Harry Metcalfe

I help people and organisations figure out what to do next, particularly when technology, culture, or security need to change.

I founded dxw, which helped transform the way government builds digital services, and co-founded Tradecraft, which takes a radically different approach to organisational security.

I believe in the potential of technology and the internet to make positive change. But it's vital to use them mindfully, paying deep attention to the needs and experiences of the people who use them.

Get in touch Read the blog
Harry Metcalfe

Available now

Open to the right opportunity

I'm looking for organisations facing significant change: the kind where someone needs to set a direction, reset the culture, or challenge how things are done. The emergence of useful AI makes this more urgent.

That might be a board or advisory role, bringing outside perspective and honest challenge. Or it might be something more hands-on: an interim or fractional position where I can help shape strategy and drive change directly. The sector matters less than the problem. If you're trying to do something that matters and you're not quite sure how to get there, let's talk about it.

Experience

Building organisations that matter

I started dxw in 2008 to challenge how government approached technology. At the time, public sector digital services were plagued by misalignment with user needs and deep structural inefficiency. I built dxw around a different set of principles: agile delivery, user-centred design, and open source.

dxw grew to around 130 people and became a trusted partner to dozens of public sector organisations, helping reshape how they designed and delivered services to tens of millions of people. I ran the company as sole founder for eleven years before selling it into employee ownership: a decision that felt right for the mission and the people who'd helped deliver it.

I also co-founded Tradecraft, a security startup built around high-impact red-teaming and attack simulation. Tradecraft does something different to conventional pentesting, working the same way real attackers do, breaching clients using real-world methods. This allowed us to give leaders and security teams specific, actionable information about their security, not just reports to tick compliance boxes.

Approach

Principled, direct, optimistic

I led both companies with strict focus on mission, principles, and values. These were foundational to our work, not just words on a wall. That clarity set us apart from competitors and, on occasion, gave us licence to have strong opinions when it counted.

I work with optimism, and a clear vision for what needs to be different and why. I'm direct about what isn't working, pragmatic about how to make things better, and I bring people with me. I think I'm at my best when an organisation knows it needs to change but hasn't yet found the direction.

I'm able to bridge the gap between technical complexity and strategic decision-making. I can translate technical challenges into language that boards and senior leaders can act on, and strategic direction into tangible ideas that technical teams can use. In security, I can describe cyber risk in commercial and human terms, so that leaders can make well-grounded decisions. I'm also a hands-on user of AI tools, and I think that matters: the gap between what they can do and what most organisations understand about them is large, and it's where a lot of the risk sits.

Writing

From the blog