Applying Secure By Design to High-Threat Programme Change
Implementing continuous development to address new opportunities and requirements
The client owned a mature, large-scale web application that housed vast amounts of sensitive information. One part of this application was accessible from the internet, while the other was used within government infrastructure, which had a low tolerance for risk.
Due to its business-critical nature, the client sought the expertise of Tom Burton, a Cyber Security specialist at Cambridge Management Consulting, to update the application to meet new opportunities and modern network requirements.
Download the Full Case Study
Contact Form - Secure by Design Case Study
The
Challenge
The client needed to integrate a new third-party SaaS web service into the existing application to enhance business efficiency and process speed.
This SaaS environment was subject to compliance with some UK Government security standards, however they could not apply conventional, direct assurance and accreditation activities because of the third-party's SaaS shared delivery model.
The client needed the final solution to recognise this uncertainty while managing risk, security, and business benefits.
Our Approach
To resolve their challenges, Tom and his team adopted an approach based on the principles of 'Secure by Design', working with the client's business and engineering representatives to jointly develop the optimum integration approach and security controls before implementations started.
The lack of assurance meant that the integration needed to treat 3rd party SaaS as largely untrusted. The client had several architectural options, each with different implications in their cost, timescale, risk profile, business efficiency, and future flexibility. Tom iterated the design with the client, helping them to select the best, most viable solution, reconsidering risk, compensatory controls, and benefits at each stage.
Adopting a risk-driven approach, Tom identified the inherent risks that the change would introduce regardless of the integration approach as a first critical step. These risks were understandable to the non-security and non-technical communities. Getting stakeholder agreement on them ensured that all parties would recognise the constraints the solution would have to live within. The client proposed their preferred solution architecture, enabling Tom to assess the residual risk that the change would present, and propose additional security controls to bring that risk down to an acceptable level.
As Tom's work progressed, the client adjusted the solution architecture in response to address options that became unviable or inefficient. Alternative options and their implications were discussed. When changes had been decided, Tom quickly reviewed and updated the risks and security controls, introducing fast feedback into the design process, and ensuring that his architecture design was built with future flexibility internalised. The inherent risks did not remain static either, and were reviewed on each iteration, adding new risks that arose, and retiring redundant ones according to the proposed solutions characteristics.
Outcomes & Results
1
Faster, Cheaper Deployment
If security had been considered late in the change process after implementation, it is likely that the solution design would have needed significant rework, retrofitted inefficient controls with a negative cost and operational impact, and/or a higher level of risk accepted. Tom and his team avoided these costly and unnecessary effects by getting early agreement on the risks that needed to be treated, and quickly iterating to an optimal solution with the client.
2
Long Lasting Solutions
This approach also aligned with the principles of embedding continuous assurance and making changes securely because all controls can be tied back to the risks that they are addressing; future changes will be able to refer to these dependencies and build on them rather than undermine the existing security.
3
Positive Reception
The Government end-client was delighted with the thoroughness of the analysis and documentation, had no concerns about the risk or mitigations proposed, and saw significant benefits in the collaborative approach that had been adopted.
Get in touch with our Cyber Security consultants
Case Studies
Our team has had the privilege of partnering with a diverse array of clients, from burgeoning startups to FTSE 100
companies. Each case study reflects our commitment to delivering tailored solutions that drive real business results.
CASE STUDIES
A little bit about Cambridge MC
Cambridge Management Consulting is a specialist consultancy drawing on an extensive global network of talent. We are your growth catalyst.
Our purpose is to help our clients make a better impact on the world.
