New startup member, Relatable Security, brings a refreshing and positive approach to cybersecurity, stemming from the founders’ own experiences of good and bad practice over the years. Joining forces in summer of 2024, Mel George and Kit Barker have combined their specialisms in organisational change and software engineering to help Sheffield businesses realise the value of simple, relatable security. We caught up with the duo to find out more about their approach, what good cybersecurity practices look like, and why chocolate really is the answer to everything.

When Mel George and Kit Barker started Relatable Security, they set out to do something different. Not just another cybersecurity consultancy, but one that puts people and culture at the heart of everything — making security more understandable, more embedded, and, as the name suggests, more relatable.

The pair met while working together in a previous organisation and quickly realised they shared the same outlook: cybersecurity shouldn’t be about scaring people or ticking boxes. It should be about empowering teams and enabling businesses to grow and seize new opportunities with confidence.

“A lot of people see it as a tick box exercise,” says Mel. “But if you do it well, it becomes a real business enabler. Something that can directly add value to your business.”

A clear, pragmatic approach to cybersecurity

Relatable Security helps organisations of all sizes take a fresh look at their security practices. Their approach is pragmatic, honest and jargon-free. Whether it’s getting on NHS frameworks, preparing for ISO27001, or just setting solid foundations, they work with teams to build security into the business – in a way that’s easy to understand and adopt.

“In the most secure organisations, security is pretty simple,” explains Kit. “When employees understand what’s required of them and why, it changes the culture. Security becomes a constant thing – not just a firewall or a piece of software.”

Their people-first consultancy focuses on translating complex requirements into plain English and practical steps. “If you read from the international standards, like ISO27001, it is written in such a way that it makes a great cure for insomnia!” Mel jokes. “So we just try to translate it and say what needs to be done, putting it into lateral terms.”

The duo are particularly passionate about shifting perceptions of cybersecurity from a scary, compliance-led concept into something that’s embedded in the way a business works.

“We know people like positive reinforcement; more carrot than stick,” Kit says. “In a previous company, if people locked their screens when they stepped away, there’d be a chocolate waiting for them when they got back. It’s a cool way to make good practices part of a positive culture (although your budget does run out pretty quickly!).”

Helping businesses get ahead

The company believes good security brings commercial benefits. “You can offer assurances in order to win larger customers,” says Mel. “If you want to work with the NHS, for example, you need to adhere to the Data Security Protection Toolkit. Getting there requires investment — but if you’ve already got good practices in place, you’re saving time and money.”

Cybersecurity also matters when it comes to mergers and acquisitions. The pair are currently supporting a client through this process, helping them avoid the delays and costs that come from last-minute fixes.

Mel and Kit will always offer a clear and honest view of what most companies actually need, and when. Instead of pushing costly audits or complex systems, they focus on practical steps that make a real difference.

“Don’t talk about ISO27001 before you need to,” Kit advises. “Look at your markets and where they’re heading. Think strategically about what certifications and frameworks you actually need to access for business growth. A quick conversation can save you from going down an expensive or unnecessary route.”

They’ve just launched a virtual CISO Service, which gives companies access to the strategic leadership of a Chief Information Security Officer (CISO) and provides the chance to plan longer-term without a big commitment. It’s a month-to-month service that helps teams get the basics right, build a roadmap, and move forward at a pace that is conducive to business growth.

“One key output from our virtual CISO service is an informed 12-month plan – setting out where you want to be as an organisation and the steps we can help you take to get there,” Mel explains. “But you’re not making an expensive hire or a long term commitment. If we’re not adding value, you can get rid of us, and that flexibility is really beneficial to smaller companies.”

Supporting Sheffield’s digital community

Mel and Kit are closely involved with the local tech scene, working with early-stage founders through the Cooper Project at Sheffield Technology Parks.

“We don’t want to hear the phrase ‘we’ll add it later,’” says Kit. “If you’re developing an MVP and it’s insecure, you’ve missed the viable part of that MVP.”

They also noticed, in the recent Sheffield Digital Skills Audit, that many local companies weren’t planning to bring in security skills — something they’d love to help change.

“We just want to chat to people and help them get on the right path,” Mel says. “It’s not about getting into long, expensive contracts, you likely need less than you think you do. We can probably sort it quicker than you think. And we’ll make it relatable – which is the difference.”

Get in touch

If you want to approach security in a more useful, less overwhelming way — Relatable Security would love to hear from you. Visit relatablesecurity.com, say hi to Kit and Mel at upcoming Sheffield Digital events or drop them a message in the Sheffield Digital Slack.

They’re always happy to have a conversation — no pressure, no pitch, just helpful, human advice on making your business more secure.