2019 Insider Threat Symposium & Expo

Sponsored By Veriato

Global Leader In Employee Monitoring Software





The NITSIG is excited to announce that it will hold a

1 day Insider Threat Symposium & Expo on September 10, 2019, at the

Johns Hopkins University - Applied Physics Laboratory, in Laurel, Maryland



For the most up to date information on the ITS&E, please send an e-mail to:

and you will be added to the distribution list for the NITSIG and ITS&E



Insider Threat Symposium & Expo Overview

This will be the 4th annual Insider Threat Symposium & Expo (ITS&E) that the NITSIG has held.


The ITS&E is the most recognized event for expert guidance on Insider Threat Mitigation.


The NITSIG has lined up another group of outstanding speakers for this event. Our speakers have Hands On Experience, in Insider Threat Program Management and Insider Threat Mitigation. The confirmed speakers can be found below.


Some of the many great comments that were provided to the NITSIG about past ITS&E events, were the outstanding speakers and the large selection of vendors that were on display. Attendee comments are listed further down on this page.


The ITS&E is a must attend event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Contractors, Airport / Aviation Security, Space Craft Manufacturing / Launch Providers, Banking-Finance Industry, Health Care Industry, Chemical Industry, and other large and small businesses.


Symposium Overview

The Symposium Will Provide Attendees With Guidance From Expert Speakers On:


  • Developing, Managing or Enhancing an Insider Threat Program


  • In-depth strategies for employee threat identification and mitigation


  • Understanding the many underlying and interconnected components required for a robust Insider Threat Program


  • Gathering and analyzing various data Sources to create an accurate employee snapshot to identify potential or actual Insider Threats


  • Insider Threat Detection Tools / Employee User Activity Monitoring


  • And Much More.......


What Knowledge Will You Take Away From The Symposium?
Attendees will leave the symposium with an in-depth understanding of how to develop, implement, manage or enhance an Insider Threat Program, and have the in-depth knowledge for gathering, analyzing and correlating data sources to detect and mitigate Insider Threat risks.


The ITS&E will provide attendees with access to a large network of security professionals for collaborating with on all aspects of Insider Threat Mitigation.


The ITS&E is also very well suited for any organization or business that is not required to implement an Insider Threat Program, but is concerned with employee threat identification and mitigation.


The NITSIG has complied some Eye Opening reports, surveys and incidents that should be of concern to all CEO's and security professionals.




Symposium Speakers

Speaker presentation topics and descriptions will be posted as they are received from the speakers.


Missile Defense Agency
Jim East
Counter-Insider Threat Program Manager


Presentation Title
Insider Threat Incident Triage And Case Management

Presentation Abstract

The Insider Threat Hub plays a pivotal role in the successful management and mitigation of insider threats. The Hubs triage process will enable an organizations leadership the ability to manage and mitigate threats to agency operations, workplace violence and harm to self in a manner that reduces risk while protecting an individual's privacy and civil liberties. Mr. East will discuss the Missile Defense Agency's Triage Process, and the role and function of the Agency's Case Management Council.


Mr. East serves as the Counter-Insider Threat Program Manager for the Missile Defense Agency (MDA) Counter-Insider Threat Program. As the program manager Mr. East leads a team of analysts responsible for identifying risks and vulnerabilities posed by insiders to MDA personnel, facilities, critical information and agency operations.

Prior to becoming MDA's Insider Threat Program Manager, Mr. East served in various in positions of increasing responsibility within the U.S. Government. These include: Counterintelligence Special Agent with MDA's Counterintelligence Division; Supervisory Special Agent, Department of Energy Counterintelligence; and, Chief of Counterespionage (CONUS) 902d Military Intelligence Group.



Naval Information Warfare Center Atlantic

Lead Functional Architect & Senior Technical Advisor
Navy Insider Threat Program

Presentation Title
Counter Insider Threat Strategy: Engineer The Insider Threat Program, Not The Tools

Presentation Abstract
Almost every day I get e-mail touting the latest innovations for counter Insider Threat tools. Big data analysis, user activity monitoring, enterprise data aggregation, security information and event management, and more. Yes, there are a lot of great tools out there, but what do you need? What is your operational concept? What are you protecting? How big is  your enterprise? How big is your staff? What technical expertise do you have available?