ABOUT CAMBRIDGE MC
Industry insights
Well Intended Guidance Leaves more Questions than Answers The UK Government Digital Services – part of the Department for Science, Innovation and Technology – has recently published guidance for how the public sector should adopt a multi-region approach to cloud technology. At first sight this appears encouraging. Any unnecessary constraints on hosting arrangements (or any other non-functional requirements) reduce the available market of providers, constrain competition, and therefore inevitably reduce value for money. If parts of Government, whether central, regional or local, have felt that everything must be hosted in the UK then it makes sense to produce guidance that clarifies this perception and helps to open their options up. But for guidance to be useful it should guide. It should make it easier for people to take actions that they previously would have discounted. The guidance in this case, which at 1420 words is almost as short as this article, probably leaves the reader with more questions than answers. It may reveal some unknowns, but without increasing certainty. The Guidance in a Nutshell A summary of the guidance is as follows: Look wider than UK: Many cloud solutions may not offer UK hosting, particularly new innovative solutions that haven’t scaled up yet. Irrespective, their staff are likely to be distributed around the world if the service is supported 24/7. There may also be other benefits in looking wider than UK hosting, such as enabling better business continuity and disaster recovery options if the vendor only has one UK site. Get legal advice: Before you even consider a non-UK option you need to seek advice from your own legal advisors and your Data Protection Officer (DPO). Ensure compliance with ICO guidance: Before you even consider a non-UK option you need to check and make sure that any international transfer of personal data will be compliant with the Information Commissioner’s Office (ICO) guidance, and you should get further guidance from your own legal advice and DPO. Do a full review of vendor security: Before you even consider a non-UK option you need to make sure the vendor and solution are compliant with your own security policies. In a nutshell, it says: 'you should consider options outside of the UK but only if you have checked everything is legal and secure'. This seems to be verging on a statement of the obvious; the real difficulty in going offshore is covering all of the legal, regulatory and security compliance aspects. Adequacy is a Moment in Time On point 3, the guidance points out data protection compliance is easier if the country in question is considered by the ICO to be adequate – having equivalent regulations for data protection to the UK. Sound advice. But even this is not that simple. For instance, the USA is not considered adequate unless it is under an extension of the EU-US Data Privacy Framework. This framework is dependent on an Executive Order that the Biden administration put in place, and it is entirely possible that it will be revoked by the current administration. If such an action was taken, or if for any other reason the EU decides that adequacy is no longer met (also not unlikely given Herr Schrems has achieved this twice already and has stated he plans to challenge the DPF), then the vendor will no longer be considered compliant. Consideration is Far Wider than Residency Security is far wider than data residency though. This is where point 4 both states the obvious and understates the complexity. Managing risk in the supply chain is inherently difficult. Cloud providers, and particularly SaaS solutions, aggravate this challenge by an order of magnitude. By their nature they are solutions designed for a broad and varied range of customers. This means they will always involve compromise. If they tried to meet the most demanding requirements, they would price themselves out of the scale marketplace. If they went for the lowest common denominator, they would be unable to meet the requirements of the majority. An individual customer can rarely dictate a specific security requirement for themselves. They are also highly opaque. The vendor presents their service as a black box. The features delivered to the customer are defined, but much of the underlying design and the means the vendor uses to manage it in operation are hidden. This makes assessing the risk far more of a judgement call than when the design and delivery is conducted under your control. Depending on the supplier, and the leverage that the customer has over them, it may be possible to get some information and assurances; but the right questions need to be asked, and the answers need to be interpreted correctly. Third party certifications and audits, such as the ISO27000 series of standards or the SOC1, SOC2 and SOC3 reports, can also provide some additional assurances. But only the customer will be able to decide the extent to which they can mitigate the risk, and the confidence they have in the supplier to manage their own. This is a business decision informed by the specifics and nuances of the risks being considered. Summary It is important to minimise the non-functional requirements and keep an open mind about potential solutions and vendors. This includes looking wider than just the UK when national security requirements are not paramount. But this is not something that can be distilled onto a single sheet of A4 in any meaningful way. Yes, there are legal and regulatory issues that need to be reviewed. And geopolitical risk needs to be factored in, considering how you would respond to future external changes that are outside of the UK’s control. But from experience, the greatest challenge is getting comfortable that the vendor’s organisation and their solution have adequate security – this applies equally whether the solution is hosted in the UK or overseas. The SaaS world is opaque, and balances priorities across a broad and varied customer base. The public sector needs to increase its adoption of cloud and SaaS solutions to remain efficient and relevant, in the same way that the private sector has had to. But the route to responsible adoption is more nuanced, requiring candid conversations with suppliers, and ultimately an informed but subjective judgement by the customer’s leadership. Sources/Links: DSIT Guidance for Multi-region cloud and software-as-a-service ↩︎ ICO Guide to International Transfers ↩︎ Executive Order (E.O.)14086 of October 7, 2022, on Enhancing Safeguards for United States Signals Intelligence Activities ↩︎ Note: This article originally appeared on Tom Burton's personal blog at https://digility.net/insights/
