Archives for 2025

The 2025 Spending Review placed digital transformation at the heart of the Government’s long-term economic and national security strategy.

Chancellor Rachel Reeves covered AI capability, cyber resilience, as she set out funding for government departments over coming years. The funding covers day–to-day spending and capital investment on infrastructure projects.

The announcement was a significant moment for the UK’s cyber ecosystem, affirming its critical role and offering a new wave of opportunity for innovation, skills, and collaboration.

Ben Shorrock, UKC3 Director and Ecosystem Development Lead, and CEO at TechSPARK,  has been looking at the implications.

Cyber is central to Government transformation

The headline £3.25 billion Transformation Fund will drive modernisation across public services, with a clear focus on digital delivery, automation and security. 

Each Government department is now expected to deliver at least 5% efficiency savings, largely through digital transformation and enhanced cyber resilience.

This marks a fundamental shift – cyber security is no longer just a protective layer, it is now central to delivering a more efficient, agile state.

£600 million for Intelligence and Security

An additional £600 million has been allocated to the UK’s intelligence agencies. This includes £100 million specifically for cyber and national security institutions. 

The funding includes continued backing for the National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA).

This investment underlines the importance of maintaining and expanding the UK’s defensive capabilities in an increasingly complex threat landscape.

This is a clear opportunity for innovation and public-private collaboration in threat detection, resilience and critical infrastructure protection.

Building a digitally-skilled Civil Service

The Government has committed to making 1 in 10 civil servants a “digital professional” by 2030. This means embedding AI, cyber and digital capability across departments. 

This is a big ambition – and one that will rely on strong connections with the cyber ecosystem.

UKC3 and our partners already play a critical role in cyber talent development through programmes like CyberFirst, which we help support across multiple regions. 

As CyberFirst transitions into the broader TechFirst programme, we’re committed to building on that success – ensuring that cyber remains a core pillar of future digital skills delivery, and that regional clusters remain central to its rollout.

Digitising HMRC

A dedicated £500 million investment will transform HMRC’s services, with a goal of making 90% of interactions digital self-serve by 2029-30. 

Security, trust and data integrity will be vital to this shift – making it an important area for cyber innovators specialising in digital identity, fraud prevention and secure access.

AI Investment

The Government’s £2 billion AI Action Plan includes a 20-fold increase in the UK’s compute capacity, support for scaling AI companies, and the launch of a new UK Sovereign AI Unit.

While AI isn’t a cyber investment per se, its rapid adoption brings with it significant security challenges and opportunities. 

From securing AI infrastructure to addressing model vulnerability and misuse, the cyber sector will play a vital role in ensuring AI can be deployed safely, responsibly and at scale.

Long-term growth through R&D

With R&D investment rising to £22.6 billion per year by 2029-30, the Spending Review reinforces the UK’s innovation-first approach to long-term growth. 

Cyber security R&D – including secure-by-design technologies, AI safety, privacy-enhancing tech and threat modelling – must be part of this investment landscape.

An opportunity for UKC3 and the cyber ecosystem

The Spending Review places cyber at the heart of national strategy. 

To make the most of this, we must:

• Ensure regional cyber clusters are recognised as essential partners in delivery of public sector digital transformation
• Embed cyber capability and innovation into the UK’s AI and digital economy ambitions
• Build new pathways into cyber careers, particularly by supporting the successful transition from CyberFirst to TechFirst
• Help SMEs access funding and procurement opportunities emerging from this wave of public sector investment
• Champion cyber resilience as an enabler of productivity and economic growth, not just a compliance exercise

UKC3 is committed to leading this national effort. 

Through collaboration, innovation and a strong regional network, we will ensure the UK’s cyber sector continues to thrive, support national resilience and shape the future of secure digital infrastructure.

• Learn more about the convening power of UKC3.

A room full of women chatting, plotting, laughing and discussing cyber security. That’s not something we see very often, but at the Women in Cyber Networking Breakfast at CyberUK it’s exactly what we got. On day two of the National Cyber Security Centre’s flagship conference, this year held in Manchester, around 180 women and allies got together to join the growing communities that are helping women to connect with others, find mentors and friends, and progress their careers.

The event first took place in the ICC Wales. As founder of the Women in Cyber Wales network, I took the plunge and asked a representative of the NCSC whether I could possibly run one of my networking events as a fringe event at CyberUK 2022. I can remember taking the call confirming that a breakfast slot had been allocated to me, all I needed to do was provide a bit of narrative and our logo for the online programme. I was absolutely delighted.

That first event had around 65 attendees, and has grown year on year, and it is now established as a core part of CyberUK. As the Women in Cyber Wales network has grown into ‘Women in Cyber Unlimited’ so has the event grown, indicating that there isn’t just a desire for communities like this, there is a definite need. Women still make up just 17% of the cyber security workforce, so it’s important to provide opportunities for us to meet and build our networks. Not only that, it demonstrates the breadth of skills and experience women have in this space, and amplifies the importance of having a diverse workforce.

