PFH Office of the CTO Newsletter - Issue 10 - June 2025

Welcome to the June issue of the From the Office of the CTO Newsletter. 

This month, we have reflections from Stephen O’Herlihy on his recent trip to Las Vegas for the Dell Technologies World 2025 conference, plus sections on why your organisation should have a cybersecurity incident response plan, why modern pen testing is essential for cybersecurity, and a pointer to an upcoming Microsoft and Nerdio webinar that will be of interest to those of you looking to control your desktop delivery costs in the public sector.

Early mornings to late nights. Virtual U2 to Counting Crows. Lots of Tech.

Reflections from Dell Technologies World 2025.

By Stephen O'Herlihy - Chief Technology Officer at PFH Technology Group.

Every time I go to Dell Technologies World in Las Vegas, I say it’ll be my last. Of course, I then find myself back in the desert at the next conference, surviving the intensity of it all over again. It’s not because the event lacks value, far from it. The content is excellent, the networking is world-class, and the access to Dell leadership is second to none.

No, my challenge with Vegas is purely personal: I still haven’t learned to say no to the never-ending stream of evening events, drinks and rich food. Combine that with 3 a.m. wake-ups, keeping pace with the Irish day job (thanks, time zones), jam-packed conference days, and a schedule of “optional” dinners that turn into marathon social events… and you’ve got a recipe for exhaustion.

Take day one. It started with a 7.30 a.m. breakfast reception for all our customers, followed by a full day of technical sessions and customer meetings with Dell technical leaders. Then came a customer welcome reception, followed by a team dinner with the Irish Dell team, customers, and partners, followed by an EMEA executive meal. Yes, three full dinners in one evening. For those who know me, of course, I managed all three!

This year felt particularly special as I attended Dell Tech World representing Ricoh, a Dell Titanium Black partner, one of only 20 globally in Dell’s elite partner program. It’s a significant badge of honour and reflects the deep collaboration and shared innovation between our organisations. As PFH is a Ricoh company, it’s a privilege to be part of an organisation that has so much capability, trust and such long-term relationships with vendors and customers at global scale.

One of the biggest highlights is always the chance to reconnect with Ricoh colleagues from around the world: our executive team from Tokyo plus teams from across Europe. These global gatherings remind me of just how strong and far-reaching the Ricoh and Dell alliance has become.

Access to Dell’s senior leadership is another reason Dell Tech World stands apart. Few vendors continue to show up for the technical community the way Dell does. In a time when many tech companies are scaling back technical enablement and community investment, Dell is doubling down, not just with words, but with real R&D spend, practical resources, and consistent support. Maybe it’s because they operate in such a competitive landscape, but as a market leader, Dell continues to treat its community as a priority.

I had the pleasure of attending the Dell Heroes program reception, a global initiative celebrating the engineers, architects, and practitioners who design, deploy, and operate Dell solutions. What stood out wasn’t just the high-quality food and cocktails (though they were excellent) but the number of senior Dell executives who showed up and genuinely engaged with the community. It wasn’t lip service. It was a meaningful, honest connection, a real signal of Dell’s culture.

But what about the conference itself?

As expected, AI was everywhere. If I’m honest, it was perhaps a bit too dominant, but context matters. Dell Tech World is all about the future, not the past or even the immediate present. The sessions highlighted how enterprise AI is maturing rapidly, and Dell’s strategy is clear: give customers the flexibility to run AI workloads on-prem, in the data centre, or at the edge, all with enterprise-grade security and performance.

It’s not just about the hardware, though Dell showcased some seriously impressive high-performance edge and data-centre AI servers and desktop appliances. It’s about delivering complete, outcomes-driven solutions built in partnership with AI leaders like NVIDIA. The AI-Factory is just what the doctor ordered: the ability to consume AI solutions with ease. They have designed the solution so it can be deployed quickly and securely, with clearly defined use cases, a critical step forward for real-world AI adoption.

That said, one of my disappointments this year was the lack of attention given to what I think are some of Dell’s most exciting developments. The keynote gave just a few minutes to Dell’s Private Cloud Automation platform, a massive leap forward for hybrid cloud, especially as customers re-evaluate strategies following turbulence in the virtualisation market. Supporting multi-stack environments like VMware vSphere, Nutanix, and Red Hat OpenShift, this platform gives customers more choice, more flexibility, and more control. Organisations can protect their investment with reusable infrastructure, simplify operations with full lifecycle management and support customer choice with a catalogue of validated blueprints. It should have been a major feature, not a side note.

