By Glen Williams, Cyberfort CEO

---

In today’s rapidly evolving and complex threat environment, the cybersecurity industry is reaching a point where scale, comprehensive capabilities, and agility have become essential for protecting businesses. Cyberfort’s recent acquisition of ZDL Group demonstrates more than just business expansion – it points to a fundamental shift in how cybersecurity services must be delivered to meet today’s demands and challenges. 

The need for consolidating security services 

The cybersecurity sector has always been known to operate fragmentedly; primarily due to the nature in which the industry has evolved. For example, as new digital technologies and platforms developed, more specialised security challenges emerged that required highly focused expertise. This led to a surge of niche providers with very specific deep technical knowledge including network security, endpoint protection, identity management, cloud security and so on. 

While a specialised approach of course has its merits, it also creates significant challenges for businesses trying to maintain comprehensive security postures that cover all the security bases required through multiple vendor relationships. The result of this subsequent fragmentation does cause some problems in terms of gaps in security measures between different providers. This in turn creates inconsistent security approaches for businesses whereby internal resources are drained by having to manage multiple security relationships – and maintaining visibility across the security landscape becomes increasingly difficult. Our strategic acquisition of ZDL Group directly addresses these challenges by creating a more comprehensive, end-to-end security ecosystem where clients can access multiple capabilities through one single, trusted relationship. 

The scaling advantage 

Scale in cybersecurity delivers advantages that smaller, more specialised providers can’t match. Our expanded team of over 40 additional cybersecurity professionals from ZDL will bring diverse experience across sectors and different types of attack techniques, creating a powerful knowledge base that benefits our clients through broader threat intelligence. 

By bringing together Cyberfort’s existing strengths with ZDL’s expertise in penetration testing, ethical hacking, and specialised training, we can now deliver seamlessly integrated security programmes to strengthen businesses overall security postures – rather than disconnected services. Greater scale also provides the resources to invest in developing proprietary security methodologies and platforms like ZDL’s Vendor supply chain risk management solution, which will enhance our innovation capacity. The combined entity serves clients across borders while maintaining the agility and responsiveness that businesses need from their security partners, offering international reach with local expertise. 

Looking to the future 

As we integrate ZDL’s capabilities and continue our strategic growth trajectory, we’re focused on creating a new model for cybersecurity service delivery – one that combines the comprehensive capabilities traditionally associated with large global providers with the agility, innovation, and client focus that independent specialists are known for. 

This hybrid model represents the future of cybersecurity services – scaled enough to deliver comprehensive protection but also agile enough to adapt quickly to emerging threats and evolving client needs which in today’s landscape is ever-changing at pace. 

By becoming one of the UK’s largest independent cybersecurity providers, we’re not just growing a business – we’re reshaping how cybersecurity services are delivered to create more resilient businesses in an increasingly complex threat landscape. 

The cybersecurity industry is consolidating for good reason. Scale, when properly leveraged, creates better security outcomes. Our acquisition of ZDL Group represents our commitment to leading this transformation for the benefit of our clients. 

Download the Cyber Defense Magazine here and find our feature on page 267 – 269.

Glen Williams, Cyberfort CEO speaks about how we embrace neurodiversity in the Cyber Security industry

11^th april 2025

As the cybersecurity industry faces unprecedented challenges – with approximately 1.5 million attacks occurring globally each day and increasingly sophisticated AI-driven threats – we simultaneously confront a persistent skills shortage. This paradox presents a critical question: how can we defend against escalating threats with insufficient talent? 

The answer may lie in a resource many organisations consistently overlook: neurodiverse talent. 

At Cyberfort, we’ve discovered that embracing neurodiversity isn’t just a social responsibility initiative – it’s a competitive advantage that directly addresses our industry’s most pressing challenges. The unique cognitive approaches and exceptional pattern recognition abilities often associated with neurodiversity align perfectly with the skills required for effective cybersecurity work. 