The theme of CyberUK this year was ‘Transforming Resilience, Countering Threats”and we can do that by being a more inclusive industry. I think organisations are much more aware of the importance of diversity now, but that still isn’t reflected in the numbers, particularly at senior levels.

The event itself was uplifting, warm and full of talent. After a couple of short presentations from Clare T, NCSC, Kirsty Miller from our sponsors, Lockheed Martin and myself, the room erupted into a buzz of noise. I was also thrilled that we were joined by Richard Horne, CEO and Felicity Oswald of the NCSC, and Anne Keast-Butler, Director of GCHQ. A number of people came up to me afterwards saying they had come to the conference alone, and now felt less isolated, that they had made a new connection, or that they had hatched some business collaboration, and that’s what it’s all about. Bringing people together, celebrating their contribution to the sector, whatever that might be, growing friendships and ultimately building a more resilient nation. It was a wonderful way to start the day.

Can you share an overview of your career journey and how you came into the field of cyber security?

After 28 years in policing, working across everything from frontline response to community engagement and project work, I made a move into cyber security. I joined Police Scotland’s Cybercrime Harm Prevention Team with no prior technical experience but a real appetite to learn. I am so glad I made the leap as I found myself in the heart of a welcoming, knowledgeable and collaborative cyber community here in Scotland.

From there, I went on to join the Cyber Strategy Implementation Team, helping shape the very first cyber strategy for Police Scotland. My focus was on prevention—working with the Home Office to develop a strategy aimed at identifying and supporting young people at risk of becoming involved in cybercrime and instead guiding them towards education, training and employment opportunities.

After retiring, I was offered a role at ScotlandIS to lead a project working with Managed Service Providers. We created the UK’s first Best Practice Standards Charter for MSPs—a community-driven initiative focused on securing the supply chain and promoting cyber resilience. Off the back of that, I was offered the role of Head of Cyber at ScotlandIS.
What motivated you to be involved with ScotlandIS?

No two days are ever the same at ScotlandIS. With a small team of 10, we juggle everything from running national clusters (Cyber, Data, MSP) to supporting startups, building the digital skills pipeline and delivering major events like ScotSoft and the Digital Tech Awards. It’s busy, but I genuinely love what I do and the people I get to work with.

Can you provide an example of a significant project or initiative you’ve led that had a substantial impact on your region’s ecosystem?

I’m especially proud of the charter work and of launching Cyber Pathways—a pilot project connecting students with real-life cyber roles and helping them visualise a future in this space. It’s now being rolled out more widely, creating direct links between education and industry.

What skills or knowledge areas do you think are key to being such a fantastic ambassador for ScotlandIS?

If there’s one thing I’ve learned, it’s that building strong relationships is key—Scotland’s tech community is small, but formidable. Knowing our members, their capabilities and helping connect the dots is how we continue to grow a thriving, resilient sector.

What are some of the biggest challenges you’ve faced working in such a fast growing organisation?

The biggest challenge? Time. There’s so much happening, so many opportunities and never quite enough hours in the day. But with great support from partners like UKC3 and an incredible digital tech community, we keep moving forward.

Can you share an overview of your career journey to date and how you came into the field of cybersecurity?

My route into Cyber Security wasn’t traditional, and my role itself isn’t technical. However, what many people don’t realise is that you can work in the cyber sector without being a technical expert. Every cyber security company, product, or service needs marketing—because without it, how do you connect with your audience? Like many others, I stumbled into the industry. At school, cyber security wasn’t on my radar, and I never imagined I’d work in this space.

When I left school, it felt like there were only two options: university or getting a job. But securing a job without experience, often requiring three or more years, wasn’t straightforward. University wasn’t the right path for me, so I explored apprenticeships, which turned out to be the best of both worlds. I gained a qualification in a field I was passionate about while also earning hands-on experience. Choosing an apprenticeship with CyNam was one of the best decisions I’ve made. Since joining, I’ve been exposed to a huge range of experiences, met inspiring individuals, and developed both professionally and personally.

What motivated you to become involved with CyNam?

Where did you start, and what are your ambitions for the future?

I started at the very bottom—an apprentice learning on the job and growing with CyNam and the wider sector. As for the future, that’s a tricky question. I firmly believe that everything happens for a reason. My main goal is to keep doing what I love, embrace new challenges, and continue learning. Whether that’s through my marketing efforts, events, or new initiatives, I want to keep pushing forward and making an impact.

How do you prioritise tasks and manage the challenges of your time?

