INSIDER THREAT SYMPOSIUM & EXPO
Premier Sponsor - Securonix
The National Insider Threat Special Interest Group (NITSIG)
is excited to
that it will hold a 1 day Insider Threat Symposium & Expo ™
on July 18, 2017, at the
Johns Hopkins University - Applied Physics Laboratory, in Laurel,
Maryland. There is NO CHARGE to attend. Registration information
Insider Threat Symposium & Expo Overview
Threat Symposium & Expo was created in the wake of past and
Threat Incidents" that have been very
costly and damaging to the U.S. Government and businesses.
The NITSIG has complied some "Eye Opening"
reports, surveys and incidents
that should be of concern to all CEO's
and security professionals.
The NITSIG has lined up
excellent speakers with "Hands On Experience", who are Insider Threat
Risk Mitigation Subject Matter Experts, and
work for the U.S. Government, Defense Contractors and private sector
businesses. (Speaker Info Below)
Insider Threat Symposium & Expo is a MUST ATTEND event for individuals
working for the U.S. Government, State Governments, Department of
Defense, Intelligence Community Agencies,
Providers, Defense Contractors, Airport / Aviation
Security, Banking-Finance Industry, Health Care Industry, and other large and small businesses.
Insider Threat Symposium & Expo is exclusively focused on the
many aspects of Insider Threat Risk Mitigation; The Insider Threat Program
Implementation, Management), Insider Threat Awareness, Employee
Threat Identification and Mitigation, and more.
Insider Threat Symposium & Expo will provide attendees with access
to a large network of security professionals for collaborating with on
all aspects of Insider Threat Risk Mitigation.
Symposium will also include a panel of industry recognized
Insider Threat Risk Mitigation Experts. These experts will answer questions from
the audience providing "Real World Guidance" for Insider Threat Program
Management and Insider Threat Risk
your looking for guidance for compliance with Executive Order 13587
- National Insider Threat Policy and NISPOM Conforming Change 2 -
Insider Threat, this is the event you don't want to miss.
The Insider Threat Symposium & Expo is also very well suited for
organizations that are not mandated by a compliance requirement to
implement an Insider Threat Program, but are concerned about
Employee Threat Identification and Mitigation.
The Expo will provide attendees with visibility into
proven technologies and services for Insider Threat Detection, Mitigation and
Prevention. If you want to see Employee User Activity Monitoring /
Behavioral Analytical Tool demonstrations, this is the event. More
details on vendors below.
Attend? / Target Audience
audience for the Insider Threat Symposium & Expo is for individuals that
manage or support Insider Threat Programs or are involved in Insider
Threat Risk Mitigation.
Insider Threat Program Manager
Insider Threat Program Personnel /
Program Working Group Members
Resources / Personnel Security
Physical Security / Facility Security Officers
C-Suite Management (CEO) / Senior Directors
Level Management / Business Unit Managers
Risk Officer / Risk Management
Information Officer (CIO) / Information Technology (IT) Department
Information Security Officer (CISO)
Security Program Manager
Information Systems Security Manager / Officer
Information Assurance Manager / Officer
Network Security / IT Security / Database Administrators
Security, Education Training And Awareness Professionals
Computer Security Incident Response Team
Contracting Officer (COTR)
/ General Counsel
NITSIG ITSE 2017 JHU-APL -- Event And Speaker Agenda Schedule
FBI Special Agent Dewayne Sharp
FBI Insider Threat Center
Using The Situational Crime Prevention Model To Prevent Insider Threats
Insider Threat Programs are typically reactive as they focus on
analyzing employee behavior and encouraging the reporting of security
violations. Most cyber security tool sets only cover network perimeters
and trigger when a person commits a boundary violation. These efforts
work to reduce the size of the population under scrutiny. Organizations
rarely address reducing the environment which Insiders work within. An
Insider Threat Program is only going to be moderately effective, if the
organization does not spend resources to close gaps in the
organization’s policies, business processes and security programs, which
an Insider could exploit. During his discussion, Dewayne will present
the Situational Crime Prevention Model and suggest ways organizations
can use this model to limit the potential for Insider attacks.
National Geospatial-Intelligence Agency Insider Threat Program Office
Insider Threat Future Challenges
With the establishment and enhancement of Insider Threat
Programs over the past decade, each and every member of our community
has experienced different challenges and successes. Our workforce, the
information we are trying to protect, and advancing technologies are
some of the prime factors that continuously change our operational
space. So what are the challenges of the future that will help take our
profession to the next level and assure we can meet the mission tasks
assigned by our leaders. Mr. Maille will discuss three challenge areas
for future development that are critical to the success of our programs
in both governmental and commercial environments.
Charles S. Phalen, Jr.
