2024 Agendas
With our unique combination of solution-focused presentations, engaging speakers, energetic sponsors and attendees, we are able to create a synergistic environment, suitable for all levels of interest. Each day of the event is planned with care to ensure the most exposure for everyone involved. Within this optimal setting for networking and learning, everyone will leave with a greater understanding of how best to counter insider threats with newfound resources.
The 2024 Agenda will be updated consistently leading up to ITS8.
FOR MORE DETAILED INFORMATION ON THIS YEAR'S SPEAKERS, PLEASE VISIT OUR
2024 SPEAKERS PAGE
All event times, content and speakers are subject to change without notice. We appreciate your understanding.
DAY 1 - Wednesday, March 27
7:00 AM - 8:00 AM
Check-in and Networking with Breakfast
8:00 AM - 8:45 AM
KEYNOTE - William Stephens, Insider Threat Mission Lead at ARLIS
Strengthening National Security in the Human Domain
Mr. Stephens will describe the Applied Laboratory for Intelligence and Security (ARLIS)—our nation’s first and only Human Domain University Affiliated Research Center (UARC), the role it plays, the critical capabilities it brings, and the missions it executes. Specifically, Mr. Stephens will discuss the mission area he leads, Mitigating Insider Risk, his customers, his research and one specific project--the stand-up of the Counter Insider Risk Academy at UMD/ARLIS.
8:45 AM - 9:30 AM
Mohan Koo, Co-founder and President at DTEX
Melissa Cardiello, Lead of the Threat Management Center at Verizon
Building the Best Insider Risk Program: Lessons from a Fortune 100 Leader
The cost and frequency of insider security incidents is on the rise, and technological disruption like artificial intelligence has added a new layer of complexity. A holistic approach is a must to safeguarding customer data and company IP, and this starts with an insider risk program.
In this engaging Fireside chat, DTEX Systems Co-founder and President Mohan Koo joins Melissa Cardiello, head of Verizon's Threat Management Center, to delve into the intricate process of establishing a robust insider risk program. Having stood up insider programs in the financial and telecom spaces, Melissa knows what it takes to build and mature a program in the most regulated and complex environments. This is a rare opportunity to gain real-world lessons on program development and optimization, from stakeholder engagement and investigations to working with law enforcement and managing emerging technologies like AI.
9:30 AM - 9:45 AM
Brad Morris, CTO at Advanced Onion
Fighting the Good Fight: A Practitioner’s Approach to Framing C-InT Objectives
The field of Counter Insider Threat (C-InT) mitigation is complex, dynamic, and domain agnostic, with new challenges and vulnerabilities arising every day. In this presentation, Advanced Onion’s CTO, Brad Morris, will introduce a practitioners approach to frame C-InT business objectives for guiding technical design and development. Warning: this presentation focuses on the boring, yet meaningful, aspects of workflow optimization for mitigating analyst cognitive load and cost prohibitive tasks in risk analytics.
9:45 AM - 10:00 AM
COFFEE BREAK
10:00 AM - 10:30 AM
Roger Marin, Counter Insider Threat Office Director at NGA
NGA's Approach to Counter Insider Threat
Recognizing that every organization experiences and approaches resolutions to the insider threat problem differently, there are some common themes that can assist with establishing a mature program. Learn the National Geospatial-Intelligence Agency’s (NGA) approach to Counter Insider Threat (C-InT) through the insights of Roger Marin, Director of NGA’s C-InT Office, including an organizational framework, mission prioritization, persistent challenges, and focus areas for continued improvement.
10:30 AM - 11:00 AM
Damien Weiss, Insider Threat Specialist at Splunk
One Cyber Tool Doesn’t Rule Them All
Too often agencies look for a magic bullet, or one solution that will fix all insider threat problems. Join Splunk's Damien Weiss to learn about the one tool problem and how you can leverage the tools (and the data) you may already have to face this ongoing problem. This is a session you won't want to miss.
11:00 AM - 11:30 AM
Stephanie Jaros, Lead Scientist of Personnel Security Research at ARLIS
Beyond Reliability & Validity: A Socio-Technical Testing & Evaluation Framework for Insider Risk Capabilities
Since its founding in 2018, the Applied Research Laboratory for Intelligence and Security (ARLIS) has emerged as a trusted partner for insider risk education, professionalization, and research. In this talk, Stephanie Jaros will share ARLIS’ current effort to establish a socio-technical testing and evaluation framework for emerging insider risk tools and techniques as its fourth insider risk pillar.
