top of page

Episode #


Andrew Cormack on his Framework to Approach Risk through Policy and Technology

Show Notes

In this episode, David is joined by Andrew Cormack, Chief Regulatory Adviser at Jisc, where he keeps the organization, its members, and customers informed about the legal, policy and security issues around their research and education networks in the UK. Jisc connects all universities, colleges, and school regional networks with over 18 million uses.

Topics in this episode include:

  • Why Andrew is so passionate about the human side of policy and technology

  • What’s surprised him about policy makers, how they understand risk, and what they think of cybersecurity

  • Why incident response is critical to privacy and why reducing risk for individuals is key to reducing nearly every other kind of risk

  • How Andrew’s perception of risk has changed as he’s moved from being a technologist and practitioner to a more strategic position

  • Andrew’s advice for others who are advising policy groups

  • The craziest policy proposal Andrew has seen

  • Andrew shares the messages he would give himself if he could go back in time to when he was just starting out

bottom of page