Likewise, Project Lightning, PowerScale AI enhancements, and the unveiling of 122TB NVMe drives barely got a mention, despite their potential to reshape how we approach data at scale, ransomware recovery, and intelligent storage. Dell’s new AI-driven ransomware detection, which analyses snapshots directly on the array, could be a game changer for early detection and rapid data recovery. But unless you were in the breakout sessions, you probably missed it.

Maybe I’m just too much of a techie, but these are the innovations that get me excited.

All that said, it was a brilliant few days. Yes, the early mornings were brutal. Yes, the food was excessive. And yes, the return journey was delayed thanks to FAA staffing issues (less cost-cutting, more air traffic controllers, please).

So how was U2? Well, the best way to describe it is like drinking Guinness 0.0. It looks and tastes like it, but it’s not better than the real thing. However, the Las Vegas Sphere is a feast for the senses and is well worth experiencing. I was blown away by how they can run a virtual U2 concert. A hint of the world ahead, but a bit like going to the cinema rather than a concert. The Counting Crows customer appreciation concert at the conference was top-class! That was an in-person, real-life concert rather than a virtual event. Real-world events still have their place.

I left Vegas with insights, new connections, and a renewed sense of where Dell and the broader enterprise tech world is headed. So yes, I survived Vegas. Again. Ask me in a few months if I’m going back next year. My answer will probably be the same as always: Never again.

Until next year.

Why Every Organisation Needs an Incident Response Plan

By Stephen O'Herlihy - Chief Technology Officer at PFH Technology Group.

Over 2500 years ago, Confucius, the noted Chinese philosopher, wrote:

Success depends upon previous preparation, and without such preparation, there is sure to be failure.

This remains as true today as it likely was during the Zhou Dynasty when Confucius was alive. It’s certainly true when it comes to modern cyber defence planning. 

The more preparation an organisation puts into cyber-defence planning, the better the response and outcomes will be when (not if!) the organisation gets hit by an attack. Preparation takes many forms: system identification, risk assessment, defence planning, user training, and attack simulation exercises.

In this newsletter, I’ll write about preparation at a high level. I’ll follow up with a blog that goes into each part of the planning process in the next few weeks.

Why Preparation is Important

Preparing for when an attack occurs is an important part of cybersecurity defence on par with other tactics such as perimeter defences, endpoint protection, network detection and response, penetration testing, and other strategic elements of a comprehensive defence plan.

Experience shows us that outcomes tend to be better if everyone involved knows what is expected of them in a crisis, and also when they have been engaged in realistic drills that simulate an attack.

So, what should organisations focus on in their preparation? Four main areas will pay back handsomely if the preparation and planning are good. 

Risk Identification

When thinking about how to prepare for future cyberattacks, it’s helpful to keep the often-used adage that “you can’t defend what you can’t see” in mind. Most organisations have a limited budget to spend on cyber defence. It’s vital that this gets spent in the best possible way. 

To use your funds effectively, there must be an accurate and up-to-date picture of the current infrastructure and its cybersecurity status. You can build this picture using the following techniques:

• Audits of Current Systems - The fundamental requirement for cybersecurity preparation is to conduct a comprehensive audit of all equipment connected to the network, including servers, endpoints, cloud-based servers, and SaaS applications. Software tools are available to discover everything connected to a network. In most organisations, these audits highlight connected devices that are unknown. These unknown and unmanaged devices are high risk as they are probably not running the latest security updates.
• Categorise System & Data Risk - Some systems and the data they hold are more important than others. You should categorise all the identified servers, applications, databases, and users by their risk level. You should build your defensive plans around these risk levels. 
• Use Professional Penetration Testing - Once you know about all the systems connected to your network, it’s important to do vulnerability and penetration testing to get a snapshot of the current attack surface and vulnerability landscape. So that you know what issues to address as a priority. More on this later in this newsletter.
• Create an Improvement Plan - Protect the most critical systems and sensitive data first, and then apply resources to other systems as budgets and resource availability allow. You can’t do everything at once, and your team will miss vulnerabilities if they try. The plan must reflect the realities of what can be done now.

Incident Response Planning

When the complete picture of what’s connected to the network is known, and a cybersecurity improvement plan is in place to address any known issues, the next step is to implement a response plan for the people in your organisation to use when an attack happens. This is a different process from the systems auditing and improvement planning discussed previously.

It’s vital to have a well-designed and easily understood incident response plan (IRP) that staff at all levels are aware of and know how to follow the parts relevant to them. Everyone must understand how to implement what’s detailed in the IRP very quickly, as the initial response to a cyber incident can make the difference between a minor incident and a catastrophe. As many incident response experts say, “When you’re in the middle of a fire, you don’t want people to be reading the instructions on the fire extinguisher!”