This presentation will provide a systematic approach to engineering and architecting your Insider Threat Program so you can select the tools that fit your organization and operational concept.

David T. Lang is a retired Air Force counterintelligence and counterespionage Special Agent with a master’s degree in information systems and professional certifications in systems engineering, enterprise risk, information security, IT systems audit, and program management. He currently works as the Senior Technical Advisor and Lead Functional Architect for the U.S. Navy’s Insider Threat Program.



DoD Insider Threat Management & Analysis Center

Dr. Gallagher Senior Behavioral Science Advisor


Presentation Title
User Activity Monitoring Results In The Department of Defense: Trends & Response


Presentation Abstract
This presentation will explore how the Department of Defense (DoD) has responded to Executive Order 13587 and National Insider Threat Task Force (NITTF) Minimum Standards requirement to establish user activity monitoring on its networks. It will detail the insider threat trends that have emerged thus far from those monitoring activities. Finally, it will discuss how the DoD is adapting to better address these trending threats now and in the future.


Dr. Gallagher of the Guardian Defense Group, has extensive experience training and consulting about the human side of Insider Threat, Violence and Espionage. As a Clinical / Operational Psychologist, former military Intelligence Officer, and Former Federal Special Agent, he has had the opportunity to study and apply his knowledge of human dynamics in a wide array of contexts.

Dr. Gallagher supports a contract with the DoD Insider Threat Management and Analysis Center (DITMAC) as the Senior Behavioral Science Advisor. In this role he consults on the most concerning and high profile Insider Threat cases for civilian, military and contract personnel across all 44 of the Department of Defense component organizations. Dr. Gallagher serves as the Scientific Director to National Insider Threat Special Interest Group.



Department Of Energy
Insider Threat Program Manager



Patrick Knight
Sr. Dir. Cyber Strategy & Product Management


Presentation Title
Troll Farms: Converting Insiders To Insider Threats


Presentation Abstract
Troll farms have become a commercial service for entities to affect public sentiment and incite unrest through sophisticated disinformation and psychological operations tactics for the modern era. Successes can be measured by affecting the actions of only a few of the targeted individuals. Combined with targeted campaigns via social media to sow anti-government sentiment and other activist emotions, trusted insiders could be turned into the next major insider threat


Patrick Knight is the Senior Director of Cyber Strategy and Product Management at Veriato, an innovator in actionable user behavior analytics and a global leader in insider threat protection helping organizations protect critical data from threats by trusted insiders. For over 17 years at companies like McAfee, Intel and Cylance, his cyber security career has helped enterprises protect against online threats through the development of anti-malware, network intrusion detection, computer and network forensics and encryption technologies. He is a writer and speaker on topics of cyber security and privacy in multiple forums including Virus Bulletin and the NITSIG. He is a 12-year veteran of the U.S. Intelligence Community and the United States Army in the fields of Signals Intelligence and Cryptanalysis and a Russian and Serbo-Croatian Linguist.




Dell Technologies
Tim Kirkham
Director Of Global Security Investigations & Insider Risk

Presentation Title
Insider Risk Management At The Corporate Level

Presentation Abstract
Lessons Learned From Developing Insider Threat Programs In Fortune 100 Companies

Tim Kirkham is a retired supervisory special agent from the FBI and a former city police officer. Tim has extensive overseas experience and served in several countries as an accredited US Diplomat. Tim retired in 2015 and accepted a position at Fortune 100 Company to create and implement a holistic Insider Threat Program. After successfully building the program, Tim accepted an offer from another Fortune 100 company to do it all over again.



Courtney Healey
Insider Threat Program Manager

Presentation Title
Adapting & Evolving: Lessons Learned From Changing Security Landscapes  

Presentation Abstract
Whether you are building an Insider Threat Program or have one long-standing, there are consistent challenges in collecting the information and support you need to be successful. While there is no silver bullet that works for every organization, we would like to share both successes and failures we have had with organizational structure, data, tools, and executive support.

Ms. Courtney Healey has been with Equifax for nearly 3 years. Prior to joining Equifax, she served as an Intelligence Analyst in the Federal Bureau of Investigation (FBI). She holds a Masters in Public Policy with emphasis in National Security.