11:30 AM - 12:30 PM
LUNCH BREAK
12:30 PM - 1:15 PM
KEYNOTE - Dr. Eric. Lang, Ph.D., Director of PERSEREC
Four (Science-Based) Noble Truths about Organizational Culture and Insider Risk
Social science and security-related research increasingly suggests that to mitigate insider risks—before they develop into imminent insider threats—organizations need to better understand and improve their organizational culture. The 2024 Insider Threat Summit keynote presentation by Dr. Eric Lang (Director of the DoD Personnel and Security Research Center, “PERSEREC”), will provide evidence, science-based insights, recommendations, and an example tool, for understanding and addressing organizational culture issues that affect insider risk as well as organizational well-being.
1:15 PM - 1:45 PM
Albert Laino, Solution Consultant Team Lead at Bottomline
Intentional or unintentional – Insider threats are real and omnipresent
The biggest threats can often be initiated from within your organization. Insider threats must constantly be assessed because their risk exposure is never static. It is becoming more and more likely that insider threats will contribute to some sort of fraud or loss that you may experience.
A common school of thought is that insider threats belong in their own lane. In fact, most organizations look at fraud through an external lens, not realizing that the internal actions more often than not contribute to the external risk exposure that they are trying so hard to safeguard against.
Drawing on industry research, we will attempt to illustrate what makes this such a difficult moving target to assess and analyze. Our aim is to share some thought leadership around the approaches some top organizations are leveraging to bolster and maintain robust insider threat programs.
1:45 PM - 2:00 PM
COFFEE BREAK
2:00 PM - 2:45 PM
Troy Batterberry, CEO and co-founder of EchoMark
Leveraging Artificial Intelligence and Fundamental Human Behaviors to Revolutionize Insider Risk Management
The threat of information leaks and intellectual property theft looms larger than ever, presenting formidable challenges to even the world's most sophisticated organizations. Traditional security measures fall short, necessitating a groundbreaking shift in how we protect sensitive data. This session delves into the principles of forensic watermarking, its implementation, and the potential for enterprise adoption without user training or client-side software. It's forensic watermarking unlike any other solution, and we'll share how EchoMark is using invisible watermarks to trace the origin of unauthorized disclosures, regardless of the method--whether through digital copies, photographs of screens, or even manual transcriptions. This technology is a unique solution to the 'analog hole' commonly exploited in traditional security frameworks, and is a radical new method of safeguarding your information. With uniquely tailored invisible watermarks for documents, emails, and other private data, see how the landscape of insider threat defense is transformed to ensure a future of secure organizational information.
2:45 PM - 3:15 PM
John Massey, Director of Counter Insider Threat Hub at USAF
Ensuring Your Insider Threat Program is Mature and Resilient
Mr. John B. Massey is the Director of the Department of the Air Force Counter-Insider Threat Hub. During this briefing, Mr. Massey will discuss ways in which organizational insider threat leaders can ensure program resiliency by moving their programs from establishment and reaction to ones that are mature and proactive. With a special emphasis on returning to basics and ensuring that minimum standards are met, Mr. Massey will provide his thoughts on ways in which organizations can validate they have the basics covered, identify and mitigate program gaps, and prepare for the future.
3:15 PM - 3:30 PM
BREAK
3:30 PM - 4:00 PM
Stephen Layne, Chairman & CEO of Red Vector
Most People are Good - Ensuring goodness with Human Behavioral Analytics
In today's complex world, ensuring human goodness in the workplace is a paramount concern.
As society navigates through various challenges, from ethical dilemmas to social injustices, harnessing the power of behavioral analytics emerges as a promising approach. This presentation delves into the innovative realm of utilizing human behavioral analytics to foster and uphold human goodness in diverse contexts.
The presentation explores the concept of human goodness and its significance in contemporary society. Drawing upon psychological and philosophical insights, it elucidates the multifaceted nature of goodness and its impact on individual well-being and organizational harmony.
It explores human behavioral analytics, a powerful tool that leverages data-driven insights to understand and predict human behavior. By analyzing vast datasets and identifying behavioral patterns, human behavioral analytics offers unprecedented opportunities to decipher the complexities of human nature. It delves into how human behavioral analytics can be employed to ensure human goodness across different domains
4:00 PM - 4:30 PM
Denzil Wessels, Founder & CEO at Dymium
Ransomware's Endgame: Outsmarting Digital Kidnappers and Reclaiming Our Data
In "Ransomware's Endgame: Outsmarting Digital Kidnappers and Reclaiming Our Data," we embark on a comprehensive exploration of ransomware, a formidable foe in the digital age that threatens to compromise our most valuable asset: data. We highlight the pivotal battles in the war against ransomware, showcasing groundbreaking defensive strategies developed by cybersecurity experts. From early detection methods to advanced detection tools, we chart the technological innovations that are turning the tide in our favor.