The Perfect Match: Neurodiversity & Cybersecurity 

Neurodiversity encompasses conditions including autism spectrum disorder, ADHD, dyslexia, and others that represent variations in how the human brain processes information. These differences – far from being limitations – often manifest as heightened abilities in critical cybersecurity functions. 

In penetration testing and SOC analysis particularly, neurodiverse team members frequently demonstrate exceptional attention to detail, pattern recognition capabilities, and persistence that their neurotypical colleagues may not possess in equal measure.

These individuals can identify vulnerabilities and detect anomalies that others might miss – a crucial advantage against adversaries using increasingly sophisticated techniques. 

This is why neurodiversity initiatives shouldn’t be classified merely as diversity programmes. They represent access to specialist skills that directly improve security outcomes. In an industry where overlooking a single vulnerability can lead to catastrophic breaches, these cognitive differences translate into tangible business value. 

From Concept To Implementation 

Transforming neurodiversity from concept to operational reality requires practical adjustments that remove barriers without lowering standards. At Cyberfort, our approach includes: 

Rethinking recruitment: We send interview questions in advance, allow candidates to turn cameras off during video interviews, and focus on skills demonstration rather than social performance.

Workplace accommodations: Creating flexible environments where colleagues can step out of meetings when needed without stigma, offering noise-cancelling headphones or quiet spaces, and providing clear, direct communication.

Career development: Establishing specialised development paths that capitalise on unique strengths while providing support for areas of difficulty. 

These changes haven’t required massive investment or organisational overhaul – just thoughtful consideration of how traditional workplace practices might inadvertently exclude exceptional talent. 

Learning From Global Approaches 

The UK has significant room for improvement in how we identify and develop neurodiverse talent. Other cultures often do better at recognising these differences early and directing individuals toward fields where their unique abilities can flourish rather than attempting to make everyone conform to a single neurotypical standard. 

The Buckland Report, published approximately a year ago, offers valuable recommendations for employers seeking to better employ neurodiverse people. Its evidence-based approach provides a roadmap for organisations looking to implement effective neurodiversity programmes. 

Beyond Social Responsibility 

While the social benefits of neurodiversity inclusion are significant, the business case is equally compelling. In an industry facing critical talent shortages, organisations that effectively tap into neurodiverse talent pools gain access to capabilities their competitors lack. 

Our experience at Cyberfort demonstrates that meritocracy and inclusion aren’t competing values – they’re complementary. In many cases, the best people for cybersecurity roles are neurodiverse. 

The Path Forward 

As cyber threats continue evolving in complexity and scale, particularly with AI driving exponential growth in attack volumes, the need for diverse thinking in our defensive capabilities becomes increasingly critical. Organisations that successfully implement neurodiversity programmes will find themselves better equipped to meet these challenges. 

For the cybersecurity industry and UK businesses more broadly, embracing neurodiversity represents both an ethical imperative and a strategic opportunity. By removing unnecessary barriers to neurodiverse talent, we expand our collective defence capabilities while creating more inclusive workplaces. 

In the race to secure increasingly complex systems against increasingly sophisticated adversaries, neurodiversity may prove to be the advantage that makes the difference. 

Written by Glen Williams, Cyberfort CEO

10^th april 2025

It’s not just about doing the right thing – it’s about building stronger technical capabilities.

In an industry facing a persistent skills shortage, cybersecurity companies cannot afford to overlook any potential talent pool.

While many organisations implement diversity, equity, and inclusion (DEI) initiatives as broad compliance exercises, at Cyberfort, we’ve taken a more strategic approach by specifically championing neurodiversity – not just as a social good but as a competitive advantage that strengthens our technical capabilities.

Neurodiversity and Merit: Perfect Alignment

I fundamentally believe in meritocracy. I don’t care about someone’s background, gender, or physical attributes; I care about who’s best for the job. That’s precisely why neurodiversity is so important to us: by creating specific accommodations for neurodiverse talent, we’re accessing an exceptional talent pool that others might overlook while simultaneously addressing the industry’s persistent skills gap.

