Rory Alsop

Head of Technology & Cyber Risk


Rory currently leads a 2nd line team focusing on technology and cyber, working with business, technology and regulators to assess effectiveness and appropriateness of controls. He is also improving the training and careers pipeline for 2nd line risk professionals in the bank.

For over 18 years, Rory has been leading and building security and risk teams, delivering security engagements and improvements, creating skills and career pathways (at EY, PwC, RBS and HSBC), and changing culture in organisations and across the industry (with ISF, ISACA, IISP, OWASP), in Universities (Enusec, Abertay, etc) and in the community (schools, Rotary Club, Security Stack Exchange etc.)  He mentors individuals ranging from CISOs to undergraduates, on topics including business implications of cyber, public speaking, and even reframing and relaxation.

For most of his career he has presented at events for professional bodies such as ISF, ISACA, IISP, ISSA, IRM etc. to government, private sector clients and academic audiences. For the last 15 years or so Rory has also organised events from informal evening talks right up to running BSides Scotland events in Edinburgh and Glasgow each year which give individuals a platform to develop themselves and others. The BSides Edinburgh event he ran in 2019 hosted 170 students, 160 professionals, around 20 schoolchildren, and had a range of speakers from the FBI, a European Bank, cloud-based companies, students and others – his role there included top and tailing the day as well as managing the volunteer staff, venue and catering.

At Defcon, the world’s biggest hacker conference, He is part of the SOC team, looking after a group of 30000 hackers, containing many skilled and capable “adventurous” types.

Rory was also one of the 3 finalists for the 2018 Cyber Evangelist of the year. He was part of the leadership team shortlisted for the 2017 International Contribution to Cyber Security award, and in 2016 for the Risk Management Team of the Year and Cyber Risk Strategy of the Year.