Director of the National Background Investigations Bureau
Safeguarding the integrity and trustworthiness of the Federal
workforce is a critical need and responsibility. The National Background
Investigation Bureau (NBIB) was launched on October 1, 2016 as the
primary service provider of background investigations for the Federal
Government with the mission of delivering efficient and effective
background investigations. Among his presentation topics, Mr. Phalen’s
discussion will include NBIB’s mission and guidance on the background
investigation process as well as the importance of continuous evaluation
Director Counterintelligence Operations and Corporate Investigations
Insider Threat Program Management (Defense Contractor Focused)
Managing the day to day operations of an Insider Threat Program.
(Developing an Insider Threat Program, Executing an Effective Insider
Threat Program Aligned with Corporate Values, Challenges, Quick Wins,
Data Sources For Insider Threat Detection, Handling An Insider Threat
Concern / Incident, Tips etc.)
Robert Gallagher: Operational Psychologist
Senior Partner / Director Of Psychological Consultation and
Guardian Defense Group
NITSIG Board Member / Scientific Director
What Should The Insider Threat Program / Working Group Be Looking For?
(What The Government Wants You To Look For. Stepping Outside Compliance
- Other Behavioral Indicators Of Concern)
Michael J. Lipinski: CISO & Chief
Using User And Entity Behavior Analytics And Big Data to
Combat / Detect Insider Threat
have invested heavily in SIEM event monitoring software. While these
solutions are effective for event collection and simple threat
detection, they are not built for the sophisticated inside-actor based
TTPs being employed by hackers today and tend to flood analysts with
false alerts. Is it possible to add user-centric behavior analytics and
machine learning capabilities to your existing SIEM in order to generate
intelligence on critical threats against the entire IT environment? We
will discuss how SIEM, UEBA and Big Data Logging are coming together to
help tackle the new class of insider threats confounding SOC analysts
Tom Hofmann: Vice President
Flashpoint Deep And Dark Web Intelligence Experts
Utilizing Deep & Dark Web Intelligence To Address And Mitigate
(Cyber Criminal - Insider Threat Collusion)
rely on open web sources, such as search engines, social media, and
paste sites to identify insider threat scenarios. While useful, failing
to monitor illicit forums and marketplaces on the Deep & Dark Web can
leave an organization vulnerable to unforeseen attacks.
Flashpoint’s comprehensive access to forums on the Deep & Dark Web
enables quick detection and proactive mitigation of relevant threats. In
one instance, Flashpoint identified a message posted to an elite
cybercrime forum offering the sale of administrative-level access to a
hospital database containing millions of PII records. Flashpoint was
then able to identify the individual as a hospital employee. Using
Flashpoint’s intelligence, the hospital was able to prevent the sale of
database and take appropriate actions against the employee.
This presentation will examine use-case examples to illustrate how
Business Risk Intelligence (BRI) derived from the Deep & Dark Web can
help organizations address threats, inform decisions, and mitigate risk.
Shawn Thompson: Insider Threat Lawyer (Corporate Legal Services)
NITSIG Board Member / Legal Advisor
Insider Threat Law
A Lawyer's Guide To Insider Threat Program Management / Legal
Counterintelligence Program Lead
Creating The Big Picture Of A Potential Insider Threat From Multiple
This presentation will
focus on the many elements that are needed for an effective Insider
Threat Program. (Insider Threat Program Working Group: Stakeholder
Communication and Sharing of Potential Employee Threat Information,
Thinking Outside The Box Of Compliance Regulations and more). Mr.
Kanefsky has extensive experience in the many different aspects of
Insider Threats. Prior to beginning with Northrop Grumman, he served 25
years as a Special Agent of the FBI, and was assigned to the New Orleans
Division, Baton Rouge Resident Agency, where he led public corruption,
healthcare fraud, and bank fraud investigations. Mr. Kanefsky has been
involved in investigative case work where he addressed several sensitive
counterintelligence matters and National Security matters.
Jim Henderson: Insider Threat Risk Mitigation Expert
NITSIG Founder / Chairman
CEO Insider Threat Defense, Inc.
Data Exflitration Using The Malicious Insider Playbook Of Tactics -
Insider Threats Made Easy - James Bond 2017
This presentation / demonstration will focus on understanding simple
techniques that "Malicious Insiders" can use to exflitrate data and
other valuable information from within an organization. These
techniques have successfully been used to exflitrate sensitive business
information during Insider Threat Risk Assessments. Understanding the
"Malicious Insiders Playbook" of options is critical.
The Expo will provide attendees with visibility into
proven technologies and services (Currently Used By The U.S. Government
/ Private Sector) for Insider Threat Detection, Mitigation and
Prevention. If you want to see Employee User Activity Monitoring /
Behavioral Analytical Tool demonstrations, this is the event.