This approach isn’t at odds with merit-based hiring – it enhances it. Without neurodiversity initiatives, many exceptional candidates might never make it through conventional recruitment processes despite possessing the exact skills we need. Traditional interviews often filter out candidates who think differently, even when those differences represent valuable cognitive advantages in cybersecurity roles.

Consider penetration testing or Security Operations Centre (SOC) analysis, where unique cognitive approaches and exceptional attention to detail can make the difference between detecting or missing a sophisticated threat. Many neurodiverse individuals excel at pattern recognition and logical thinking and can focus intensely on complex problems – precisely the skills needed to identify vulnerabilities and anomalies that neurotypical analysts might miss.

Business Impact in Technical Cybersecurity Roles

The business case for neurodiversity in cybersecurity is compelling. Unlike generic DEI initiatives that many companies adopt, we’ve deliberately specialised in becoming leaders in neurodiversity employment. This isn’t just about inclusion – it’s about accessing unique skills that drive better business outcomes.

There’s a reason why many successful entrepreneurs and innovators have ADHD or some form of neurodiversity. The unique thinking styles and problem-solving approaches that come with neurodiversity are particularly valuable in cybersecurity, where unconventional thinking can identify vulnerabilities that others miss.

As cyber threats become increasingly sophisticated, especially AI-driven threats like deepfakes, this cognitive diversity becomes a crucial defence mechanism.

At Cyberfort, we’ve seen tangible benefits from our neurodiversity initiatives including:

Enhanced threat detection capabilities through diverse cognitive approaches

Improved pattern recognition in identifying anomalous activities

Greater innovation in developing security solutions

Reduced skills gaps in critical technical areas 

Increased retention in roles that benefit from deep focus and specialisation

By implementing specific accommodations – such as sending interview questions in advance, allowing candidates to turn cameras off during interviews, and creating flexibility for neurodiverse colleagues to step out of meetings when needed – we’re not lowering standards; we’re removing arbitrary barriers that have nothing to do with job performance.

Neurodiversity Within the DEI Framework

As some organisations reassess their DEI strategies, there’s a risk of abandoning valuable principles while addressing legitimate concerns. While certain DEI initiatives might be perceived as ideologically driven, neurodiversity programmes deliver clear performance benefits that align perfectly with merit-based principles.

The key difference is in how we frame and implement these initiatives. Where many companies implement DEI initiatives as compliance exercises, we’ve taken a more targeted approach that directly enhances our technical capabilities. By focusing specifically on neurodiversity, we’ve created both a more inclusive workplace and stronger security solutions for our clients. It’s a win-win that delivers a measurable business impact.

This doesn’t mean abandoning the broader principles of inclusion, but rather focusing on aspects that directly benefit performance. The Buckland Report provides excellent recommendations for employers looking to better employ neurodiverse people. We’re implementing as many of these as possible because we recognise that the UK needs to do better at getting the best out of neurodiverse talent.

It’s not just about doing the right thing – it’s about building stronger technical capabilities.

Many cultures around the world embrace neurodiversity better than we do in the UK. While our education system often tries to make everyone ‘neurotypical,’ we’re missing opportunities to develop specialised talents. In cybersecurity, these unique cognitive approaches are exactly what we need to stay ahead of increasingly sophisticated threats.

The Future of Technical Talent

As the cybersecurity landscape evolves, the organisations that thrive will be those that can harness diverse thinking to combat diverse threats. Neurodiversity initiatives represent a strategic approach to talent that goes beyond traditional DEI frameworks, focusing specifically on cognitive diversity that drives technical excellence.

By prioritising neurodiversity within our talent strategy, we’re not just being inclusive – we’re building a more capable, innovative, and effective cybersecurity organisation. In an industry where thinking differently isn’t just valuable but essential, neurodiversity isn’t optional – it’s a competitive necessity.

