Harry Metcalfe

I help people and organisations figure out what to do next, particularly when technology, culture, or security need to change.

  • I do fractional leadership for organisations facing change - strategy, culture and technology
  • I founded and scaled dxw to 130 people, then sold it into employee ownership
  • I co-founded Tradecraft - offensive cybersecurity and red-teaming
  • I can help bridge the gap between technical complexity and boardroom decision-making
  • I'm hands-on with AI and can help organisations understand the risks and opportunities
Harry Metcalfe

dxw

I founded dxw in 2008 and grew it to 130 people, helping dozens of government organisations rethink how they design and deliver services. After eleven years as sole founder, I sold it into employee ownership.

Tradecraft

I co-founded Tradecraft, which helps organisations by attacking them the way real adversaries do. So far, we've breached every client on a first engagement (security is hard).

Philosophy

I believe in the potential of technology and the internet to create positive change. But it's vital to use them mindfully, iteratively, and with deep attention to the needs and experiences of the people who use them.

Get in touch Read the blog

Experience

Building organisations that matter

I started dxw in 2008 to challenge how government approached technology. At the time, public sector digital services were plagued by misalignment with user needs and deep structural inefficiency. I built dxw around a different set of principles: agile delivery, user-centred design, and open source.

dxw grew to around 130 people and became a trusted partner to dozens of public sector organisations, helping reshape how they designed and delivered services to tens of millions of people. I ran the company as sole founder for eleven years before selling it into employee ownership: a decision that felt right for the mission and the people who'd helped deliver it.

I also co-founded Tradecraft, a security startup built around high-impact red-teaming and attack simulation. Tradecraft does something different to conventional pentesting, working the same way real attackers do, breaching clients using real-world methods. This allowed us to give leaders and security teams specific, actionable information about their security, not just reports to tick compliance boxes.

Approach

Principled, direct, optimistic

I led both companies with strict focus on mission, principles, and values. These were foundational to our work, not just words on a wall. That clarity set us apart from competitors and, on occasion, gave us licence to have strong opinions when it counted.

I work with optimism, and a clear vision for what needs to be different and why. I'm direct about what isn't working, pragmatic about how to make things better, and I bring people with me. I think I'm at my best when an organisation knows it needs to change but hasn't yet found the direction.

I'm able to bridge the gap between technical complexity and strategic decision-making. I can translate technical challenges into language that boards and senior leaders can act on, and strategic direction into tangible ideas that technical teams can use. In security, I can describe cyber risk in commercial and human terms, so that leaders can make well-grounded decisions. I'm also a hands-on user of AI tools, and I think that matters: the gap between what they can do and what most organisations understand about them is large, and it's where a lot of the risk sits.

Let's work together

Need help creating change?

I work with organisations that need to set direction, reset culture, or rethink how things are done. That might mean transitional leadership, shaping strategy and driving change directly. Or it might be a board or advisory role, bringing outside perspective and honest challenge. I take on a small number of engagements at a time, so if you're facing important change, let's talk about it.

Writing

From the blog