A well-designed IRP should contain the following information:

• Documented Policies, Procedures and Actions - These should include sections for every level of employee who will need to respond appropriately when an incident occurs. There will need to be sections on how staff using endpoint devices should respond, as well as sections with information for cybersecurity teams and designated contacts in any external cybersecurity providers hired to deliver security services. The information in each section should be tailored to the specific tasks for different people during a security incident.
• Attack Simulations and Training - Building on the fire extinguisher quote, you don’t want your staff to be reading the response plan during an incident. Everyone needs to be deeply familiar with what they need to do. A good way to achieve this is to conduct frequent training sessions and run periodic attack simulations, allowing key staff to practice the actions they will need to take before being needed in a real attack situation. These simulation exercises are often referred to as tabletop attack simulations.
• Ongoing Response Plan Reviews - Developing a response plan is not a one-time activity. Organisations change over time, and cybersecurity planning in general, and the IRP specifically, needs to be periodically reviewed and updated to reflect recent changes. Many organisations tie their reviews and updates of the IRP to the frequency of their tabletop attack simulations, as gaps in the IRP are often exposed during these training exercises.

Regulatory Compliance

In addition to the information in the IRP that informs staff how to deal with a cyber-attack, it’s also helpful to include higher-level plans that outline how the organisation will meet the cybersecurity requirements in regulations such as GDPR, NIS2, or any others that are relevant to the organisation. 

There will be considerable overlap and impacts on regulatory compliance from the cybersecurity defence strategy and tactics that emerge from incident response planning. Highlighting the regulatory requirements that need to be met in the IRP (and in a separate, more detailed regulatory requirements document) keeps these essential aspects of security provision in everyone’s mind when discussing changes to security practices.

Responding to an Attack

Every organisation should work under the assumption that they will get attacked and that the attackers will likely succeed in breaching their defences. 

It is in this scenario that the IRP and training exercises will repay the investment. A rapid response is everything once an attack is detected, ideally through the 24/7 Network Detection monitoring that each organisation should have in place.

The recent cyberattacks on major UK retailers highlight the importance of detection and rapid response. The Co-op IT teams detected attacker activity on their systems and shut them down before ransomware could be deployed. The same attackers also targeted M&S systems, infecting them with ransomware. This BBC News article discusses the attacks using information the attackers sent to the BBC. Hopefully, their public statements will help police track them down.

I’ll expand on this topic in the blog I’m writing for publication in a few weeks, but basically, the initial response to a cyber incident should make sure that:

1. The attack is contained to prevent it from infecting other systems.
2. The communication plan in the IRP is activated so that everyone knows they need to do what their section of the IRP outlines. Include any external stakeholders that need to know: business partners, supply chain partners, customers, and regulators.
3. Remove the attackers and their attack software from infected systems.
4. Restore infected systems to a clean working state.
5. Conduct an analysis of the attack to discover how they breached defences.
6. Update any cybersecurity improvement plans and the IRP in light of how the attack succeeded to plug any gaps in security or the response plan.
7. Update required external stakeholders on the conclusion of the attack and review.

Preparation is a vital part of planning to deal with cybersecurity attacks. However, it needs to be a part of a broader strategy that includes 24x7 monitoring, endpoint protection, and continuous improvements to the security posture. 

Why Regular Penetration Testing Is Essential for Your Cybersecurity Strategy

 By Ian O'Callaghan - Security Division Lead at PFH Technology Group.

You may have heard the adage from experienced systems administrators that untested backups are not backups at all. A similar adage applies to cybersecurity defences. If you haven’t tested your defences to find gaps and vulnerabilities, then do you really have defences in place? That might seem like hyperbole, but like all sayings of its type, it contains a truth. 

As mentioned in the risk identification portion in the response planning section of this newsletter, “you can’t defend what you can’t see”. A way to increase the odds that you do see any gaps and vulnerabilities in your cybersecurity defences is to employ regular penetration testing to probe the hardware, software, and human components of security. 

What is Penetration Testing?

Penetration testing, also known as pen-testing or ethical hacking, is the process of legally probing for vulnerabilities in IT systems. It gets performed by security professionals who are experts in the techniques used by cybercriminals. 

The use of legally in this context is important. Someone in authority in the organisation being pen-tested needs to have approved it. In some cases, the people in the organisation who are conducting 24/7 monitoring do not get told that a penetration test is happening. This secrecy tests the monitoring systems in place and whether the security staff notice the activities of the pen testers. A useful part of the overall testing process.