Acquisition strengthens Cyberfort’s ‘buy-and-build’ strategy to significantly grow revenue and become the largest independent UK-based Cyber Security service provider within the next three years.

8^th April 2025

Cyberfort, a leading Cyber Security services and solutions provider, today announces the acquisition of ZDL Group. The acquisition is part of Cyberfort’s ongoing ‘buy and build’ strategy as it looks to accelerate growth over the next three years to become one of the largest independent Cyber Security providers in the UK.

ZDL provides a comprehensive range of Cyber Security services to the UK market, including managed security services, penetration testing, ethical hacking, and bespoke Cyber Security training.

With an international, multi-sector customer base exceeding 120 clients and a team of over 40 highly skilled Cyber Security professionals, ZDL’s acquisition significantly expands Cyberfort’s reach, enhancing its ability to serve commercial customers both within and beyond the UK.

Glen Williams, CEO, Cyberfort, said:

“This is an important step on our journey as we look to grow our footprint and scale in the Cyber Security market. ZDL is a great fit for Cyberfort as it has a very strong pedigree for delivering agile, responsive security services including Penetration Testing, Information Security Reviews and Supply Chain Risk Management through its Vendoor platform. It also has an impressive customer base. ZDL will integrate very easily with our existing business.

“This acquisition will perfectly position Cyberfort to accelerate its market share growth in the UK and internationally, through organic growth and further strategic acquisitions. We’re very excited by the opportunities ahead.”

Kevin Roberts, Managing Director at ZDL Group added:

“Joining Cyberfort means ZDL customers will have access to a wider range of Cyber Security services to keep their businesses secure, resilient and compliant in an ever changing and complex Cyber Security landscape. When we learned of the growth plans for Cyberfort, as part of its strategy of becoming one of the largest UK based Cyber Security service providers, we decided that the perfect partner for our business would be Cyberfort. We’re very pleased that Cyberfort will continue to provide the highest levels of innovation and service to all of our valued customers and stakeholders.”

Rob Vann, chief solutions officer at Cyberfort, explains how AI is fundamentally changing the threat landscape for cloud environments.

31^st march 2025

How is AI fundamentally changing the threat landscape for cloud environments?

This is an interesting question as, of course, AI is a tool that is useful to both good and bad actors. For now, let’s assume we’re focussing on the bad.

Targeted threats have always been more successful (and more expensive) than mass attacks. AI contributes to combining the scale and cost of a mass attack with success more aligned to the targeted approach. Specifically in the cloud world, there are multiple techniques where AI can ‘add value, complexity, and ultimately a more successful outcome to an attack. 

These include simple techniques (such as AI used to populate brute force attacks, or Generative AI used to support targeted access requests) through adaptive malware, with AI asked to rewrite code to bypass any or other detections, the more direct use of AI to detect and leverage vulnerable systems, or identify and exploit organisation level misconfigurations through scanning, probing and researching at speed (though perhaps more concerningly it can also apply the same speed and techniques to shared cloud or multi use APIs for example, compromising large scale one to many systems. 

AI can also be used to support more targeted approaches, its speed and ability to process data compressing attacks, and their outcomes, for example automating lateral movement, persistence and privilege escalation techniques, enabling attackers to quickly identify and acquire high value data in large cloud storage environments, or editing log files/manipulating other data to hide the breach and hinder its investigation.     

To what extent do you think traditional cloud security approaches are becoming obsolete in the face of AI-powered attacks?

The previous answer goes some way to support this, Cyber Security has always been a playing field biased in the attacker’s favour, with the attacker only needing to succeed once, and the defender needing to succeed every time.

Much of the traditional cloud security approaches are not aligned to the scale, speed of execution, and complexity of AI driven or supported attacks. Perhaps more importantly much of the benefit that people gain from Cloud environments is supported by “good enough” security measures, with point in time security coming after deployments – and a high dependence still maintained on human factors.

