap here”

“Nobody covers that gap”.

Well Taylor Harrow Ltd does. If we recommend an action, we will have the experience to know what to do with the data we collect, or how to interpret findings to drive decision making and priorities.

In the coming days I will post about some examples.

But if you’ve already got a gap you’re sick of staring at, message Mark or Taylor Harrow.