Judgment-free starting points

Excerpt: I used to be a security disaster. Then I met TransCrypt. This is what three years of change looks like - and the one habit I still can't quite break.

---

Six Years, One Password: A Confession

Looking back at who I was, who we've become, and the people who made it possible

---

I need to tell you something.

Three years ago, before any of this - before the certifications, the consultancy, the blog posts, the government contracts - I used the same password for everything. Email. Banking. Customer database. The lot.

"Buster2018"

My dog's name and the year we got him.

I'd been using it for six years. Never changed it. Never thought twice about it. It was easy to remember, and that was all that mattered.

I'm telling you this because I need you to understand: I wasn't someone who "got" security. I wasn't tech-savvy. I wasn't careful. I was a small business owner doing my best, cutting corners where it seemed safe, assuming the bad stuff happened to other people.

That was me. That's where this story starts.

The Wake-Up Call

You've heard this part before. The government tender. Page fourteen. "Suppliers must hold current Cyber Essentials certification."

The midnight panic. The frantic Googling. The growing realisation that our entire setup - including my six-year password - was a disaster waiting to happen.

I could have given up. Nearly did. The gap between where we were and where we needed to be felt impossible.

Then I found TransCrypt.

Finding Brian

I filled in their form at midnight, convinced nothing would come of it. A free subscription for research participants? Too good to be true.

Brian called the next day.

I expected a sales pitch. Instead, I got a conversation. He asked about the business. About my team. About what was keeping me up at night. He listened more than he talked.

By the end of that call, I felt something I hadn't felt in weeks: hope.

Not because Brian promised miracles. He didn't. He was honest about the work involved, the time it would take, the changes we'd need to make. But he made it feel possible. Achievable. Like someone had finally handed me a map instead of just telling me I was lost.

The Team Behind the Platform

Here's what the website doesn't tell you about TransCrypt: it's not just software. It's people.

When I got stuck on firewall configurations at 11pm, someone answered. When Danny had questions about technical implementations, someone walked him through it. When I had my week-four wobble and nearly quit, someone talked me off the ledge.

Brian built a team that actually cares. Not in a corporate-slogan way. In a "they remember your name and ask how the certification is going" way.

I've worked with plenty of companies over the years. Most of them treat you like a ticket number. TransCrypt treated us like partners.

What Changed

Everything. And everyone.

The business went from three laptops and a prayer to a proper operation. Government contracts. Private sector clients. An actual IT department. Revenue I couldn't have imagined three years ago.

Me - I went from not knowing what a firewall was to consulting for other businesses. Speaking at events. Writing blog posts that apparently help people. Someone asked for my autograph at a conference last month. I thought they were joking. They weren't.

Kev became our human firewall. The man who used to click on everything now questions everything. He runs the security refresher sessions. Takes it personally when someone in another company falls for a phishing scam. "They should know better," he says, like he wasn't the cautionary tale three years ago.

Sandra went from doing invoices to managing compliance documentation. She's got spreadsheets tracking our certifications, our training records, our policy reviews. Colour-coded. Immaculate. She's fiercer about security than any of us now.

Danny - where do I start? The nineteen-year-old who learned from YouTube is now our Head of Technical Sales. He speaks at NCSC seminars. Clients request him specifically. He's training the next generation. He's become someone I genuinely look up to, and he still calls me Mr S even though I've asked him a hundred times not to.

Priya joined as an intern and now runs our IT. A computer science graduate who was about to give up on her career found a home with us. Danny trained her. She's brilliant. Last week she caught a vulnerability I would never have spotted.

That's what changed. Everything.

What Brian Actually Did

I want to be clear about something: Brian didn't do the work for us. TransCrypt didn't wave a magic wand. We still had the late nights, the confusion, the arguments about password policies.

What Brian did was make it navigable.

He gave us tools that made sense. Support that actually supported. A pathway that didn't assume we already knew everything.

He treated small businesses like they mattered. Not like inconveniences. Not like tick-box exercises. Like actual businesses with actual people trying to do actual work.

That sounds simple. It's not. Most of the industry talks down to companies like mine. Brian never did.

The Friends Along the Way

I didn't expect to make friends through cyber security certification. Sounds ridiculous even typing it.

But the TransCrypt community - the other businesses going through the same journey, the people in the seminars, the readers who comment on these blogs - they've become something unexpected.

We share war stories. Swap advice. Celebrate each other's certifications. Commiserate when things go wrong.

There's a WhatsApp group. Forty-seven small business owners who met through TransCrypt events. Last month someone posted at 2am panicking about an audit. By 2:30am, three people had responded with advice. By morning, they'd talked them through it.

That's not a customer base. That's a community.

The Confession

Right. The title. The thing I need to admit.

I've changed almost everything about how I handle security. Strong unique passwords everywhere. Password manager. Regular updates. Proper policies. The works.

Almost everything.

There's a folder on our server called "Archive - Old Projects." It's got documents from before any of this started. Client files, quotes, records we need to keep but rarely access.

The password for that folder is "Buster2018."

I know. I know.

Buster died last year. Fourteen years old. Good innings for a spaniel. I was with him at the end, and I cried harder than I'd cried in decades.

I can't change that password. I've tried. I get to the reset screen and I just... can't.

It's not protecting anything critical. The folder's got nothing sensitive, nothing that would cause damage if compromised. Danny's checked. He understands. He's the one who told me to leave it.

"Some things aren't about security, Mr S," he said. "Some things are about remembering."

So Buster2018 stays. One small corner of our system where the old me lives on. Where a man and his dog exist in four letters and four numbers.

I'm not recommending this practice. Don't put it in your security policy. But I'm human. Sometimes being human matters more than being optimal.

Looking Forward

Three years ago, I was a security disaster with a loyal dog and a dream of landing one good contract.

Today, I'm a consultant helping other businesses avoid the mistakes I made. I've got a team I'm proud of. A company that's thriving. A community of fellow travellers.

And a password I'll never change, tucked away in a folder nobody opens anymore.

That's the journey. That's what TransCrypt made possible. Not by doing it for us, but by making us believe we could do it ourselves.

To Brian and the team: thank you. For answering the phone at midnight. For treating us like we mattered. For building something that actually helps.

To everyone reading this who's where I was three years ago: it gets better. The panic fades. The confusion clears. The work is worth it.

And to Buster: good boy. Always.

---

Jim Simpson is an SME Cyber Resilience Consultant with TransCrypt. He still talks to his current dog, Monty, about password security. Monty is not interested.