The Principles of Insider Threat Management
Companies can often detect and mitigate external attacks. However, the insidious threat from an employee is harder to detect and can cause the most damage because they have legitimate access. That insider may steal solely for personal gain, or that insider may be a “spy”—someone who is stealing company information or products to benefit another organization or country. Attendees of this course will learn methods to prevent, deter, detect, mitigate, and respond to insider threats. They will learn to review procedures, identify deficiencies, and implement changes in their existing insider threat programs. For those in need a new program, this course will provide the template for success.
This training will cover:
- An Overview of Insider Threat types and motivations
- Understanding the Impact of Insider Threats – Sabotage, Theft of Intellectual Property or Resources, and Reputation
- Identifying Stakeholders
- Formulating risk management process
- Developing insider threat indicators
- Reviewing existing laws for insider threat Governance
- Developing Policy and standard operating procedures
- Deliverables for Implementing the insider threat Plan
- Course Resource Tool Kit
Currently this course is only offered in the virtual format.
For Training taking place online via Zoom or other video conferencing software the schedule is as follows:
- Day 1 – 4-Hour Training Session
John began his career as an intelligence officer in the U.S. Air Force in 1998 and served in the Republic of Korea in 1999. In September 2001, while supporting C-17 missions, he deployed to Sicily to support forward operating bases during the initial phases of the US war in Afghanistan. He then deployed to Germany to provide intelligence for C-17 missions delivering humanitarian airdrops to starving Afghans. John entered on duty with the FBI as an Intelligence Analyst in 2004, where he assisted in the creation of the Connecticut Intelligence Center Fusion Center and with the FBI InfraGard public outreach program. While in New Haven, he also led the analytic review of computer hard drives related to the Babar Ahmad/Tooting Group international terrorism investigation. In 2007, John transferred to the FBI Boston Field Office. As an Intelligence Analyst, he supported Civil Rights and Public corruption investigations until becoming a Supervisory Intelligence Analyst supporting analysis over all criminal programs in 2010.
In 2013 John was a day shift intelligence supervisor during the Boston Marathon Bombing manhunt and led the computer forensic review of all subjects’ digital media. During the Marathon Bombing investigation and subsequent trial, John led the post processing analytical review of the Tsarnaev family’s digital media. He wrote the initial digital analysis used in support of the Tsarnaev trial. He led the review of more than 33,000 emails, 120,000 photos, and 12,000 videos for the purposes of criminal discovery and trial preparation. He wrote over 50 reports, which, were used in testimony to support Dzhokhar Tsarnaev’s eventual conviction. In 2016 he earned a Master of Science in Information Security from Boston University and became FBI Boston’s Chief Security Officer.
He is now a Director of Cybersecurity for the Boston Metro Region of Managed Services Provider Magna5, which has been providing IT support and Cybersecurity services to companies nationwide.
In his FBI career and at Magna5, John has utilized his skills to deter, detect, and mitigate insider threats.