As we navigate through this journey, we draw upon real-life stories of organizations that faced the ransomware threat head-on, analyzing their responses, setbacks, and victories. These narratives not only serve as cautionary tales but also as beacons of hope, demonstrating that overcoming ransomware is not just possible but increasingly within our grasp.
"Ransomware's Endgame" is not merely a recount of past struggles; it's a forward-looking perspective that envisions a world where data is shielded from digital kidnappers. By understanding the enemy and rallying together, we can outsmart ransomware, reclaim our data, and secure our digital future. This talk is an urgent call to action for IT professionals, policymakers, and anyone vested in the digital ecosystem, providing the knowledge and tools necessary to extinguish the ransomware threat once and for all.
4:30 PM - 5:15 PM
OPEN- PANEL DISCUSSION
Melissa Muir, JD, Senior Threat Management Consultant with Pinkerton | Comprehensive Risk Management
Cy Genna, Insider Risk Investigator at TikTok - USDS
Shawn Thompson, Senior Manager, Global Insider Risk at Google
Paul Walker, Attorney-Adviser for the Department of the Navy Insider Threat Program
Seamless Integration: Implementing InT Programs with Cross-Departmental Collaboration
In this comprehensive panel discussion, representatives from defense and industry converge to explore collaborative strategies across departments, including Legal and Human Resources, for responsible data sharing and employee information exchange with a strong focus on privacy considerations. Emphasizing a proactive approach, we will spotlight our method of supporting employees displaying risk indicators, steering away from punitive measures.
This discussion sheds light on the often-neglected issue of workplace suicide, underscoring the critical need for compassionate engagement, especially for vulnerable individuals. By fostering unity and dismantling data silos within InT/IRM departments, we can contribute significantly to various aspects, including life-saving efforts. As we conclude, we will reflect on key takeaways to facilitate seamless collaboration among departments, fostering a collective approach for enhanced solutions and maintaining a proactive stance against potential challenges, ultimately aiming to stay ahead of threats.
5:30 PM - 8:00 PM
NETWORKING RECEPTION
Join us in the FERRANTES BAYVIEW, TOP FLOOR where you will be treated to the best views of Monterey Peninsula, great company, food and beverages. Don't forget your drink tickets!
DAY 2 - Thursday, March 28
7:00 AM - 8:00 AM
Check-in and Networking with Breakfast
8:00 AM - 8:45 AM
KEYNOTES - Dr. Catherine Camilletti, Ph.D., Deputy Assistant Director &
Doncarlos James Blasingame, Assistant Director of the Enterprise Threat-Mitigation Directorate at ODNI/NCSC
Reducing Insider Threats by Focusing on the Human
Join Dr. Camilletti and Mr. Blasingame for an interactive discussion covering everything from HR practices to DEIA to employee resilience, all centered around individually focused insider threat mitigation. This is a conversation and Q&A section you won't want to miss!
8:45 AM - 9:30 AM
Daniel Velez, Senior Manager, Insider Risk Operations at Everfox
Light your candle from ours. Sharing the lessons we've learned from enterprise user activity monitoring deployments
"If you have knowledge, let others light their candles in it.” This quote by Margaret Fuller captures the essence of sharing knowledge and the importance of spreading wisdom to benefit others. In this presentation we will share lessons learned from supporting insider risk management program development and user activity monitoring (UAM) deployments.
UAM deployments are technical projects with organizational dependencies that will bring attention to the (often) initial effort to reveal what users are doing with trusted access to the organization’s information systems. Deploying agents, navigating legal and ethical constraints, training a new team of cross-functional stakeholders, and developing governance and program foundational documentation are activities every insider risk manager must lead and coordinate. At Everfox, we’ve bumped our heads on these issues over the past 20 years. Daniel Velez, Director of Insider Risk Operations at Everfox, will share some key lessons learned addressing these and other project activities.