Jon Mark Harrington, CFE
Director, Global Insider Threat & Data Loss Prevention Program
Cyber Threat and Intelligence
Global Technology-Information Security


Presentation Title
Winning Hearts & Minds: Counting Insider Threats Goes Beyond InfoSec


Presentation Abstract

Building and then honing an industry-leading Insider Threat Program involves more than high-tech information security tools. It takes close relationships, buy-in, and actual participation from other key company components as well as senior executives.


If one transitions from the government, and is new to the private sector, the environment can seem very different. Where should one begin? One approach involves engaging the tactical, operational and strategic levels, simultaneously. In doing so, there are several do’s and don’ts about which to be mindful. For example, a do - maintain a consistent message - have a message - on all three levels; a don’t – maintain a matter-of-fact demeanor, especially with senior executives. There are many competing priorities - making money or feeling more like a family than a corporation.


The Insider Threat Professional must formulate their security strategy by sincerely considering these competing priorities and using them to win the hearts and minds of key individuals who will facilitate the program’s success.


Mr. Mark Harrington is a retired Air Force Human Intelligence Officer with a master’s degree in international relations, an executive master’s certificate in business administration, and a professional certificate as a fraud evaluator. While in uniform, in addition to serving at all levels of command, he also represented the Secretary and Chief of Staff of the Air Force as a military diplomat in Brazil. Following retirement, he remained in government service as a lead evaluator with the Department of Defense Office of Inspector General. He currently works as Director of the Global Insider Threat & Data Loss Prevention Program at TransUnion in Chicago.


Oracle Corporation
Patrick Sack
Chief Technologist



1 Additional Speaker - Pending Approval


Expo Overview

The Expo will provide attendees with visibility into proven technologies and services (Currently Used By The U.S. Government / Private Sector) for Insider Threat detection, and mitigation. If you want to see Employee User Activity Monitoring / Behavioral Analytical Tool demonstrations, this is the event. 




Would your company be interested in exhibiting at this event / expo? This is a very important event for your company to showcase its commitment and expertise in mitigating Insider Threats risks, but also your company's products and services as well. Additionally, you will have a great opportunity to collaborate with attendees on finding out their interests, needs and challenges related to Insider Threat Mitigation.


If your company is interested in exhibiting at this event, please contact Jim Henderson via email; , or call; 561-809-6800


Vendors will be listed below as they register for the expo.


The Insider Threat Defense Group (ITDG) has become the Leading Company for Insider Threat Program Development / Management Training and Insider Threat Mitigation Services. We provide a broad portfolio of training and services to potential clients, that will address Insider Threat Risks with a cost effective, comprehensive and holistic approach.

The ITDG has provided training and services to an impressive list of 550+ clients (In Over 14 U.S. States); U.S. Government Agencies (Department of Defense, Intelligence Community), Defense Contractors, Defense Security Service, Critical Infrastructure Providers, Fortune 500 Companies, Aviation / Airline Industry, Spacecraft Manufacturing- Launch Providers, Technology Companies, Banking - Financial Industry, Health Care Industry, and other large-small businesses and global corporations. Client Listing

Over 700+ individuals have attended our training and received ITP Program Manager Certificates.

Our student satisfactions levels are in the exceptional range. We encourage you to read the feedback from our students. Student Comments


Due to the high number of requests, the Insider Threat Defense Group will be offering deeply discounted ITP Development - Management Training, the day before (September 9) the ITS&E.  (Cost: $695.00 - Normal Pricing: $1295.00) Don't let the discounted pricing fool you. This training is the most comprehensive and resourceful Insider Threat Mitigation training available.

This training will be held at the Johns Hopkins University - Applied Physics Laboratory, in Laurel, Maryland, in the Kossikoff Center training rooms.
There is LIMITED SEATING for this training. (52 Seats Available)

Training Brochure


More Information


Veriato is an innovator in Insider Threat Detection and a global leader in Employee Monitoring Software. Driven by AI, more than 42,000 companies and government entities worldwide utilize Veriato to gain unmatched insight into the User Activity occurring on their network. Veriato’s product line includes the Veriato Cerebral, Veriato Investigator and Veriato RansomSafe.