Organisations need to see pen testing as more than a box-ticking exercise needed to satisfy auditors, insurers, or external regulators. They should see it as a core part of a broader cybersecurity defence, planning and response strategy. 

Pen testing should not be confused with automated vulnerability testing tools, which are a common part of many cybersecurity solutions. These automated tools play an important role in the overall defence landscape, but penetration testing goes beyond them. It is conducted by highly skilled human cybersecurity experts who can operate in a way similar to cybercriminals. 

Why You Need Pen Testing

Pen testing enhances an organisation’s overall security posture by identifying gaps and vulnerabilities in all aspects of security, both technical and human. Modern pen tests are mini projects that deliver enhanced security after the findings get fed into cybersecurity improvement planning. 

The identification of security gaps in pen tests enables the mitigation of business risks from cyberattacks, especially ransomware or the stealing of sensitive data that attackers can sell or use to extort payments under the threat of public disclosure of the data.

Regular pen tests are an investment in the business that will save money in the future by preventing the costs associated with recovery from an attack. And the associated reputational damage that accrues, as outlined most recently (at the time of writing!) by the ongoing issues with M&S and Co-op in the UK.

Modern Pen Testing

Pen testing has evolved a lot in recent years, and many people’s image of it is outdated. What many think of when pen testing gets mentioned is network pen testing, which is a subset of modern pen testing. 

Modern IT deployments are significantly more complex than they were in the past, and penetration testing has evolved to address this increased complexity. Pen testing now has to cope with infrastructure spread across on-premise servers, private data centres, private cloud, multiple public cloud providers, and unique hybrid configurations of all these.

The applications and business systems deployed across this diverse infrastructure are also much more complicated than before. With microservices, virtual machines, SaaS, and traditional monolithic application models all in use. Many applications also have custom code that often has vulnerabilities specific to the business application in use. 

Modern Pen testing needs to address the following aspects of the IT and application hardware and software stack:

⁃ Network infrastructure

⁃ Application servers

⁃ Web applications

⁃ Mobile endpoints

⁃ Internet of Things (IoT) devices and sensors

⁃ Human factors

I’m working on a blog to follow up on this newsletter section that will dive deeper into these six items. This follow-up blog will also look at the different types of modern pen testing, such as White Box, Black Box, and Grey Box testing, as well as how pen testing teams are broken into Red, Blue, and Purple Teams to determine how attackers and defenders get organised during the tests. Look out for that blog in June.

As with response planning, pen testing is a core part of every cybersecurity strategy. It needs to be done by expert human security teams who know the current attack methods that criminals use. When done well, pen testing will significantly boost your organisation’s security posture. The PFH Security Team can work with your organisation to devise a suitable penetration testing approach and collaborate with your IT team to deliver knowledge transfer on all aspects of your current cybersecurity posture. This aligns with the Purple Team approach, as I’ll outline in the follow-up blog.

Nerdio Public Sector Webinar

By Cormac Long - Digital Workspace Specialist at PFH Technology Group.

In the February newsletter, I wrote about Nerdio Manager for Azure Virtual Desktop. As a follow-up to that piece, I’d like to highlight an upcoming June 24th Nerdio and Microsoft webinar titled Empowering Public Sector in EUC with Nerdio and Microsoft. 

The free online event will address the cost challenges that public sector organisations and departments are facing. This will be framed in how using Nerdio with Azure Virtual Desktop (AVD) deployments can deliver Desktop as a Service (DaaS) solutions that significantly control costs without adding to the management overhead for IT teams.

The webinar will explore how recent desktop virtualisation changes affect end-user computing (EUC) strategies, particularly in the public sector in the UK and Ireland. It will also demonstrate how the Microsoft and Nerdio solutions can help navigate the changing desktop delivery landscape.

PFH is a Nerdio partner, and we have the skills and availability within the Digital Workspace group to engage with your IT team to discuss and deliver Nerdio projects built on AVD or Windows 365. We have already deployed several projects using these technologies, which have enhanced client productivity and reduced costs. Many public sector organisations will be able to deliver projects based on these technologies under the GP PAS122F Lot 5 Consultancy Services Framework.

You can sign up for the upcoming June webinar on the Microsoft Events page. When registering, you have the option to select the company that invited you to register. It would be much appreciated if you mentioned PFH! 

Sign up via the Microsoft Events Page.

Final Thoughts

That’s it for this month. Keep an eye on our LinkedIn feed for the follow-up blogs on response plans and penetration testing that we referred to this month.

Contact us if you would like to provide feedback on this or a previous issue of the newsletter, or if you have a question. The next newsletter will be out in early July. If there is a technology topic you’d like us to cover, let us know in the comments. 

| PFH Office of the CTO |