9:30 AM - 9:45 AM
COFFEE BREAK
9:45 AM - 10:15 AM
Dr. Deanna Caputo, Ph.D., Chief Scientist for MITRE Insider Threat Research & Solutions, Senior Principal Behavioral Psychologist
New Security Training for Protection from Malicious Elicitation
There are numerous security domains and risk behaviors that could benefit from improving risk recognition and reporting through effective security training. This presentation describes a study conducted by MITRE behavioral scientists to empirically measure whether a skills-based training model improves real employee performance in risk recognition and reporting behaviors for email and text malicious elicitation above traditional awareness-based training model. A total of 72 employees of The MITRE Corporation volunteered for the 28-week study focused on improving risk recognition and reporting of malicious elicitation. Employees in the awareness-based and skills-based training groups were asked to review the same traditional awareness-based security training materials and a new MITRE Malicious Elicitation Training Module. The 36 participants in the skills-based training group also completed skills-based security training that included practice and feedback. Unbeknown to all employees, the testing phase of the study continued for another 26-weeks to evaluate effectiveness in risk recognition (i.e., what to report) and reporting (i.e., how to report) over time. Employees that received skills-based training group consistently reported more malicious email elicitations than employees only receiving traditional awareness-based training. Patterns were consistent across characteristics such as gender and high-risk roles. Skills-based training model improved security information retention, risk recognition, and skill application compared to traditional awareness-based training. With only four weeks of practice—consisting of minimal time effort to read 9 emails and report 4 of them—employees who had skills-based training showed a 25% improvement over traditional training and the new skill to identify malicious elicitations lasted for at least 12 months!
10:15 AM - 10:45 AM
Dr. Frank Greitzer, Ph.D., Chief Behavioral Scientist at Cogility.
Adventures in Insider Threat Predictive Analytics
Based on two decades of research on insider threats, this presentation will discuss technical challenges and recent insights in developing and testing behavioral science based models for proactive insider threat mitigation. I will describe the SOFIT insider threat indicator ontology, which provides a foundation for hierarchical, pattern-based models; review what expert knowledge elicitation studies have revealed about dynamic properties of potential risk indicators; and discuss recent approaches for developing and testing pattern-based classification models that reflect how threat analysts tackle the insider threat assessment problem.
10:45 AM - 11:15 AM
Dr. Jonathan Roginski, Ph.D., Program Manager of the Insider Threat Research Program at West Point
The Nexus of Qualitative and Quantitative: Placing People Analytics Inside Leader Decision Cycles
Leaders and policy makers across industries make decisions not because a model tells them to (much to the analyst's chagrin), but rather by the wisdom and experience they bring to their position in the context of the current situation. They use "gut feel." So, we as practitioners hope to purvey the science that informs leaders' guts. This talk will explore trust building between analytics practitioners and the leaders they support, including qualitative and quantitative techniques that enable an organizational ecosystem of wellness and resilience that reduces insider risk and threat activity.
11:15 AM - 12:15 PM
LUNCH BREAK
12:15 PM - 1:00 PM
Gunnar Newquist, Client Adviser at Strider
Three Pillars of an Effective Security Program
In this presentation, Gunnar Newquist, Strider's client advisor, will delve into the realm of state-sponsored risk and outline proactive measures organizations can take to safeguard their personnel, intellectual property (IP), and technology. Gunnar will provide critical insights on how to recognize employees at potential risk and how to foster effective awareness within an organization, enabling employees to better steer clear of engagements with such actors. By comprehending the risk landscape, formulating proactive strategies, and instituting a robust risk awareness program, security professionals can establish trust and fortify the security of valuable IP.
1:00 PM - 1:30 PM
Michael Hudson, VP, Insider Risk & Suicide Prevention at ClearForce
Modern technology and evidence-based risk signals are changing insider threat discovery and mitigation strategies
Optimizing your insider threat program requires an innovative approach to link more risk signals and deploy better mitigation strategies. Dr. Eric Shaw’s critical pathway model outlines concerning behaviors where most organizations should seek to deploy sensors. Yet most organizations struggle with early discovery and integration of mixed signals. To move further left, organizations need visibility to detect and investigate these early human signals.
The Department of Defense (DoD) Prevention, Assistance, and Response (PAR) focus on workplace violence solutions, suicide prevention is shaping the future of insider threat. This includes the discovery of new triggers, new data sources, AI, and Machine Learning supported by enhanced compliance and privacy capabilities.
Learn how to unlock this new capability, create good policies, and align key stakeholders (HR, Security, Legal) to improve threat prevention and mitigation. The employee is the leading risk surface, and they can also be the best sensor and mitigation tool.