I’m highly organised and still love traditional methods like pen and paper! I use a daily planner to tick off tasks throughout the day and schedule my workload weekly. But I also leverage digital tools. Notion and Trello are my go-to platforms for managing priorities effectively. A mix of traditional and digital planning helps me stay on top of everything.

Can you provide an example of a significant project you’ve been involved with that had a substantial impact on your region’s ecosystem?

Two projects stand out. First, the Securing the Future of Technology documentary series, where we explored topics like fintech, agritech, and space tech. It was crucial to highlight how cyber security intersects with various industries and how technology underpins everything we do. This project reinforced CyNam’s role in bridging different sectors and growing the cyber ecosystem.

Another key initiative was Clusters on Tour under the UKC3 umbrella. We collaborated with other cyber clusters, connecting with tech hubs in Cambridge, Milton Keynes, Bristol, and Cardiff. This initiative brought together 1,057 attendees, sparking valuable collaborations between businesses, academia, and government. From supporting the East of England Defence and Security Cluster during Cambridge Tech Week to exploring private-public sector collaboration in Milton Keynes, these engagements strengthened our national ecosystem and helped unify cyber clusters across the UK.

What skills or knowledge areas do you think are key to being such a fantastic ambassador for CyNam?

CyNam’s core values are at the heart of everything we do:

• Collaborative Ecosystem – Bringing together startups, businesses, academia, investors, and government to drive innovation.
• Inclusive Empowerment – Creating opportunities for all to contribute to a secure digital future.
• Passion for Place and Purpose – Championing Cheltenham as a cyber innovation hub.
• Purpose-Driven Innovation – Enabling real-world solutions through secure technologies.

Being an ambassador means embodying these values in everything I do—whether it’s building partnerships, sharing success stories, or fostering community engagement.

What’s one of your proudest achievements with CyNam so far?

Leading and presenting the Securing the Future of Technology documentary series. Imposter syndrome is real, especially in a sector as specialised as cyber security. But this project helped me gain confidence in discussing technical topics, managing an end-to-end production, and executing an engaging campaign. It was also a fantastic opportunity to work with talented videographers and meet incredible speakers. Using a variety of skills; project management, marketing, and content creation, I came out of it feeling accomplished and more confident than ever.

What are some of the biggest challenges you’ve faced working in such a fast-growing organisation?

When I joined, CyNam was rapidly expanding, and I was thrown into the deep end learning about cyber security while also navigating my role as an apprentice. My team and mentors were incredibly supportive, and I truly believe being in the deep end is the best way to learn.

One of the biggest challenges was establishing our online presence without a predefined structure. I made mistakes along the way, but through trial and error, we figured out what worked. Building successful campaigns and delivering engaging content was a learning curve, especially in such a fast-paced sector where everything is constantly evolving. But adapting quickly and staying ahead of industry trends has been key to our success.

What’s your favourite part of what you do?

It’s hard to pick just one thing! But if I had to choose, I’d say it’s the privilege of doing what I love every day while being surrounded by an incredible team. CyNam is filled with passionate, supportive people who push each other to grow. I’m constantly learning and evolving, and that’s what makes this role so rewarding.

Can you share an overview of your career journey and how you came into the field of cyber security?
Getting into the cyber security sector was accidental, as my initial studies were in music, but a passion for technology and keen interest in computing led me into teaching IT, firstly as a side-line, and later as a career. When an opportunity to lead a new information security programme at the college I was teaching at came up, I was encouraged to take it, and from there I gradually moved into a solely cyber security teaching role.

Images from the Resilient Futures: Women in Cyber Conference 2025

What motivated you to be involved with Cyber Wales and how did that lead into developing Women in Cyber?
I quickly became fascinated by cyber security, and took every opportunity to engage with the sector that I could. Being able to join the Cyber Wales meetings was a great opportunity to network, learn more about the variety of cyber security issues in the sector and develop my skills, and I attended regularly for some years. When I took on the role of Head of Cyber Security Education at the University of South Wales, I began to notice the lack of women at those meetings, and indeed at all the other meetings I was being invited to, and from there I set up the Women in Cyber network, not really expecting much interest, but it seemed to hit the mark, and our growth has been consistent ever since.

What does your career to date look like?  Where did you start and what are your ambitions for the future?
In terms of ambitions for the future… who knows! If you’d have asked me 5 years ago where I would be today, I would never have guessed that I’d be running a network with over 500 members, putting conferences together and hosting an annual event at CyberUK. I’d like to see the network continue to grow – whether as Women in Cyber Unlimited or in any other format. The important thing is that the network is there, in whatever form that takes.

