Most small business owners spend their Sundays catching up on rest, family, or the odd bit of admin. I spent mine differently. At 08:00 this morning, I sat down at my workstation and said three words that set the tone for the next thirteen hours: I have the watch.
It's a phrase borrowed from naval tradition — the moment a crew member formally takes responsibility for a vessel's safe passage. In a Security Operations Centre, it means exactly the same thing. From that moment, every client under my care had me watching over them. All day. Without exception.
Here's what that actually looked like — in plain English, with no jargon.
The Scale of What I'm Watching
Cyber security is often portrayed in the press as a world of dramatic hacks and last-minute saves. The reality, on most days, looks rather different — and frankly, that's precisely how I want it.
Over the course of today's shift, our systems processed an average of 1.4 million signals per minute. Every login attempt, every file transfer, every unusual network request, every connection to or from your systems — all of it flows through our detection infrastructure, constantly. That's not a typo. 1.4 million, every single minute.
Left unfiltered, that volume of data would be completely unworkable for any human analyst. So I don't try to read it all. That's Emily's job.
Meet Emily: My AI-Powered First Line of Defence
Emily is our AI triage engine — something I've spent a considerable amount of time developing and refining. She's not a person, but she works with the focus and consistency that no person could sustain across a thirteen-hour shift. She watches every signal, recognises patterns, understands attack chains, and surfaces only what genuinely matters for my review.
Today, Emily took those 1.4 million signals per minute and distilled them down to 13,000 meaningful events. She then filtered those further, down to just 4 alerts that warranted my attention.
Think of it this way: Emily reads every single letter that arrives at your business, so I only see the ones that need a response. She doesn't get tired. She doesn't miss things because it's a Sunday. She doesn't take shortcuts. I built Emily to embody the diligence I'd want from any member of my team — and she delivers it without fail.
With a quiet alert queue today, I used the time to update Emily's playbooks, refining the logic she uses to detect attack sequences and improving how she hunts for threats across all our client environments. The goal is always the same: make Emily smarter today than she was yesterday, so you're better protected tomorrow.
The Compliance Work That Quietly Protects You
Sunday is also when I carry out weekly stack maintenance. One of the less glamorous — but genuinely important — tasks is archiving older security log data for clients who need to retain records beyond the standard 90-day window.
If your business operates under GDPR, holds sector-specific certifications, or is working towards Cyber Essentials Plus, there's a good chance you have legal or contractual obligations around how long you keep security records. I manage that for you, quietly, in the background — today, as every week.
It matters more than people realise. The ability to reach back into months of historical log data has helped businesses identify breaches they didn't even know had happened at the time. Historical evidence isn't just a compliance box to tick — it's a forensic safety net, and I treat it as such.
Reports, Threat Hunting, and the Human Edge
I compiled end-of-week security reports for each client and updated the running data for the monthly summary. Alongside that, I ran a series of manual threat hunts — proactively searching through the data for signs of compromise or suspicious behaviour that automated systems might miss.
This is where my experience becomes irreplaceable. After many years in this field, I've developed the kind of intuition that doesn't fit neatly into a ruleset. I notice things that don't quite fit. I ask questions that haven't yet been written into a playbook. I connect dots across different clients, different sectors, different threat actors — and I carry that knowledge forward into every shift.
Emily is extraordinary at what she does. But she works best when paired with someone who can think sideways. That's what I bring.
When Something Didn't Look Quite Right
One of the more interesting observations from today involved a metric I call the Emily Confidence Score — my measure of how well Emily's threat model is calibrated to a specific client's environment. For one client, that score had dipped, and that kind of dip always gets my attention.
I investigated. What I found was a cluster of suspicious IP addresses and a pattern of web traffic showing all the hallmarks of AI-generated activity. The giveaway was in the detail: suspiciously consistent behaviour, predictable timing, and software signatures that no genuine human visitor would produce.
My working assessment: a scraping and reconnaissance operation. Someone — or something — is systematically mapping that client's online presence, likely as a precursor to something more targeted down the line.
It's not an immediate crisis. But it's absolutely something that client needs to know about. I'll be speaking to them first thing Monday morning, with my full analysis and recommended next steps in hand.
This is exactly the kind of subtle, context-aware observation that stops small problems from quietly becoming large ones — and it's the kind of thing that only gets spotted because someone was watching carefully on a quiet Sunday afternoon.
Protecting Your Brand: The Fake Website Problem
As part of my ongoing brand protection monitoring, I also ran what are called homoglyph searches for two of my designated clients.
A homoglyph attack is when a criminal registers a domain name designed to look almost identical to your real website — replacing an 'o' with a zero, for example, or swapping a lowercase 'l' for a capital 'I'. The resulting fake site looks genuine enough to deceive your customers, steal their credentials, or intercept transactions that were meant to reach you.
For any business with a recognisable online presence, this is a real and growing risk. Today's searches came back clean. But I run them every shift, without fail — because the moment you stop looking is the moment someone takes advantage.
What All of This Means for You
If you're a small business owner reading this, the takeaway isn't the four alerts, or the suspicious traffic, or the homoglyph searches. The takeaway is simpler than that.
At 08:00 this morning, I had the watch. I stayed on it until 21:00 tonight. I processed 1.4 million signals a minute through Emily, ran down a confidence anomaly, hunted for threats manually, kept your compliance records in order, and checked whether anyone was impersonating your brand online. Then I handed the watch to the next shift.
Your business doesn't stop being a target on a Sunday. Neither do I.
— Peter Bassill, Chief Cyber Defender, UK Cyber Defence
Find out who's watching your business right now
Our managed SOC service gives small businesses the same standard of security monitoring as large enterprises — without the enterprise price tag. No jargon, no long contracts, no surprises.
View our pricing plans