The Digital Communities All-Party Parliamentary Group (APPG) shared the ‘Care to connect: Public Switched Telephone Network (PSTN) Migration’ report with key parliamentarians on Monday at a launch meeting on Parliament Street. This report highlights key recommendations for managing the ongoing Public Switched Telephone Network (PSTN) migration, focusing on protecting vulnerable residents and ensuring effective solutions. Here are the major takeaways for local government and communication providers: Data-Sharing Agreements (DSAs) DSAs between communication providers (CPs), local authorities, and telecare providers are crucial for identifying vulnerable residents during the migration. Challenges include inconsistent responses from local authorities and fragmented approaches across CPs. The APPG recommends all local authorities and housing associations sign DSAs, regardless of progress in digital switchover, to promote uniformity and resident safety. Telecare Devices The sale of analogue telecare devices must end, as these can leave residents unsupported during the transition. The government, in collaboration with the TEC Services Association (TSA), should enforce higher standards (TEC Quality’s Quality Standards Framework) across the telecare industry to achieve robust digital migration practices. Financial support for local councils is critical to replace outdated telecare devices and prevent double costs. Battery Backup Solutions Existing guidance from Ofcom, requiring one-hour resilience for power cuts, is insufficient. The APPG recommends increasing power backup requirements to at least 4 hours in homes and 6 hours for fixed networks. Communication and energy providers must jointly create resilient power solutions, particularly for vulnerable residents reliant on telecare devices. A multi-sector priority service register should integrate communications and energy service protection for those at risk. Sunset of 2G and 3G Networks UK mobile network operators plan to stop supporting 2G and 3G networks by 2033, with some networks already switched off. There are cases where local authorities and residents have purchased telecare devices using 2G/3G SIM cards, as a lower-cost, interim solution — these devices will need to be replaced again, posing double replacement costs for local authorities and additional risks to residents. The government should stop the sale of analogue devices and accelerate efforts to prevent the redeployment of outdated telecare alarms. Summary We welcome these recommendations alongside the December 2023 PSTN Charter, the Telecare National Action Plan and the PSTN Non-voluntary Migration Checklist. The conclusions make it clear that coordination between local and central government, industry regulators (such as Ofcom and Ofgem), and communication providers (CPs), as well as significant investment in digital teams at a local level, are essential goals to ensure a safe and inclusive digital switchover for all vulnerable residents and telecare users. Read the full report here: https://digitalcommunities.inparliament.uk/care-to-connect-public-switch-telephone-network-migration-report About the APPG The Digital Communities APPG is a cross-party group of parliamentarians, with the aim to promote the delivery of digitally equipped places that support and foster a connected, healthy, and productive community. This includes the creation and maintenance of sustainable digital infrastructure, as well as providing residents with equal opportunity to thrive in a digital world. The LGA provides the secretariat to the APPG. Cambridge Management Consulting Our Public Sector and PSTN teams can help local councils and other public bodies by providing strategy, financial planning, procurement, and project management services to ensure that you have a comprehensive transition strategy and accurate financial costing for the PSTN switch-off. We can help you follow the recommendations in this report by completing a full audit, signing DSAs with CPs and most importantly, protecting vulnerable service users. Get in touch with Craig Cheney, Managing Partner and lead for Public & Education, to discuss a range of services which might suit your needs: ccheney@cambridgemc.com (or use the form below). Act now, before time and resources run out.
What Do Your Scope 3 Emissions Have to Do with Inflation? Scope 3 emissions cover everything outside your direct operations —the carbon footprint of your supply chain, purchased goods, logistics, business travel, and more. The higher your Scope 3 emissions, the more energy-intensive your supply chain is. And the more energy-intensive your supply chain, the more vulnerable you are to rising costs. Think of it this way: High Production Costs- If your suppliers are heavily dependent on fossil fuels, their production costs are rising fast Price Volatility- If your supply chain lacks efficiency and resilience, price volatility will hit you harder Locking in High Costs- If you’re not actively engaging with suppliers to reduce emissions, you’re locking in long-term cost increases that could have been avoided Without accurate Scope 3 data and a clear engagement strategy , businesses are leaving themselves open to higher prices, lower margins, and greater financial risk . Why Businesses Struggle with Scope 3 A major challenge is that Procurement and Sustainability teams often operate in silos: Procurement teams focus on cost and supplier relationships but often lack deep sustainability expertise Sustainability teams focus on compliance and decarbonisation but aren’t typically measured on financial performance This disconnect means emissions reduction is rarely treated as a financial opportunity —when in reality, cutting carbon from your supply chain is also one of the most effective ways to reduce exposure to cost inflation. The Businesses That Get This Right Will Lower their Costs Leading organisations are already taking action. They are: Gathering detailed Scope 3 emissions data to map out cost risks in their supply chain Engaging suppliers to drive efficiency, reduce emissions, and lower costs Building resilience by shifting towards lower-carbon, more cost-stable alternatives The result? Lower long-term costs, reduced financial risk, and a competitive