June: Bristol cyber security start-up recognised for tackling infrastructure threats | News and features

Hacktonics, co-founded by Professor Awais Rashid, Dr Joseph Gardiner, and Dr Louise Evans from the University’s Department of Computer Science, recently came first out of 11 companies pitching to a panel of experts in the Cyber Den at CYBERUK 2026, a leading cyber security conference.

The company’s work was later highlighted during a meeting with Baroness Liz Lloyd, Minister for the Digital Economy and Cyber Security, where discussions focused on the UK’s growing need for cyber resilience expertise.

This success marks another milestone for the University of Bristol’s thriving innovation ecosystem and its growing reputation for producing world-leading cyber security research and successful start-ups and spinouts.

Professor Rashid, who has spent more than two decades researching cyber security, said Hacktonics was created in 2023 to address a major skills shortage in operational technology (OT) security – the systems that underpin critical national infrastructure such as energy networks, manufacturing facilities, and water treatment plants.

“At that moment, we needed people who understood the actual details of devices and systems, and we needed them to get onto keyboards to deal with things – and we didn’t have enough of them,” he said, recalling conversations with industry leaders responding to real-world cyber attacks.

“That’s really the problem that Hacktonics is trying to solve.”

The company provides hands-on cyber security training designed specifically for industrial systems, an area Professor Rashid says has historically lacked specialist expertise.

He said: “We can find lots of people to pen [penetration] test websites or enterprise IT systems. The number of people who can test or secure operational technology systems deployed in power plants or water treatment facilities is very small.”

Hacktonics combines specialist training hardware built by the University team with a free and open source security platform that the company has built, which together allow realistic industrial environments to be recreated for trainees, equipping them with deep technical expertise.

Professor Rashid explained: “IT systems are fairly homogeneous so you can replicate them whereas one power plant looks different from another power plant or treatment facility. How do you put a power plant on everybody’s desk? That’s really where we come in.”

“When the chips are down, you need people to be able to get onto keyboards and know exactly what’s going on inside the system. If you don’t, your attackers do.”

This powerful message delivered by Professor Rashid in front of industry experts helped Hacktonics achieve success at the cyber security competition and external validation for the company’s approach.

He said: “It’s really positive to see that our vision is recognised by experts against strong competition. Our approach is not about merely training people with slides. This is about saying: you are going to touch the real systems you are actually going to encounter in industry.”

The company’s growing profile led to those discussions with Baroness Lloyd about cyber resilience and the challenges facing start-up companies working in critical national infrastructure.

Professor Rashid said: “The systems underpinning the infrastructure that brings water and power into our homes, manufacturing and transportation were increasingly getting connected to the internet, and we anticipated this is where future research problems were going to come from.”

Today, cyber attacks and AI-enabled threats targeting critical infrastructure are a growing international concern, with high-profile incidents affecting energy systems, manufacturing operations and utilities around the world.

Despite this, Professor Rashid remains very optimistic about the shared opportunities which exist, with human resource at the centre, to create a more resilient cyber security culture and infrastructure.

He said: “Resilience begins with people. We need people with deep technical capability, and we need a wider understanding that security is everybody’s responsibility.”