Cyber Essentials 2026 Readiness Checklist for...
Cyber Essentials is now a recognised benchmark for UK businesses that want to demonstrate good cyber hygiene, reassure customers, meet...
Read More
I’m Lee O’Dell, and I work with AJC clients on cyber security assessments, Cyber Essentials certification and penetration testing. My role is focused on helping organisations understand their cyber security position, work through assessment requirements and take practical steps to strengthen their defences.
With more than 27 years of experience in IT, I have worked across a wide range of technical areas, including desktop support, infrastructure services, e-commerce production support and File Transfer Protocol teams. Over the past five years, I have specialised in cyber security, with a particular focus on cyber assurance, vulnerability management, penetration testing and compliance. That background helps me bring a practical, client-focused perspective to every engagement.
At AJC, I head up the Cyber Essentials and Penetration Testing department, supporting clients through assessment, testing and remediation. The work can vary from a single Cyber Essentials application to large-scale penetration testing across a range of systems, platforms and environments.
A key part of my role is helping clients approach cyber security in a structured and manageable way. Cyber Essentials can feel daunting, particularly for organisations going through the process for the first time, so I aim to make the journey as clear and straightforward as possible. My focus is always on helping clients understand what is being asked, what evidence is needed and what practical steps they can take to achieve the right outcome.
I would like to support as many Cyber Essentials clients as possible this year by giving them a methodical approach to their annual certification process. I also want to make good use of the experience we have within the team, while encouraging younger members of staff to build their knowledge and develop their careers.
As part of this, I am also involved in the way we use historical assessment data and real-world evidence to improve the way assessments are reviewed and understood. That includes helping to ensure that our approach reflects what actually happens during Cyber Essentials assessments, rather than relying only on theory.
The work we do with clients is centred on helping them improve their security in a practical and achievable way. Much of my work is with financial services clients, although these can vary significantly in size, from one-person businesses through to much larger organisations. That variety is one of the reasons a clear and practical approach is so important. Each client may have different systems, resources and internal knowledge, but they all need to understand what is required and how to move forward with confidence.
For Cyber Essentials, I never approach an assessment with the aim of failing anyone. The aim is to work with the client, guide them through the process and help them understand what needs to be remediated so they can reach a pass result.
That support is important because many organisations are doing the right things in principle, but may not have documented their approach clearly or may have gaps they have not identified. We help clients work through their answers, understand the technical requirements and avoid feeling stranded or unsupported during the process.
For penetration testing, our focus is on providing a thorough assessment and a clear, useful report. The value is not just in identifying vulnerabilities, but in helping the client understand what the findings mean, what needs to be addressed and how they can reduce risk before any re-testing takes place.
I also place a lot of importance on building long-term working relationships. When clients come back to us year after year, we get to understand their environment, their challenges and the way they work. That makes the process smoother, more efficient and more valuable for everyone involved.
Before specialising in cyber security, I built my career across a broad range of IT support and infrastructure roles. That experience gave me a strong understanding of how technology operates in real business environments, and how important it is for security advice to be practical rather than theoretical.
Over the course of my career, I have worked across desktop support, infrastructure services, e-commerce production support and File Transfer Protocol teams. This has given me a wide view of IT operations, from user support through to business-critical systems and data movement.
In cyber security, I have now overseen more than 1,200 Cyber Essentials assessments, supporting organisations of different sizes through certification, remediation and ongoing compliance activities. I have also been involved in a large number of penetration testing engagements, helping clients identify vulnerabilities and take meaningful action to strengthen their security posture.
My experience includes Cyber Essentials and Cyber Essentials Plus certification programmes, vulnerability assessments, phishing simulation exercises, security assurance reviews and practical risk-reduction work. Across all of these areas, I have worked with both technical and non-technical stakeholders, translating complex findings into clear, actionable steps that support the wider business.
That is an important part of the way I work. Cyber security findings need to be understood by the people responsible for acting on them. My aim is always to make sure clients come away with clarity, not confusion.
A good example of this is account separation, which is one of the common issues I see during Cyber Essentials assessments. In some organisations, users are carrying out day-to-day tasks from an administrator account rather than using a standard local account. That can leave a device more exposed because, if the account is compromised, an attacker may gain higher levels of access than they should. It is a simple area to overlook, but it can make a significant difference to security when it is addressed properly.
What stands out about AJC is the practical, client-focused approach. The team understands that cyber security is not just about completing an assessment or producing a report. It is about helping organisations understand their risks and make improvements that work in their real environment.
That approach is especially important for Cyber Essentials and penetration testing. Clients need clear guidance, realistic recommendations and support that helps them move forward. They do not need unnecessary complexity or advice that sounds impressive but is difficult to apply.
At AJC, we work with clients in a way that is supportive and proportionate. The aim is to help them build confidence, improve security and understand what good practice looks like for their organisation.
That same practical and professional approach is also reflected in the people I work with. What has impressed me most since working with AJC is the level of professionalism, maturity and knowledge across the team. My colleagues bring real expertise to their work, and that creates a strong environment for both clients and staff.
Outside of work, football is a big part of my life. I am an avid Arsenal supporter and also coach a female youth football team.
It has been really rewarding to see the team develop. In our first season, we won the league, and in our second season we progressed through the rounds of a cup competition all the way to the final. Coaching gives me the opportunity to support young players, help them build confidence and see what can be achieved when a team works hard together.
I also enjoy paddleboarding, which is a great way to switch off and spend time outdoors. In 2025, I completed the Three Peaks Challenge. I am not in a hurry to repeat it in quite the same way, but I would like to go back and enjoy the scenery properly rather than rushing from one location to the next.
Cyber security can feel complex, particularly for organisations trying to understand certification requirements, testing findings or the practical steps needed to improve resilience. At AJC, I work with clients to make that process clearer and more manageable.
Whether you need support with Cyber Essentials, Cyber Essentials Plus, penetration testing or wider vulnerability management, we can help you understand your current position and take practical steps to strengthen your security.
If you would like to find out more about how AJC can help, you can get in touch via our contact page or contact me directly at lee.ODell@ajollyconsulting.co.uk
Cyber Essentials is now a recognised benchmark for UK businesses that want to demonstrate good cyber hygiene, reassure customers, meet...
Read More
Cyber Essentials helps organisations protect themselves against common cyber threats, but many businesses still find the assessment more challenging than...
Read More
In a fast-paced world driven by technology, sports clubs are increasingly dependent on digital systems, whether they are a small...
Read More