More Information



Whether federal, state or local agency, public safety or educational organization, TransUnion’s suite of mission-critical solutions provides the public sector with vital information and an unmatched combination of credit and non-credit data to help ensure citizen safety, manage compliance and boost services for constituents served. Our comprehensive and unique sets of credit, criminal and public data, coupled with flexible analytics, help agencies detect and prevent cyber fraud, and make connections between people, businesses, assets and locations.

Our experience has given us a deep understanding of the challenges facing your organization, your service requirements, and the factors that impact your daily operations.

More Information



Dtex provides organizations across the globe with the complete, user-focused visibility needed to strengthen enterprise security posture and effectively manage insider threats. Dtex’s Modern User Activity Monitoring combines high-fidelity user activity data with machine learning and advanced analytics to pinpoint anomalies in real time, elevate areas of risk, generate actionable insights, and provide answers quickly. Collecting only the lightweight data needed to identify risky behaviors, Dtex can be deployed and scaled quickly with no impact on network, endpoint or human performance and without impeding user privacy.

More Information




Mitigating insider threats takes a lot more than just correlating network data. It requires the ability to analyze 'whole-person' behavior — rapidly, continuously and at scale.

Our Haystax For Insider Threat solution was designed from the ground up to:

  • Continuously assesses the trustworthiness of individuals, not just user activity on networks and devices like conventional machine-learning or rules-based solutions.

  • Uses a probabilistic model that analyzes evidence from a wide array of data sources to prioritize risk rather than generate excessive false-positive alerts that overwhelm analysts.

  • Provides a user interface that mirrors current analyst terminologies and workflows.

  • Includes a connector framework that makes it easy to integrate data and existing detection systems quickly.

Top federal government agencies and large commercial enterprises, as well as state and local public-safety organizations, rely on Haystax for more effective protection of their critical systems, data, facilities and people. A U.S. defense agency has called Haystax for Insider Threat the "only known system for prioritizing personnel according to positive and negative nodes of trust."

More Information




AC Global Risk (ACGR) is a Silicon Valley-based technology company that developed Remote Risk Assessment (RRA®) to uncover human risk across the commercial and government markets. RRA’s capabilities are the output of 10 years of development, 2-year market evaluation, countless customer trials, and formal validation.

Remote Risk Assessment (RRA®) is a sophisticated system that uses unique voice analytics processes to evaluate and quantify distinct characteristics of the human voice related to risk. RRA is a highly accurate, automated, high-throughput risk assessment technology that has been vetted by military and commercial customers.


  • RRA takes under 10 minutes - over the phone, remote team, or on-prem

  • Light touch with simple YES / NO responses to 3-6 automated questions - no PII is required

  • Works in any language - already used in English, Spanish, Pashto, Farsi, Tagalog, and Somali

  • 97.62% accurate on latest validation

  • Used for HR screening, counter green-on-blue, counterintelligence, insider threat mitigation, fraud / incident / loss investigations, 3rd party audits, and IP protection.

More Information



Capgemini’s Arena ITI™ provides organizations of any size with proactive identification of potential insider threat activity, built on industry-leading experience in counterintelligence.

Arena ITI™ is an award-winning solution that takes a holistic approach to detecting insider threats. Arena ITI™ assesses both the employees’ cyber footprint and their non-IT behaviors in a single platform to produce earlier and more accurate insider threat detection by:

  • Ingesting intelligence from company and third-party data sources

  • Aggregating data through predefined risk models and scoring

  • Drilling down for advanced analysis, further investigation and reporting

Arena ITI™ is an important part of an Insider Threat program, it provides context and insight for security teams to focus their limited resources on assessing the behaviors of high-risk individuals and intervening prior to the occurrence of a hostile event.

A comprehensive insider risk program requires people, processes, and tools, acting collectively to achieve the greatest benefit and return on investment. Capgemini also provides Insider Risk Assessments and Insider Risk Program Development.

More Information




Jazz Networks simplifies insider threat detection and breach prevention with machine learning and a fully-customizable policy engine. The platform automates employee training the instant they make a mistake, applies policies while data is in motion to prevent data loss, and provides the fastest threat hunting and forensic capabilities for investigations.