1:30 PM - 2:00 PM
Andy Lewis, VP at Yakabod
Maximize Case Management for Insider Threat Program Success
Implementing and operating insider threat programs is not an easy task. Success requires a multifaceted effort to address diverse requirements and bring together disparate participants and resources to effectively protect the organization. On the journey to maturity, informal processes are often a barrier to achieving the security, efficiency and effectiveness teams need to get the job done. In our presentation, we will discuss common challenges faced by insider threat teams and review a number of aspects of insider threat programs, including risk management, response, governance and compliance. We will explore how case management can be a powerful approach to addressing many priority challenges, needs, and requirements. You will learn how you can tap this broadly applicable technology to successfully accelerate program maturity and effectiveness and maximize insider threat and risk protection for your organization.
2:00 PM - 2:15 PM
COFFEE BREAK
2:15 PM - 2:45 PM
Jeremy Wittkop, EMBA, CISSP, Principal Security Architect at Proofpoint
Behind the Breach: Real World Stories of Insider Threats
In today's digital age, protecting data has become increasingly crucial. Many people equate information protection to DLP, and DLP to checkbox compliance initiatives, but information protection can be much more than that. Modern information protection has evolved to encompass traditional data loss prevention use cases, insider threat management, and cloud security. In this session we will explore the art and science of information protection through real-world stories that demonstrate the importance of building an effective program. Join us as we discuss how organizations can better protect themselves using modern information protection techniques.
2:45 PM - 3:15 PM
Brad McGoran, P.E., CSCIP, GIAC, ACE-M, Principal Engineer at Exponent
Dr. Andy Lam, Ph.D., Senior Associate, Electrical Engineering & Computer Science Practice at Exponent
Dr. Alex Stern, Ph.D., Senior Scientist, Data Science Practice at Exponent
Preventing Counterfeit Credentials, Hacked Chips, and Disrupted Supply Chains: Protecting Identity and Access Management Ecosystems
Advanced attackers can infiltrate secure areas through a variety of methods, necessitating a multi-pronged defensive approach. In our talk, we will discuss three methods to help secure your identity and access management ecosystem. First, we will discuss anti-counterfeiting tests and security feature assessments for identity credentials. Then, we will demonstrate advanced techniques to test and identify security vulnerabilities with integrated circuits on electronic access cards, including laser glitching, side-channel analyses, and chip emanations/mapping. Finally, we will show that by monitoring and validating the product supply chain, the risks of attack vectors can be quantified and mitigated. Through these methods and others, attackers and insiders will find it significantly more difficult to compromise identity credentials and processes to gain unauthorized physical or logical access.
3:15 PM - 4:00 PM
KEYNOTE - Brannan Niesent, Chief of BTAC at DITMAC
Challenges in Insider Risk Management: Perspectives from a Practitioner
We will delve into the challenges of mitigating insider risk, drawing on the perspective of an experienced practitioner. This session will highlight the inherent complexity of balancing technical measures with human understanding, often working with limited contextual information, and overcoming organizational challenges to mitigate insider risks. The presentation will also emphasize usability limitations with technical indicators, the significance of understanding human behavior and organizational context, and the crucial role of multidisciplinary teams in the development of mitigation and risk management strategies. Using his experiences as the Chief of the Behavioral Threat Analysis Center at the DoD Insider Threat Management and Analysis Center, Mr. Niesent will discuss common challenges practitioners face and offer strategies to overcome barriers to effective insider risk management.
4:00 PM - 4:45 PM
OPEN-PANEL DISCUSSION
J.T. Mendoza, Executive Director of US Insider Risk Center of Excellence
Victor Munro, Executive Director of Canadian Insider Risk Center of Excellence
Dr. Ganna Pogrebna, Ph.D., Executive Director of Artificial Intelligence Cyber Futures Institute (AICF)
Collaborative Strategies for Global Insider Risk Management: Insights from the FVEYS Insider Risk Practitioner Alliance.
Join the newly formed FVEYs Insider Risk Practitioner Alliance (FIRPA) to explore the dynamic landscape of Insider Risk, as we delve into the collaborative approaches we are developing to empower organizations to counter risks through shared collective vigilance. Our panel of experts from the Canadian, Australian, and most recently established United States Insider Risk Center of Excellence will dissect real-world scenarios, sharing insights on the transformative power of collaboration and initiatives already underway. Join us for a thought-provoking discussion on insider risk in the face of evolving security challenges and learn how to get involved in the global alliance already beginning to have an impact.