CERT has been investigating the use of system dynamics to better understand the threat to an organization’s information technology (IT) systems posed by malicious employees or contractors of that organization. At the 2006 International System Dynamics Conference we published a system dynamics model that was originally intended to be used as an interactive simulation in a workshop on insider threat.  We believed that the model and simulation would effectively communicate the risks and mitigations involved in the insider threat problem. Through several pilots of the model-based workshop we learned how to better use system dynamics modeling as the basis for communicating complex concepts within the insider threat domain to an audience of business and IT managers not familiar with, or interested in becoming familiar with, system dynamics modeling. This paper describes the MERIT  model and the development and evolution of the insider threat workshop based on this model.