“We don’t just “add security” at Scoutbee. We build and think it into everything we do”


“We don’t just “add security” at Scoutbee. We build and think it into everything we do”

The Information Security threat landscape for complex supply chains has changed significantly in recent years. As enterprises have bolstered their cybersecurity capabilities, malicious actors targeting large mature organizations have turned their attention to their supply chain and partners to get a foothold or even directly access the enterprise’s data these partners may have.

Even this week, the malicious group LAPSUS$ are claiming to have breached authentication vendor OKTA, and obtained information that could give access to the systems of OKTA customers.

To stay ahead of this rising threat, Scoutbee recruited veteran Chief Information Security Officer Greg van der Gaast in September of last year,  and he has kick-started the implementation of an Information Security program that allows Scoutbee to verifiably ensure the safety of customers’ data.

Mr van der Gaast  has developed a bespoke 10-layer framework to address the needs of our business, our industry, and our customers. 

Some of these elements may not appear on traditional security frameworks, but Greg and his team recognise that in order to remain at the forefront in the evolving security landscape, conventional methods need to be augmented with innovative and proactive approaches.

To deliver this cutting-edge framework, Mr van der Gaast has handpicked an experienced team with a unique combination of  backgrounds, including the military, the police, forensic investigation and Human Factors, and filling some unconventional roles as shown in the team structure below. You can read more about the individuals and their duties in our previous blog.

The central tenet of the program is that unlike traditional approaches, information security at Scoutbee is a proactive quality function that operates across all departments to improve standards and eliminate risk at source, not a siloed function applied after the fact to reactively shore up vulnerabilities. 

Mr van der Gaast believes :

“Most security issues are caused by Business and IT choices made without holistic consideration. This is why we don’t just “add security” at Scoutbee. 

We build and think it into everything we do, from people to processes, from IT to Sales, to maximize assurance for our clients.”

Industry leading information security program

Since Greg’s arrival 6 months ago, Scoutbee has been laying the foundations for the delivery of this industry-leading information security program, proactively building a security-centric culture and aligning the details of the framework to the needs of our business units, enabling them to safely deliver services to our clients.

Moving forward, the information security team is looking to build upon this cornerstone to continually and proactively drive improvement in Scoutbee’s security posture. 

The pioneering application of the Human Factors Analysis and Classification System [HFACS] to information security is already breeding a culture of openness and proactivity, which in turn is generating intelligence that allows the team to re-engineer processes and procedures to create an ever safer working environment for our staff. The information security team’s  scope as a company-wide quality function allows them to apply this to all departments and perpetually drive down risk across the entire business.

Keep reading our blog to follow the progress of this innovative information security program that is redefining the standard for supply chain security.