Traditional approaches often rely heavily on static defences, such as perimeter-based edge protection, fixed rule sets, and predefined access controls. These approaches are designed to guard against known attack vectors and assume a relatively predictable threat landscape. Coupled with reactive specialist resources that need the timeframe of a human interaction to respond to the threats, our AI compatriots’ eyes are starting to ‘light up’ at the possibilities for causing mayhem.

Attacks that previously took days of careful structure and planning are now executed in seconds. While legacy defences “could” in theory address this – if everything was patched and configured correctly all the time, and all resources acted perfectly all the time, and nothing was dependent on a third party or supply chain ever, then there might be a chance for example. The real world of security is very different to this nirvana.

To update a legacy piece of advice “you don’t have to be the fastest to get away from the bear, you just have to not be the slowest” in an AI attacker fuelled world, potentially there are 1000 faster, stronger, more aggressive cockroach sized bears chasing every customer at the same time. You probably won’t even see them before they take you down.

What practical strategies do companies need to adopt to stay ahead of emerging threats in the cloud?

Just like the bad guys, you can augment your defences with AI power as well.

But let’s start by doing the basics well, move what you can to automation (for example utilising infrastructure as code, and pipelines with automated testing to remove human configuration errors or complexities, automating the execution, validation and segregation of backups, and continuously testing for exploitability of core systems). Then let’s move to a focus on the surrounding factors (such as identity) that are often required to breach your systems and become more aggressive in containing and isolating suspect engagements. Work to the principle of “assume breach” segregate and aggressively monitor and respond to core systems, removing suspect access to enable time to investigate and then restoring it if benign. Plan and think of how you keep critical systems operating during these periods, so your services continue even if a key person or systems access is temporarily revoked.

With all this AI talk it’s important to not totally discard the human factor here. A key emphasis should be establishing comprehensive, continuous learning programs to equip your security teams with the knowledge and expertise needed to understand and combat AI-powered threats.  By fostering a culture of ongoing education, organisations can ensure their teams stay ahead of the evolving threat landscape and are prepared to counter sophisticated attacks that exploit AI and machine learning technologies.

Then let’s start to add in some of those AI level defences

Firstly, use AI to build proactive defences, building a generative AI (please don’t use public systems, you’d be training them on how to attack you) or find an evidenced secure partner who can train and align a private generative AI to support you and simply ask it how it would attack you, and plan your defences accordingly. Remember to evidence the removal of your data and learning from the partners system and validate their security before sharing data. This will deliver value in aligning your defences and validating your controls in a digital twin environment.

Secondly, implement continuous cloud posture management to flag any errors or misconfigurations in near real time drive take advantage of AI to drive your detections. Machine learning to generate anomaly information provides a rich source of ‘things that could be bad but are definitely different” to sort through the noise of millions of events to find the 10 that are useful.

Thirdly, use AI to drive response actions, this is the final state, and should be planned and approached with care, as active automated response can impact business and continuity, however assuming breach, removing misconfigurations, containing (and releasing) assets to provide time to investigate, validate and release benign activities.

As always security is a double-edged sword, the way to make things most secure is to switch them off and decommission them, however this obviously means you can’t realise any business value from the asset. These types of attack require a different approach of implementing zero trust and continuous CSPM with automated responses, if done properly, it will give you the best of both worlds, response to AI driven attacks at AI scale and speed, but if done without thought, planning and expert, experienced support and knowledge it will potentially create significant business issues.

Are there any real-world examples you could share of how organisations are successfully adapting?

Recently I worked with a customer who had undergone an incident. After the DFIR engagement, they asked us to look at maturing their defences, we helped them to safely take the following actions:

Migrate identity controls for cloud platforms to their corporate IAM system through the use of a PAM solution. This meant that the policies, monitoring and (after planning and testing) were consistent across the organisation) automated responses were consistent across all environments

Integrate testing and remediation into their build pipelines (mitigating the risk of deploying exploitable code).

The integration of their production environment, with the exception of some critical systems that served customers, into the SOAR (security orchestration automation and response) and the building of appropriate playbooks to contain (and release) suspect assets and resources.

