STRAYLIGHT
STRATEGIES
Principal-led strategic cyber advisory

Two decades building intelligence capabilities and tracking the adversaries behind them.

Now advising cybersecurity startups on buyer readiness, investors on what's real, and government on capabilities that work under pressure.

Discuss an engagement

Most cybersecurity advisors come from the vendor side. They know how to sell. We've built the programmes, operated them under pressure, and decided what to buy — and that changes everything.

We've built threat intelligence practices from scratch and grown them into revenue-generating service lines. We've tracked nation-state actors across global networks. We've run competitive evaluations of security platforms and made the purchasing decisions that determined which vendors won. That perspective shapes every engagement — whether we're advising a startup on positioning, helping an investor test a claim, or designing an intelligence capability for a government body.

Straylight is a principal-led advisory practice for organisations facing consequential cyber, intelligence, and buyer-side decisions.

Who we work with

Three audiences, one operator perspective

Startups
Cybersecurity companies that need to earn trust from serious buyers
Product positioning, enterprise and government buyer readiness, and guidance shaped by how procurement teams, operators, and national security buyers actually evaluate risk. Not generic startup advice.
Investors
Funds evaluating cybersecurity companies, markets, and technical claims
Independent operator judgment for deal diligence, market assessment, and portfolio support. We look past pitch-deck fluency and ask the harder questions: does the product solve a real problem, and will buyers actually pay for it?
Government
Public-sector and national security organisations navigating capability decisions
Intelligence capability design, strategic positioning, and the realities of adopting modern security technology in high-consequence environments. We understand both sides of the table: operational need and commercial supply.
Capabilities

What we do

Every engagement draws on the same foundation: operational intelligence experience, a buyer's understanding of the market, and the ability to translate between deeply technical and deeply strategic conversations.

01
Startup Strategic Advisory
Strategic counsel for cybersecurity companies making consequential decisions: positioning, buyer readiness, product direction, government engagement, and credibility with demanding customers. Engagements are typically retained advisory board seats, quarterly strategy sessions, or intensive GTM sprints.
02
Investor Diligence & Portfolio Support
Independent assessment of cybersecurity companies, products, and markets. Technical and commercial judgment grounded in how security teams actually operate. Available as per-deal diligence, retained portfolio advisor, or market landscape briefings.
03
Intelligence Capability Design
Design of intelligence functions, workflows, operating models, and supporting architecture that produce decisions — not just reporting. From first principles through to operational delivery, including the governance structures that make intelligence operationally useful.
04
Government & National Security
Strategic support at the intersection of cyber, intelligence, procurement, and commercial technology. We understand the procurement dynamics, the trust requirements, and the operating realities that determine whether a capability actually works once it's deployed.
Track record

Selected experience

Built a threat intelligence practice from zero — defined the service offering, hired and led the team, secured the initial client pipeline, and grew it into a revenue-generating capability.
Led intelligence response to nation-state campaigns at Microsoft, directly shaping defensive posture for a global customer base.
Ran competitive evaluations of threat intelligence and security platforms, delivering procurement recommendations that balanced analyst need, operational fit, and commercial reality.
Advised CISOs and senior security leaders across energy, manufacturing, transport, and government — translating threat intelligence into architecture decisions and investment priorities.
Approach

Senior attention. Clear judgment.

We work on a limited number of engagements where context, discretion, and direct senior involvement matter. Clients come to us when the decision is consequential, the technical claims need testing, or the gap between strategic ambition and operational reality is becoming expensive.

Our work is threat-informed, buyer-aware, and designed to produce decisions.

  • Not slide decks for their own sake
  • Not junior-team churn dressed up as advisory
  • Not recycled consulting templates
Mark "Magpie" Graham
Founder & Principal
  • Background Career spanning UK government intelligence, Microsoft's Threat Intelligence Centre, and senior leadership in the industrial cybersecurity sector
  • Education MEng Computer Science, University of Warwick. Software Architecture Professional Certificate, Carnegie Mellon SEI.
  • Recognition Team Cymru Global Defender Ally Award (2026). Cited for career-spanning impact and leadership through collaboration.
  • Speaking NATO, NCSC, CERT-EU, ENISA, Black Hat Europe, Microsoft BlueHat, SANS CyberThreat, and closed-trust intelligence forums.
  • Media Quoted in WIRED, BBC, TechCrunch, The Register. Published in Computer Weekly and the Microsoft Security Blog.
Contact

Start with a real conversation

We can usually tell within one conversation whether we can help. Reach out if you're working on something where this perspective would be useful.

Typical first conversations: assessing product-market fit for government buyers, scoping an intelligence capability build, evaluating a cybersecurity investment, or exploring a retained advisory relationship.

Email
hello@straylightstrategies.com
LinkedIn
Mark "Magpie" Graham