Rachael Medhurst, Co-Founder, Positive Cyber Solutions Ltd

Rachael Medhurst is Digital Forensics Lead at the University of South Wales, where she teaches and leads the university’s digital forensics provision while researching DFIR processes within the NHS as a PhD student. Drawing on experience in both academia and frontline practice, she also co-founded Positive Cyber Solutions Ltd, helping organisations strengthen cyber resilience through compliance, training, and practical security support. Tell us about your background and your current roles in both academia and industry. My career reflects a blend of education, professional practice, and research that has come full circle. I completed both my BSc and MSc in Computer Forensics at the University of South Wales, which led to a role as a Digital Forensic Investigator supporting police forces across the UK. I then returned to the University, this time as a Lecturer and a student completing my Postgraduate Certificate in Teaching and Learning in Higher Education. After this, I became a Senior Lecturer in Digital Forensics and Cyber Security and the Course Leader of the Digital Forensics provision. Alongside teaching, my research includes incident response, vehicle system forensics, and emerging technologies and digital forensics, with publications in academic journals, and the sharing of knowledge on media outlets including TV and radio. I have also returned to being a student (again), currently doing a PhD on Digital Forensic Incident Response (DFIR) processes in the NHS. I am also a Co-Founder of Positive Cyber Solutions (PCS) Ltd with Emma Derbi, where we support organisations in strengthening cyber resilience, through compliance, awareness, and the implementation of cyber controls. How did the challenges you faced as an investigator guide your current PhD research? In practice, I saw how rapidly evolving technologies can outpace digital forensic processes. Combined with operational pressures such as time constraints and backlogs, this creates challenges in delivering timely and effective investigations. My PhD focuses on DFIR processes within the NHS, where these challenges are even more critical as NHS environments are complex, data-heavy, and time-sensitive, meaning delays or inefficiencies in responding to cyber-incidents can directly impact patient care and services. The PhD explores how DFIR processes can be better integrated, streamlined, and scaled within NHS environments, ensuring investigations are both operationally effective and forensically robust where cyber security is mission critical. Tell us more about Positive Cyber Solutions (PCS) Ltd and the services it offers. PCS makes cyber security accessible, practical, and achievable for all organisations, regardless of sector. Today every organisation relies on technology in some form, whether operational, administrative, or customer-facing. However, many struggle to navigate complex cyber security requirements and implement them effectively within their day-to-day operations. PCS supports organisations in bridging that gap. Get The Latest DFIR News Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month. Unsubscribe any time. We respect your privacy - read our privacy policy. Services include compliance support for frameworks such as Cyber Essentials, security audits, gap analysis, and tailored cyber awareness and training. A key strength of PCS’s approach is that it is underpinned by teaching qualifications and experience, enabling PCS to translate complex technical and compliance requirements into clear, structured, and effective outcomes. This is further strengthened by the hands-on delivery of cyber security services within real organisations. By actively supporting organisations in implementing controls, conducting audits, and achieving compliance, PCS continuously refines what works in practice. This practical implementation feeds directly back into training and consultancy, ensuring that guidance is not only aligned with frameworks, but also grounded in real-world applicability and operational constraints. How can academia and industry best work together? Effective collaboration between academia and industry relies on continuous, two-way engagement. Industry provides critical insight into current challenges, emerging threats, and evolving skills requirements, while academia contributes research, innovation, and structured learning for the next generation. A strong feedback loop is created by embedding real-world challenges directly into teaching, co-developing curricula, and ensuring learners gain authentic, practical, and hands-on experiences. Within my academic roles, this connection is actively reinforced through industry focus groups, guest lectures, participation in industry events, and networking opportunities that bring students, academics, and professionals together. This is further strengthened through industry certifications and tools, as well as the use of specialist facilities that replicate real-world environments. These include the Digital Forensic Lab, Crime Scene House, Moot Court Room, the Hydra Suite, and the SOC (Security Operations Centre), all of which enable the simulation of realistic scenarios and professional workflows. By immersing learners in these environments, we bridge the gap between theory and practice, allowing students to apply knowledge in controlled but authentic settings. How do you see the field of digital forensics and incident response evolving? DFIR is becoming increasingly integrated with wider cyber security and organisational resilience, shifting from a reactive discipline to one that is embedded within real-time incident response, threat detection, and business continuity. The development of technology is reshaping how evidence is collected and analysed, introducing greater complexity, larger data volumes, and ongoing challenges around investigation backlogs, prioritisation, use of AI, and maintaining evidential integrity. As a result, DFIR is becoming more context-driven, requiring professionals to understand not only technical artefacts but also the operational impact on organisations, including dependencies on critical systems and infrastructure, such as the NHS. Overall, DFIR is becoming more specialised, fast-paced, and deeply embedded within wider cyber security operations, sitting at the intersection of technical investigation, organisational risk, and strategic incident response. What advice would you give individuals wanting to enter digital forensics and cyber security? Firstly, while many people are drawn to the fun idea of “hacking” or “catching the criminal,”, it is essential to build strong technical foundations in areas such as information systems, networking, and data structures first, as these underpin Cyber processes. Secondly, curiosity, motivation, and sustained engagement are critical; it’s important to keep up to date with technological developments, governance changes, and emerging cyber threats and incidents. In this field, learning is continuous. It does not end with formal education; every day is a learning day. Finally, this is a team sport. Cyber security doesn’t happen in isolation; it relies on collaboration, communication, and shared knowledge across organisations and sectors. Being able to work with others and communicate technical ideas clearly is just as important as having strong technical skills, alongside actively engaging and networking within the wider cyber community.