The talk will start by providing a definition of what an insider threat is and why it is difficult to prevent insider threats entirely. Other approaches to discover insider threats and their shortcomings. The legal and ethical dilemmas with predicting insider threats.

The second topic discussed will be anomaly detection. A definition will be provided and quick discussion will be provide around the difficulties of defining normal and abnormal by humans and machine learning algorithms.

Lastly, examples and investigations results from research will be resented to show how the two topics relate.

As the time is short, I will only present the exiting stuff.

Link to Pretoria meeting where I have presented this:
https://www.meetup.com/DeveloperUG/events/252900150/?rv=co2

Link to Johannesburg meeting where I have presented this:
https://www.meetup.com/DeveloperUG/events/mfqgbqyzdbqb/

I have learned from this talk is that you should try to present too many complex subjects in one talk. Select one, maybe 2 and keep it relevant and broad enough.