How do you prioritise tasks and manage the diverse challenges that come with running a not-for-profit?
I do have a paid day job at ITSUS Consulting, so that always comes first. That means I can slot in women in cyber activities if I have quiet times, but when we’re busy at work, or when I have a lot of activities on for the network, I ensure I do these in my own time. ITSUS are brilliantly supportive, but it’s very important to me that I don’t take advantage of that. It does mean I might reply to messages late at night or very early in the morning, but I do try and reply to everything!

Can you provide an example of a significant project or initiative you’ve led that had a substantial impact on your region’s ecosystem?
I think this would probably be the conference that I started in 2024.

What skills or knowledge areas do you think are key to being such a fantastic ambassador for Women in Cyber?
Having taught and worked in a variety of cyber security areas, I have developed the confidence to discuss cyber security issues and I’d like to think I’m reasonably competent on the technical front. But I think the most important skill I have is the ability to network effectively. Whilst some people don’t like the term networking or its implications, I love chatting to people, and I really love connecting them. Being able to listen to someone’s issues – whether they are technical challenges or ones around career development or mentoring – and then being able to connect them to someone who can help is hugely gratifying. I like helping people I suppose, so that drives me to continue.

What’s one of your proudest achievements with Women in Cyber so far?
There are several things here for me. I’m very proud of bringing the networking breakfast to CyberUK. When I asked to run one of our meetings there a number of years ago, I really didn’t expect the NCSC to agree, but they did, and now it’s a regular feature at the event, attracting sponsorship – a real ‘pinch me’ feeling. I’m also very proud of winning the UK Cyber Security Council’s award for services to the Public Sector at the National Cyber Awards, and in the same year being invited to the King’s Garden Party. Both were a real honour for me.

What are some of the biggest challenges you’ve faced leading such a fast growing organisation? How did you overcome them?
Some of the biggest challenges are also the most mundane. For example, switching from emailing my newsletter to a proper mailing platform filled me with dread, but after my mail server blocked me for spamming people, and I had to try and send newsletters by staggering them in blocks of 30 people at a time, I got to a point where I needed a better solution. And things like managing the conference admin can be quite onerous, though not difficult. But the value I get from the outcomes of getting these things right makes the effort worthwhile.

How do you envision Women in Cyber Unlimited evolving in the next 3–5 years?
I’d really just like to see the network continue to grow and be useful to people. There are more and more networks popping up for women in the sector and women in STEM, and this is brilliant. Whilst I’d love Women in Cyber to continue to be one of those networks, the most important thing is that the networks exist, under any banner. If I’m still part of it then that will be a bonus.

With an evolving understanding of both technical challenges and industry dynamics, he plays a pivotal role in uniting stakeholders, advancing cyber security initiatives, and shaping the future of clusters. In this spotlight feature, we explore Ryan’s journey, contributions, and vision for a more secure and interconnected world.

Can you share an overview of your career journey and how you entered cyber security?
I started in the retail sector, focusing on compliance, where I developed a passion for technology and innovation. This led me to transition into tech, with cyber security standing out due to its dynamic nature and critical role in the digital world.

What motivated you to take on the Cluster Lead role with Midlands Cyber?
I wanted to fully immerse myself in cyber security while leveraging my leadership skills. This role allows me to drive industry growth, support businesses, and foster innovation in the Midlands.

What are your primary responsibilities, and how do they align with the organisation’s goals?
I oversee Midlands Cyber’s operations, drive business development, and support member collaboration. My focus is ensuring our initiatives align with members’ needs, fostering growth, and strengthening the regional cyber ecosystem.

How do you manage tasks and challenges in overseeing a cyber security cluster?
I prioritise member support, using simple but effective tools like lists and a notebook. Staying organised and focusing on impactful initiatives ensures meaningful progress.

Can you share a key project that significantly impacted the cluster?
A standout initiative was supporting CyberUK 2024 in Birmingham. We played a key role in the regional steering group, coordinated a fringe festival, and facilitated collaborations that continue to drive sector growth.

How did you navigate the challenges of entering cyber security?
It was a steep learning curve, but I immersed myself by attending events, networking, and learning from industry experts. The cyber security community’s collaborative nature made the transition smoother.

What skills did you focus on when transitioning into this role?
I took a broad approach, building relationships with experts rather than becoming a technical specialist. My role is about facilitating connections and fostering collaboration to drive innovation.

What’s one of your proudest achievements with Midlands Cyber?
Expanding and diversifying our membership base across various industries, creating a collaborative ecosystem that drives cross-sector innovation.

What challenges have you faced as Cluster Lead, and how did you overcome them?
Sustaining growth and gaining industry recognition were key challenges. I addressed this by advocating for cyber security, engaging policymakers, and ensuring meaningful member engagement to create real value.

How do you see your role evolving in the next 3–5 years?
I aim to scale Midlands Cyber’s impact regionally and internationally by expanding membership, fostering deeper industry partnerships, and driving innovation through strategic initiatives.