It’s always inspiring to spend time with experts, with a passion for what they do.

This morning I was invited along to an SCMagazine roundtable discussion on the Insider Threat, in the tower at the National Museum of Scotland, and it was great to be part of such a smart group. Bill Buchanan gave a great talk (as always) to kick things off, and then we covered a lot of ground on security, privacy, education, and communication.

“Trust but verify” was a big part of the discussion, and how to achieve that without crossing the line into invading privacy. The GDPR notification requirements came in here as well. My view is that you’ve got to build relationships at all levels (with staff, customers, partners, regulators, etc) to the point where you can have open and frank conversations, like many companies do around operational or IT issues, but that requires a level of understanding of security challenges that generally isn’t there in boards, the press, or the general public. As with everything worth having, it will take time and thought to get there.

For me, the most interesting points I’ve been left thinking about were around our shared challenges. How we need to find better, and consistent ways of communicating risks; and how to get more people involved, buying in to what we’re trying to do. It’s always a bit of a relief to find out you’re not alone with some of these problems, and really interesting to hear how some folk are tackling them.

And when great discussions have views like this Edinburgh skyline as a backdrop, you know you’ve started the day off well