edge over those stuck with inefficient supply chains. This is not just about sustainability compliance —it’s about smart financial decision-making. If You’re Not Taking Action, You’re Losing Money Every business will feel the impact of rising supply chain costs—but not every business will be prepared for them. If you don’t have accurate Scope 3 emissions data and an effective engagement strategy, you are: Paying more than you need to for essential goods and services Exposing your business to long-term cost inflation Missing out on opportunities to build a stronger, more resilient supply chain The sooner you act, the better the outcome for your bottom line and the planet. Is your business ready to take control of its costs? Get in touch with Cambridge Management Consulting and edenseven today. About edenseven edenseven is the sustainability-focussed sister-company of Cambridge Management Consulting. We work with businesses across all sectors in multiple regions to deliver robust and deliverable net-zero strategies. The success of any strategy relies on its awareness of how changes in policy and subsidies can create both risks and opportunities for a business. If you are a business trying to enter a new market or evolving in an existing market and would like to learn more about how edenseven can support you, please get in touch with the team at edenseven at info@edenseven.co.uk or use the contact form below. Find out more about edenseven on their website: edenseven.co.uk
Peter Drucker wrote in his book The Practice of Management (1954) that ‘it is the customer who determines what a business is’. This sentiment still firmly holds true today, as consumers increasingly expect personalised shopping experiences from aspirational businesses that desire to have a positive impact on the community, country, or world in some way. Across this series of articles, Daniel Fitzsimmons explores the role of customer-centricity as a mechanism to support the delivery of superior customer experience and business profitability. In the first two articles in this Customer Centricity series, Daniel has established the foundations of what makes a truly customer-centric organisation, and how a business can be tailored towards ensured customer satisfaction. In the final article in the series, he takes this further to discuss how technological innovation can amplify these goals. Digital Transformation – Technology Acceptance Model (TAM) Technology is typically the most common interaction point for customers engaging with products, and is especially critical to the service industry. The banking industry has pioneered the digitalisation of services (Dube and Helkkula, 2015), with digital payment services and blockchain solutions. In a fiercely competitive environment, the creation of superior value requires increased insight into how customers experience value (Medberg and Heinonen, 2014). Value can be typically defined as the ‘consumers’ overall assessment of the utility of a product based on perceptions of what is received and what is given’ (Zeithma, 1988). This concept can be extended to a value definition in the following forms: Total Monetary Value – The amount a customer is prepared to pay for a product Perceived Use Value – Defined by a customer’s perception (utility) Exchange Value – Realised when the product is sold Value can be enhanced through digital capabilities, marking technology solutions, and digital marketing strategies to support user acceptance. Securing User Acceptance One compelling approach to understanding how users may engage with a new technology is the TAM model. The TAM model suggests that Perceived Usefulness (PU) and Perceived Ease of USE (PEOU), define how a user will interact with a new product or service, i.e. if the product usefulness and ease of use can be communication, barriers to adoption can be mitigated. When developing new customer solutions, mobilisation of the TAM model is the engagement of consumers in product development, and inclusion of then construct of ‘user intent’ to inform product ideation. Venkatesh et al. formulated the unified theory of acceptance and use of technology (UTAUT). This model was found to outperform other models (Adjusted R square of 69 percent), and is worthy of further investigation in terms of its ability to predict user acceptance of new technology solutions. Experimentation Technology should function as an enabling mechanism to support experimentation in the creation of products and services, and increased alignment with prospective customers. Experimentation, which from an engineering perspective represents ‘continuous improvement’, allows businesses to see what does and doesn’t resonate with target personas, iterating towards a value proposition that will drive superior customer engagement and subsequently an increased % of the customer wallet. Booking.com runs more than 1,000 tests simultaneously to fine tune its offering specific to a user profile, behaviours, and characteristics. Experimentation and the subsequent data generated provides a meaningful base from which to make decisions, thereby negating ‘strong opinions or the HiPPO mentality, which is often pervasive in organisations. For experimentation to be successful, leadership needs to create a culture of curiosity in the business, supported by organisational design and the psychological safety to try and fail. Digital continuity provides an exciting opportunity to enhance the customer voice in product development. Real time data availability provides instant insight into consumer preference, which can be used to support product development and increasingly personalised product offers. Through the experimentation cycle, digital prototypes can be rolled out quickly to support the product innovation cycle. For experimentation to be successful, customer requirements should be integrated into business operations to create an industry-aligned value proposition (Ohmae, 1988). Conclusion Throughout this three-part series, I have demonstrated the importance of customer-centricity as a critical way to ensure success. In this article specifically, I have covered how to leverage technology – a power that is already prevalent and constantly evolving – to best support this venture. Building upon the TAM model, technology can be used to facilitate enhanced customer satisfaction, consequently spurring innovation and growth.
Funds donated by Cambridge MC supplied some new equipment, including new boards.
At Cambridge Management Consulting, we pride ourselves on building a consultancy practice that goes beyond traditional consulting. Our team is composed of specialist practitioners who have reached the pinnacle of their industries, bringing years—often decades—of hands-on experience to guide others in achieving exceptional results. This approach has established Cambridge MC as a consultancy powered by a network of diverse, proven expertise, consistently recognised for its impact and innovation. Our consultants and their work have been honoured with numerous accolades, reflecting the value we bring to our clients and industries. For example, Zoë Webster, an expert in AI, Digital & Innovation, was named one of AI Magazine’s Top 10 AI Leaders in the UK & Europe, celebrated as a pioneer reshaping industries and societies. Similarly, Craig Cheney, Managing Partner, Marvin Rees, Board Advisor, and David White, Associate, were recognised with a World Economic Forum Award for Public Private Collaboration for their contributions to the Bristol City Leap project. Craig Cheney was made an Alderman of the City of Bristol, acknowledging his eminent services to the city; and just recently, Marvin Rees OBE was introduced into the House of Lords. These achievements were further complemented by our success at the Consultancy Awards, where Cambridge MC proudly received awards in every category we were nominated for. The Consultancy Awards The Consultancy Awards, hosted annually by The Consultancy Growth Network, celebrate hard work, commitment, and innovation across the consultancy sector. Cambridge MC was honoured to receive three awards in recent years, recognising our contributions across key areas: Digital Transformation: For our project management of a multinational oil and gas company, coordinating the development of a portfolio of high-priority EV charging hub sites in major cities. Productivity Improvement / Cost Reduction: For delivering £10m in savings for a large UK online retailer in just 13 weeks, leveraging our expertise in procurement, contract, and vendor management. Fastest Growing: Celebrating our 30% growth in revenue, 100% increase in geographies, and doubling the profit we donate to charity to 12%.  These awards are a testament to our commitment to delivering exceptional results for our clients while contributing to the industries we serve. Celebrating Industry Excellence While receiving accolades is always an honour, the opportunity to give back to the industries that shaped us is equally rewarding. Cambridge MC has been privileged to sponsor and judge several prestigious awards, recognising the talent and innovation that drive progress across telecommunications, technology, and connectivity. ITP Telecoms Awards As Platinum Sponsors of the ITP Telecoms Awards, hosted by the Institute of Telecommunications Professionals, we celebrated the achievements of individuals and organisations making significant contributions to the digital industry. Tim Passingham, Founder & Chairman of Cambridge MC, presented the Engineer of the Year award to Mike Mawson, Head of Fibre Innovation at Hyperoptic, recognising his exceptional work in advancing telecommunications. Global Connectivity Awards The Global Connectivity Awards, held at the O2 in London, marked its 20th year of honouring innovation across 40 categories, from technology breakthroughs to regional achievements. Cambridge MC’s Managing Partner, Charles Orsel des Sagets, joined the panel of 30 impartial judges, bringing over 30 years of expertise in fintech, cybersecurity, and connectivity to evaluate the finalists. This event highlighted the ingenuity shaping the connectivity industry and provided a platform to celebrate its brightest minds. World Communication Awards The World Communication Awards, now in its 25th year, continues to recognise excellence across telecommunications. Naaz Bax, Senior Partner and Chief of Staff at Cambridge MC, served as a judge and presented the prestigious Woman in Telecoms Award. This category celebrated the achievements of brilliant women in the industry, with the award going to Josephine Sarouk, Managing Director of Bayobab Group, for her invaluable contributions to telecommunications. DCD>Global Awards The DCD>Global Awards, held at Grosvenor House in London, celebrated talent and achievement in the data centre and telecommunications industries. Duncan Clubb, Senior Partner for Data Centres, Edge & Cloud, brought his expertise to the judging panel, evaluating finalists in categories such as the Edge Data Center Project of the Year. This event showcased the transformative impact of innovation in data centre infrastructure and edge computing. A Legacy of Ingenuity The awards, events, and individuals highlighted here reflect the wealth of expertise, innovation, and achievement that define the consulting, telecommunications, and technology industries. At Cambridge MC, we are privileged to contribute to these industries, whether by delivering impactful projects, receiving accolades, or celebrating the achievements of others. As we look ahead, we remain committed to supporting and shaping the industries we serve, continuing to drive progress and innovation in the years to come.
In my discussions with building owners and occupiers about property technology, the conversation often centres on leveraging new technologies and existing data to enhance compliance, reduce costs and carbon emissions, and improve workplace experience. Many people in the property sector share a common concern around the quality of data currently held on their buildings. This gap in record-keeping could pose significant challenges as the UK's Public Switched Telephone Network (PSTN) is retired in early 2027.  PSTN is the analogue telephone network that carries voice and data over copper wires. This legacy infrastructure is becoming increasingly costly and difficult to maintain, and it is unable to handle the data demands of modern telecommunications. As a result, BT and other UK phone companies intend to withdraw PSTN services by the end of January 2027. Although records may not show it, many buildings rely on PSTN lines for critical services such as lift emergency calls, fire alarms, security systems, door entry monitoring and building management systems. Once PSTN is decommissioned, these services will cease to function without warning, potentially leading to safety compliance and security risks. To mitigate these risks, building owners should proactively assess their exposure before PSTN services are discontinued. Identifying and replacing existing PSTN connections with future-proofed, and potentially more cost-effective, digital solutions is essential for business continuity. Building occupiers should also seek assurances from their landlords regarding these transitions. At the Connected Britain Conference last year, the Minister of State for Data Protection and Telecoms, Sir Chris Bryant MP, highlighted the vital importance of digital infrastructure and cited the PSTN switch-off as a significant concern. BT recommends that its business customers act before the end of 2025. The transition to digital alternatives including testing and commissioning could take 6-9 months. A critical first step is to carry out an audit to identify systems that rely on PSTN. This audit should identify all devices connected to the PSTN, their locations, their functions, and upgrade options. I have been urging property owners and operators to develop and implement a programme of discovery and rectification as a priority. Without early and rigorous planning, the risks to safety, business continuity, and occupier experience are high. Also, as the switch-off date approaches, the costs of this work are very likely to increase significantly. Cambridge Management Consulting has a team of PSTN experts, who can identify existing PSTN-based systems, procure replacement solutions and migrate your services, as well as identifying and implementing cost reduction strategies that become possible through the transition to digital solutions. We can also ensure your organisation avoids the risks to compliance, security and occupier experience when PSTN services are withdrawn as well as reaping the long-term benefits of going digital.
At Cambridge Management Consulting, we place just as much emphasis on the growth and development of our in-house industry experts and professionals, as the businesses and organisations that they work with. We do not hire consultants; we hire genuine practitioners with hands-on, demonstrable real-world experience – but we also make sure that doesn’t stop at the door. We ensure that our consultants get as much out of our partnerships and business ventures as our customers do. One of our consultants who has experienced this growth and progression first hand is Darren Sheppard, recently made a Senior Partner for Contract Management & Digital Transformation. In this article, we are shining a spotlight on Darren’s numerous career highlights with Cambridge Management Consulting, including the delivery of multiple successful projects and award-winning cost saving programmes. Darren Sheppard With nearly 30 years of experience, Darren began his career as a collections agent, underwriter, and later a Credit Risk and Collections Manager for 20th Century Fox. Since then, Darren has occupied numerous senior consulting and senior management roles across Finance, Operations, Sales/Business Development and Commercial/Contract Management for major telecommunications companies such as T-Mobile, EE and BT. After establishing his own consultancy business, he was engaged by Sovereign Business Integration Group as Group Director of Operations. Darren joined Cambridge MC in 2021 as a Partner to lead our Digital Contract & Service Management practice. Since then, he has delivered multiple complex and successful programmes for numerous high-profile clients and customers. Throughout his career, his positions have seen him responsible for setting and delivering the strategy of each organisation, be it driving partner growth, managing stakeholder relationships, coordinating go-to-market, operations, and commercial management. Contract Management, FTSE250 Financial Services Provider In 2021, Darren began a programme with a FTSE250 financial services provider specialising in trading solutions to support the transition of two of their financial derivatives trading platform businesses. Throughout this, Darren was responsible for reviewing the TSA document and all associated Vendor Contracts, negotiating with the vendors on a continuation and/or transfer of agreement post-closure and throughout the term of the TSA. Due to his proficiency, Darren and the team were able to deliver this TSA programme six months early and significantly under budget. You can read more about this project here . Following the success of Darren’s work, this financial services provider continued to engage Cambridge MC to support their Strategic Partnerships & Commercial Management. In reviewing their current processes and modernising as appropriate, together with assessing strategic supplier contracts to align their KPIs with business goals, Darren helped to establish a set of processes to help his client reach their business goals. Deputy COO, Management Consultancy Between the summers of 2022 and 2023, Darren occupied the role of Deputy Chief Operating Officer for a management consultancy, overseeing strategic planning, project management, and operational efficiency initiatives. During this time, Darren designed and implemented a lifecycle workflow for managing engagements, ensured effective contracting, and successfully delivered the implementation of ISO 27001 standards. COO, Environmental Air Quality Monitoring Alongside the above interim role, Darren was engaged to occupy the role of COO for IKNAIA, an environmental air quality monitoring organisation, of which the CEO was originally forced to occupy both C-Suite positions. In this role, Darren managed day-to-day operations, elevated the leadership team, and oversaw all operational aspects of company strategy. Throughout this time, Darren has helped them to overcome limited capital, streamline operational efficiency, and re-prioritise their pipeline. Finally, he supported the successful divestment of the company, carefully balancing the interests of stakeholders, he ensured that the deal structure was both fair and beneficial, delivering long-term value to the acquiring organisation while safeguarding the interests of the employees, investors, and clients. Ultimately, his efforts achieved a transaction that positioned the company for continued success under new ownership. You can read more about this work here . Cost Reduction, Online Retailer In early 2023, Darren supported a large UK online retailer through a downsizing exercise and the changes in demand and expenditure which came with it. By performing a deep dive on all vendor contracts, establishing priority saving areas and engaging in supplier negotiations, Darren and the team were able to deliver £10m of savings on an addressable budget of £85m, in just thirteen weeks. This programme was later nominated for and won an award at the Consultancy Awards 2024 in their Productivity Improvement/Cost Reduction category. Due Diligence, Wholesale Networks Provider Darren’s next programme involved conducting commercial due diligence for a wholesale networks provider, working with their investors to review the feasibility of investing in a company specialising in telecoms software. This saw him evaluate their business model, examine the software’s features to identify any intellectual property and patents, and assess the business’ risk register to ensure that it was future-proofed. Darren’s due diligence work and focus led to the successful acquisition of the company. Vendor Performance Management, Russell-Group University For a prestigious academic institution, Darren conducted Vendor Performance Management and Service Performance Management, assessing their current performance delivery in order to identify areas where improvement was needed. During this time, Darren was responsible for all of the Vendor Performance for their three Modern Network Vendors, analysing data to identify areas for improvement, developing a communication plan, and presenting a negotiation strategy to the university. Get in Touch Across all of these projects and programmes, Darren has leveraged his commercial, contract management and vendor negotiation capabilities to streamline and strengthen each organisation he has supported. For more information on how Darren can optimise your business, contact him using the form below.
Since the origins of the quest for artificial intelligence (AI), there has been a debate about what is unique to human intelligence and behaviour and what can be meaningfully replicated by technology. In this article we discuss these arguments and the ramifications of 'ignorance' as it is expressed by current AI models. To what Extent can Artificial Intelligence Match or Surpass Human Intelligence? This article approaches the question of artificial intelligence by posing philosophical questions about the current limitations in AI capabilities and whether they could have significant consequences if we empower those agents with too much responsibility. Two recent podcast series provide useful and comparative insights into both the current progress towards Artificial General Intelligence (AGI) and the important role of ignorance in our own cognitive abilities. The first is Season 3 of 'Google DeepMind: The Podcast”, presented by Hannah Fry, which describes the current state of art in AI. The second is Season 2 of the BBC's 'The Long History of… Ignorance' presented by Rory Stewart, which explores our own philosophical relationship with ignorance. A Celebration of Ignorance Rory Stuart’s podcast is a fascinating exploration of the value that we gain from ignorance. It is based on the thesis that ignorance is not just the absence of intelligence. It feeds humility and is essential to the most creative endeavours that humans have achieved. To ignore ignorance, is to put complex human systems, such as government and society, into peril. The key question we pose is whether or not current AI appreciates its ignorance. That is, can it recognise that it doesn’t know everything. Can AI embrace, respect and correctly recognise its own ignorance: meaning it doesn’t just learn through hindsight but becomes wiser; and is fundamentally influenced, when it makes decisions and offers conclusions, that it is doing so from a position of ignorance. The Rumsfeldian Trinity of Knowns The late Donald Rumsfeld is most popularly remembered for his theory of knowns. He described that there are the things we know we know; things we known we don’t know; and things we don’t know we don’t know. Stewart makes multiple references to this in his podcast. At the time that Rumsfeld made the statement it was widely reported as a blunder—as a statement of the blindingly obvious. Since then, the trinity of knowns has entered the discourse of a variety of fields and is widely quoted and used in epistemological systems and enquiries. Let us take each in turn, and consider how AI treats or understands these statements. Understanding our 'known knowns' is relatively easy. We would suggest that current AI is better than any of us at knowing what it knows We also put forward that 'known unknowns' should be pretty straightforward for AI. If you ask a human a question, and they don't know the answer, it is easy to report this an an unknown. In fact, young children deal with this task without issue. AI should also be able to handle this concept. Both human and artificial intelligence will sometimes make things up when the facts to support an answer aren’t known, but that should not be an insurmountable problem to solve. As Rumsfeld was trying to convey, it is the final category of 'unknown unknowns' that tends to pose a threat. These are missing facts that you cannot easily deduce as missing. This includes