Go to the National Vulnerability Database right now and try to open it on a random day. What you will see is hundreds of CVEs, severity scores, affected software versions, and technical descriptions that assume you already know what you are looking at. There is nothing like "here is what this means for you." There is no "here is what to do next." Just lots of information, sitting there.
Now think about the person who owns a 30-person logistics company. Or the IT guy at a dental practice who is also doing the networking, the backups, the printer problems, and somehow also supposed to be keeping the place secure. These people are not ignoring cybersecurity because they don't care. They are probably ignoring it because nobody has made it make sense for them.
That's where the problem lies and it is bigger than people even admit.
The Industry Built Everything for the Wrong People
Now, Somewhere along the way, the cybersecurity industry decided that its customer was the enterprise. We are talking about the SIEM platforms, the threat intelligence subscriptions, the managed detection services — all of it priced and designed for organizations with dedicated security teams and budgets that most small businesses will never see.
And some of those small businesses? Likely left behind.
The truth is that attackers did not make the same mistake of leaving SMEs outside their "Target Proximity". They are not skipping small businesses and if anything, they are going after them more because they know their (SMEs) defenses are weak. Ransomware groups know that a small manufacturer with no incident response plan will pay up faster than a corporation with a legal team and a cyber insurance policy. As a matter of fact, phishing campaigns don't check the size of your company, before they hit send.
SMEs hold real data, like Customer records, payment details, supplier relationships, operational systems. Compromising one small business in a supply chain can be a back door into something much bigger which the attackers have been able to figured out. But the industry hasn't really caught up yet.
The Weird Part Is That the Information Already Exists
CISA publishes Known Exploited Vulnerabilities feed, which is free and updated regularly. Straight from the US government's cybersecurity agency. The NVD has every disclosed vulnerability you could want, all made public. AlienVault OTX has threat indicators contributed by security researchers from around the world, also free.
So the problem is not that threat intelligence costs money. A lot of it doesn't.
The problem is that all of it was built for people who already speak the language. A raw JSON file of exploited vulnerabilities is not useful to someone who doesn't know what a JSON file is. A CVE description written for engineers is not going to help a business owner decide whether they need to patch something today or if it can wait. The information exists but it exists in a format that only about 5% of the people who need it can actually use.
So they don't use it. They either ignore it completely or they spend money on a commercial platform that does the translation for them, which brings us back to the same problem of cost and complexity.
What I Am Building
I am going to call it the "Threat Intel Digest".
The concept is not too complicated. Pull from CISA, NVD, and OTX. Filter what comes back based on the organizations industry and tech stack. Then use AI to cut through the noise and produce a weekly plain-English digest that tells a non-security person what threats are actually relevant to them, how serious those threats are, and what to do about it.
This will not be a dashboard full of numbers that nobody knows how to read. it wont be an alert for every CVE that dropped this week. It will just be a short, clear summary of something you could read over a coffee and actually walk away from knowing whether you need to take action.
The output will be a web dashboard and a weekly email. The whole thing will run on free APIs and open source tools because if the point is making this accessible to SMEs, building it on expensive infrastructure would defeat the purpose entirely.
Why I Am the Person Building This
My dissertation was about exactly this. I spent months building a cloud SOC environment using Microsoft Sentinel and Tenable Nessus to prove that a small organization could have real detection and response capability without spending enterprise money. The whole argument was that accessible security is not some idealistic goal, it is a practical thing you can actually build if you are willing to put the work in.
This project is the same argument, one step earlier in the chain. The thing is that, before you can even respond to threats, you need to know what threats exist. And right now most small businesses don't have a reliable way to know that.
I am a SOC Analyst. I am not coming at this from some research institution or with a big company behind me. I just think the gap is real, I have the background to do something about it, and I am frustrated enough by it to actually try and see where it goes.
What Comes Next
I will be documenting the whole build. The architecture, the API work, the AI layer, and whatever breaks along the way because something always does. If you are in security, if you run a small business, or if you are just curious about applying AI to real problems on a tight budget, follow along.
The code will be open source, which was always the plan.
See you soon!
Chukwuebuka Okorie is a SOC Analyst with an MSc in Cyber Security Technology from Northumbria University. He writes about practical security, detection engineering, and building security tools that actually work for organisations without enterprise budgets. Photo by Markus Stickling on Unsplash