About Tested Thinking

I’m Pete Simon. I work in cyber security consulting, leading programmes across penetration testing, assurance and specialist delivery for enterprise clients.

Tested Thinking is where I write about cyber security, secure AI adoption and the delivery work that sits between technical detail, governance and real organisational pressure.

Most of the writing here is for security leaders, programme owners and technical teams who are accountable for outcomes. The focus is practical: clearer decisions, honest trade-offs, better questions and delivery that holds up when the work gets difficult.

You’ll find posts on threat-led testing, governance, stakeholder communication and the reality of getting security work done inside live organisations. Some of it is technical. Some of it is about judgement. Most of it sits somewhere in the middle, because that is usually where the real work happens.

I’m not interested in borrowed certainty, vendor-shaped cyber writing or content that sounds impressive but gives people nothing useful to take away. I’d rather write plainly, call the trade-off honestly and leave people with something they can act on.

The aim is simple: write useful field notes for people who have to make decisions, carry responsibility and get security work delivered properly.

If that sounds useful, you’re in the right place.