More Information



Location / Registration

Johns Hopkins University - Applied Physics Laboratory (JHU-APL)
Kossikoff Center
11100 Johns Hopkins Road
(Turn Right Off Of Johns Hopkins Road Onto Pond Road - See Map Under Parking Information Below)
Laurel, MD 20723-6099

More Information For JHU-APL


Lodging  -  Hotels Near JHU-PL
DoubleTree by Hilton Hotel Laurel (7.1 Miles)
Courtyard by Marriott Silver Spring North / White Oak, Maryland (8.8 Miles)
SpringHill Suites By Marriott / Columbia, Maryland (5.0 Miles)
JHU-APL Visitor Guide   (See Page 8 For Hotels)



NITSIG ITSE JHU-APL Laurel, Maryland Map








Includes: Complimentary Lite Breakfast & Lunch Voucher For JHU-APL Cafeteria

Due to increased costs to host this event, the NITSIG will be charging a small fee to attend this event (Open To Non-NITSIG Members)



Limited # Of Tickets (500)

Registration Link


Attendee Substitutions
All substitutions must be received no later than 7 business days prior to the start of this event. Please send an email with your full name and organization, and the name, email and position title of the individual who be attending in your place. Please send substitute information to:

Substitutions made after this date will be processed at the event registration check-in.



Food / Beverages


Complimentary fresh baked morning muffins, danish and bagels. Served with regular and low-fat cream cheese, butter and jam.

Complimentary coffee, decaf coffee, hot tea, dispensers of ice water


$10.00 coupon provided to attendees to use at JHU-APL Cafeteria. This will cover most lunches.

Lunch is also available at surrounding food establishments.



Complimentary coffee, decaf coffee, hot tea, dispensers of ice water




Complementary WiFi will be provided.


Comments From Past ITS&E Events


I would like to take the time to thank you for the NITSIG Insider Threat Symposium that I attended last week. I am fortunate enough to be able to attend security conferences regularly and I have to tell you, this was one of the most informative and relevant that I have attended in years. The speakers were informative and there was a wide variety of subject matter that I really enjoyed.

Heidi Mullane
Assistant Facility Security Officer
WorldWide Language Resources, LLC

I really enjoyed the conference last week and assisting with Registration. The Speakers that you had were awesome. Thanks again for hosting this event for the community.

Ernie R. Fedewa Jr.
InCadence Strategic Solutions Corp
Security & Compliance Director


The Symposium and Expo was excellent. It was great to hear all the speakers and I took away loads of information from each.

Renee Kinney
Booz | Allen | Hamilton

I really enjoyed the Insider Threat Symposium yesterday. You had great speakers presenting and there was a lot of valuable information shared. I look forward to the next symposium.

Stacey Abrey
Security Representative
Thales Defense & Security, Inc.

I wanted to thank you for your efforts to put on a great symposium today. I did get a chance to take in some great briefs, talk to some vendors about some really interesting products and do a lot of good networking. So, I would call that a big success. Please put me on the mailing list for future products and gatherings that NITSIG is a part of.

Patrick Thacker
Jacobian Enterises, LLC
Owner, Chief Insider Threat & Risk Management SME

Your inaugural conference was a clear success judging by the significant number of attendees who stayed until the very last hour. Steven McIntosh’s presentation was wonderfully organized and addressed many of the underlying issues associated with implementing Insider Threat Programs. Ron Ross (NIST), DeWayne Sharp (FBI), Greg Pannoni and Kathleen Branch also garnered good feedback, as did Mike Caimonao of Boeing. Lastly, you clearly hit a home run with Kurt Stammberger’s presentation of Norse’s insight into the Sony breach.

Cindy Faith
Cyber Security / Business Development Consultant


You must be a U.S. Citizen to attend this event. A valid Drivers License or U.S. Government issued ID is required at the door.



News Media
The event IS NOT open to the News Media.



Continuing Professional Education Credits

Attendees will be eligible to earn 8 Continuing Professional Education (CPE) Credits to go toward your security certification CPE requirements.



NITSIG Membership
For more information on becoming a NITSIG Member (No Cost), please see the link below:


Please send any questions about this event via email to;

Or call; 561-809-6800




Copyright © 2014 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice