Related Posts
by Lisa Ventura MBE FCIIS
The first #InfosecLunchHour of 2026 brought together a host of cyber security and Infosec professionals from across the sector for a reflective and forward-looking discussion. Under Chatham House rules, the community explored everything from new regional initiatives to the fundamental question of what skills our industry actually needs.
Remembering Simon Rodway
The meeting began with Lisa Ventura MBE FCIIS sharing the sad news of the passing of Simon Rodway on 29 December 2025, a valued member of the #InfosecLunchHour community who contributed extensively to discussions about cyber and AI. Simon was a regular participant whose knowledge and insights enriched our conversations. His presence at the #InfosecLunchHour festive meetup on 17 December where he came dressed as Santa Claus and where we discussed predictions for 2026 was a reminder of how quickly circumstances can change.
Everyone on the call who knew him shared their memories of Simon and we extend our condolences to Simon’s family at this very sad and difficult time. Our thoughts remain with his family and all those who knew him.
A New Cyber Hub for the West Midlands
January brought welcome news from the West Midlands with the launch of a dedicated Cyber Hub at Millennium Point in Birmingham. After just one month of operation, the centre already hosts four SME tenants and provides space for events and meetings. The initiative represents a significant step forward for regional cybersecurity development, offering support for local startups and talent whilst creating opportunities for community building outside London.
The hub’s establishment reflects a broader recognition that cyber security innovation and talent development need not be concentrated in traditional tech centres. Regional initiatives like this one could play a crucial role in addressing the sector’s persistent skills gap by making the industry more accessible to diverse talent pools across the country.
The Cyber Resilience Bill: Supply Chains and Beyond
Discussion turned to the second reading of the Cyber Security and Resilience Bill, with particular focus on its approach to supply chain security. Participants noted that whilst the term ‘supply chain’ remains widely used, the bill itself takes a more nuanced approach, focusing on critical suppliers within essential services rather than attempting to regulate every commercial relationship.
The conversation highlighted ongoing tensions between the need for regulatory oversight and the practical challenges of implementation. There was recognition that whilst legislation provides necessary frameworks, the real work of building cyber resilience happens through the daily decisions and practices of organisations and individuals across the sector.
Rethinking the Skills Gap
Perhaps the most animated discussion centred on the cybersecurity talent shortage and what skills the industry actually needs. The conversation challenged conventional wisdom about technical expertise being paramount, suggesting that the sector’s narrow focus on technical skills may be contributing to, rather than solving, the talent crisis.
Participants emphasised that effective cyber security requires a much broader range of capabilities than traditionally recognised. Business understanding, governance skills, psychology and sociology were all identified as crucial but often overlooked competencies. The observation that many cyber security roles require skills that have little to do with traditional IT security prompted reflection on how the industry defines and recruits talent.
The discussion also touched on structural barriers within organisations. Technical roles often lack clear career progression, particularly at senior levels, whilst business and governance positions are increasingly fragmented or eliminated altogether. This creates a situation where the skills most needed for strategic cyber resilience are the hardest to develop and retain.
AI’s Double-Edged Impact
The rise of artificial intelligence in cyber security generated considerable debate. Whilst AI offers powerful capabilities for threat detection and response, concerns were raised about its potential impact on entry-level positions. If junior roles disappear, where will the next generation of cyber security professionals develop their skills and understanding?
The conversation suggested that AI might accelerate existing trends towards fractional and portfolio working, particularly at senior levels. However, this raises questions about knowledge transfer, organisational memory and the development pathways that have traditionally sustained the profession.
Looking Forward
As the session drew to a close, the announcement of the upcoming Cyber Marathon, featuring 24 presentations over 24 hours, reminded everyone of the community’s appetite for continuous learning and knowledge sharing.
What emerged most clearly from January’s discussion is that cyber security’s challenges are as much about people, culture and organisational structure as they are about technology. The sector needs to move beyond simply demanding more technical skills and start seriously addressing the diverse capabilities required to build genuine cyber resilience.
The next #InfosecLunchHour is scheduled for 4 February 2026 at 12.30pm. These monthly gatherings continue to provide a space for frank and open discussion about the real challenges facing cyber security professionals, away from vendor pitches and corporate messaging.
This article was written under Chatham House rules, which allow information to be shared whilst protecting the identity and affiliation of speakers.