The deployment of continuous CSPM (cloud security posture management) which was later automated to remediate >90% of issues automatically in real time

The extension of their EDR tooling into the production environment

Further training for their resources, including sessions specifically focussed on developers, architects and real life deep fake video examples for the entire business.

Navigating the Ever-Evolving Threat Landscape By Glen Williams, CEO, Cyberfort

Cyber Defense e-Magazine (https://www.cyberdefensemagazine.com/ ) – January 2025 Edition

As we look ahead to 2025, the world of cyber security is set to undergo significant changes. Attackers are becoming increasingly more sophisticated with the use of AI, making phishing emails even more convincing and enabling the daunting creation of cloned personal identities. 

This shift from traditional identity theft to much more complex techniques poses new challenges on both individuals and businesses. Additionally, the landscape of identity and permissions management is evolving, underscoring the importance of a proactive and comprehensive approach to cyber security. This includes leveraging advanced technology, maintaining continuous monitoring, and fostering a strong culture of security awareness within organisations. 

By understanding these emerging threats and preparing accordingly, we can better protect our organisations and ensure a safer digital future. But what will those key trends be as we enter 2025 and how we can all stay ahead of the threat in this ever-changing digital world? 

Human Error to Increase as Attacks Get “Less Dumb” 

In the past six months, we’ve seen an alarming increase in the use of generative AI by attackers, mirroring techniques that achieve 80% success rates in real world testing. This technology is being leveraged to craft highly targeted phishing emails, integrating social media and work personas to deceive recipients more effectively. Additionally, the use of deep fake technologies to clone senior individuals and demand tasks to be completed has become more prevalent.  This combined with machine learning will provide attackers with ‘more likely to succeed’ target lists in 2025, which we will then start to see offered at a premium through marketplaces and associate programs. As attacks become more sophisticated, the margin for human error will increase, making it crucial for organizations to enhance their security measures and training programs. 

Identity Theft to Be Replaced by Cloning 

2024 saw a significant rise in the use of Open-Source Intelligence (OSINT) and advanced data tools to create clone identities. This trend is expected to continue into 2025, posing a major challenge for identity verification processes.  As these cloned identities grow increasingly comprehensive, verifying legitimacy and ownership will become more challenging. Even traditional challenge-response methods may fail, as both the original and the clone are likely to provide accurate answers. Continuous and rigorous monitoring of identities will be essential to detect and mitigate these threats before they cause harm. 

Evolution of Identity and Permissions 

The concept of ‘zero trust’ has been a hot topic in cybersecurity discussions. However, most organizations are still in the strategy development stage and have not fully implemented zero trust across their IT environments. Even those that have adopted a zero-trust strategy often have not extended it to their cloud and SaaS environments.  As we move into next year, we will start to see hidden permissions assigned manually or explicitly at the account level, becoming an even bigger opportunity for attackers. Attackers will focus on these exceptions, leaving organizations vulnerable despite a 98% success rate in other areas.  Moreover, the complexity of modern IT environments, with a blend of on-premises, cloud, and hybrid infrastructures, adds to the challenge. Organizations must ensure that their zero trust policies are comprehensive and cover all aspects of their IT landscape. This includes continuous monitoring and validation of user identities and access privileges. Additionally, the integration of zero trust with other security frameworks and tools will be crucial in creating a robust defence mechanism. As cyber threats evolve, so must the strategies to counter them, making zero trust an ongoing journey rather than a onetime implementation. 

Preparing for the Future 

To prepare for these evolving threats, organizations must adopt a proactive approach to cyber security. This includes investing in advanced threat detection technologies, enhancing employee training programs, and continuously monitoring and updating security protocols.  The key to staying secure in 2025 will be a combination of advanced technology, continuous monitoring, and a culture of security awareness within organizations. By understanding these predictions and taking proactive steps, organizations can better protect themselves against the sophisticated threats that lie ahead.