situations where you have no reason to believe that 'something' (in Rumsfeld's case, a threat) might exist. It is an area of huge misunderstandings in human logic and reasoning; such as accepting that the world is flat because nobody has yet considered that it might be spherical. It is expecting Isaac Newton to understand the concept of particle physics and the existence of the Higgs boson when he theorises about gravity. Or following one course of action because there was no reason to believe that there might be another available: all evidence in my known universe points to Plan A, so Plan A must be the only viable option. In experiments with ChatGPT, there is good reason to believe that it can be humble; that it recognises it doesn’t know everything. But the models seem far more focused on coping with 'known unknowns' than recognising the existence of 'unknown unknowns'. When asked how it handles unknown unknowns, it explained that it would ask clarifying questions or acknowledge when something is beyond its knowledge. These appear to be techniques for dealing with known unknowns and not unknown unknowns. The More we Learn, the More we Understand How Much we Don’t Know Through early life, in our progression from childhood to adulthood, we are taught that the more you know and understand, the more successful you will be. Not knowing a fact or principle was not something to be proud of, and should be addressed by learning the missing knowledge and followed by learning even more to avoid failure in the future. In education we are encouraged to value knowledge more than anything else. But as we get older, we learn with hindsight from the mistakes we have made from ill-informed decisions. In the process, we become more conscious of how little we actually know. If AI in its current form does not appreciate or respect this fundamental concept of ignorance, then we should ask what flaws might exist in its decision-making and reasoning? The Peril of Hubris To feel that we can understand all aspects of a complex system is hubris. Rory Stewart touches on this from his experience in government. It is a fallacy to believe that we should be able to solve really difficult systemic problems just by understanding more detail and storing more facts about the characteristics of society. As Stewart notes, this leads to brittle, deterministic solutions based on the known facts with only a measure of tolerance for the 'known unknowns'. Their vulnerability to the 'law of unintended consequences' is proven repeatedly when the solution is found fundamentally flawed because of facts that were never, and probably could never be, anticipated. These unknown unknowns might be known elsewhere, but remain out of sight to the person making the decision. Some unknown unknowns might be revealed, by speaking to the right experts or with the right lines of enquiry. However, many things are universally unknown at any moment in time. There are laws of physics today that were unknown unknowns to scientists only few decades previously. The Basis of True Creativity Stewart dedicates an entire episode to ignorance’s contribution to creativity, bringing in the views and testaments of great artists of our time, like Antony Gormley. If creativity is more than the incremental improvement of what has existed before, how can it be possible without being mindful of the expanse of everything you don’t know? This is not a new theory. If you search for “the contribution that ignorance makes to human thinking and creativity” you will find numerous sources that discuss it, with references ranging from Buddhism to Charles Dickens. Stewart describes Gormley’s process of trying to empty his mind of everything in order to set the conditions for creativity. Creativity is vital to more than creating works of art. It is an essential part of complex decision-making. We use metaphors like 'brainstorming or blue sky thinking' to describe the state of opening your mind and not being constrained by bias, preconception or past experience. This is useful, not just to come up with new solutions, but also to 'war game' previously unforeseen scenarios that might present hazards to those solutions. What would you Entrust to a Super-Genius? So, if respecting and appreciating our undefined and unbounded ignorance is vital to making good and responsible decisions as humans, where does this leave AI? Is AI currently able to learn from hindsight – not just learn the corrected fact, but learn from the very act of being wrong? In turn, from this learning, can it be more conscious of its shortcomings when considering things with foresight? Or are we creating an arrogant super-genius unscarred by its mistakes of the past and unable to think outside the box? How will this hubris affect the advice it offers and the decisions it takes? What if we lived in a village where the candidates for leader were a wise, humble elder and a know-it-all? The wise elder had experienced many different situations, including war, famine, joy and happiness; they have improvised solutions to problems that they have faced in the past, and have learnt in the process that a closed mind stifles creativity; they knew the mistakes they had made, and therefore knew their eternal limitations. The village 'genius' was young and highly educated, having been to the finest university in the land. They knew everything ever written in a book, and they were not conscious of making a bad decision. Who would you vote for to be your leader? Conclusion The concepts described here are almost certainly being dealt with by teams at Google DeepMind and the other AI companies. They shouldn’t be insurmountable. The current models may have a degree of caution built into them to damp the more extreme enthusiasm. But I’d argue that caution when making decisions based on what you know is not the same as creatively exploring the 'what if' scenarios in the vast expanse of what you don’t know. We should be cautious of the advice we take from these models and what we empower them to do—until we are satisfied that they are wise and creative as well as intelligent. Some tasks don’t require wisdom or creativity, and we can and should exploit the benefits that these technologies bring in this context. But does it take both qualities to decide which ones do? We leave you with that little circular conundrum to ponder.
OUR OFFICES
SUBSCRIBE FOR LATEST INSIGHTS
FOLLOW US
THE FINE PRINT