Some of the many great comments that were provided to the NITSIG about
the 2015 ITS&E, were the outstanding speakers and the large selection of
vendors that were on display. The NITSIG anticipates a large number of
vendors for this event.
- Premier Sponsor Of The NITSIG Insider Threat Symposium & Expo
Securonix is radically transforming enterprise security with actionable
security intelligence. Our purpose-built, advanced security analytics
technology mines, enriches, analyzes, scores and visualizes data into
actionable intelligence on the highest risk threats from within and
outside their environment. Using signature-less anomaly detection
techniques that track users, account and system behavior, Securonix
detects the most advanced insider threats, data security and fraud
attacks automatically and accurately. Globally, customers use Securonix
to address basic and complex needs around threat detection and
monitoring, high privileged activity monitoring, enterprise and web
fraud detection, application risk monitoring and access risk management.
honored with an unprecedented
20 awards at the 2017 Info Security Products Guide Global Excellence
Awards, held in conjunction with the RSA Conference.
Tanager is a Women
Owned Small Business with core capabilities in Cyber Security and
Insider Threat. Since 2009, Tanager’s multidisciplinary team of Insider
Threat experts have implemented numerous Insider Threat Programs for
government agencies and commercial organizations. From data analysis and
investigations to deploying, monitoring and supporting state-of-the-art
applications that identifies and responds to the internal threats, we
are truly the leader for providing Insider Threat services to the
federal government. NCIX Insider Threat Program of the Year award; 2 DIA
Quantum Secure SAFE for
Government solution provides a policy-based approach to managing and
enrolling PIV cardholders into diverse PACS including the following
Enrollment of the newly
issued PIV credentials in diverse PACS, including biometric /
biographical data capture from the PIV card.
PACS systems and logical authoritative identity systems, such as LDAP/IdM/HR
systems or other third-party PIV database applications.
Establishing a single
reference point of all cardholders (PIV and non-PIV) across agencies and
across diverse PACS and Logical Access Systems (LACS)
Single and centralized
rules-based process for access privilege provisioning and ongoing access
management within and across agencies.
PIV card lifecycle
management in PACS (PIV card activation, status inquiry, lost or stolen
cards, provisioning and revocation, card expiration policies, etc.)
enrollment and management for PIV and non-PIV cardholders
Complete auditing and
reporting, from the transaction level to the executive dashboard
Insider Threat Defense (ITD) has become the "Leader-Go To
Company" for Insider Threat Program Development / Management Training,
Employee Threat Identification And Mitigation Training
and Insider Threat Risk Management Services. We provide a broad
portfolio of training and services to potential clients, that will
address "Insider Threat Risks" with a cost effective, comprehensive and
ITD has provided our training and services to 500+ organizations
and 600+ security professionals working for;
U.S. Government Agencies (Department of Defense, Intelligence
Community), Defense Contractors, NCMS Members / Chapters, Defense
Security Service, Critical Infrastructure Providers, Aviation / Airline
Industry, Spacecraft Manufacturing-Launch Providers, Technology
Companies, Banking - Financial Industry, Health Care Industry, and other
large and small businesses.
ITD is extremely confident that you'll be happy with our training and
services. ITD can say with confidence that our clients are ranking us
#1 compared to the competition.
Veriato is an innovator in actionable User Behavior Analytics and a
global leader in User Activity Monitoring. More than 36,000 companies,
schools, and government entities worldwide utilize Veriato to gain
insight into the user activity on their network and enjoy the security
and productivity increases that come with it. Veriato’s product line
includes the world’s leading employee investigation tool (Veriato
Investigator), award-winning User Behavior Analytics (Veriato Recon) and
enterprise-grade User Activity Monitoring (Veriato 360).
Delta Risk was founded in 2007 from a vision of strategic and
operational effectiveness to assist private sector and government
organizations in understanding their current cyber security posture and
building advanced cyber defense and risk management capabilities. We are
a global provider of strategic, operational, and advisory solutions,
including managed security services and security consulting services.
Delta Risk is a Chertoff Group company.
Flashpoint - The
Global Leader In Delivering Business Risk Intelligence (BRI) From The
Deep & Dark Web
Flashpoint delivers BRI to empower business units and functions across
organizations to make better decisions and mitigate risk. The company's
unique Deep & Dark Web data, expertise, and technology enable our
customers to glean intelligence that informs risk and protects their
ability to operate.
Fortune 500 and government customers utilize
Flashpoint's intelligence across the enterprise, including bolstering cybersecurity, confronting fraud, detecting insider threats, enhancing
physical security, assessing M&A opportunities, and addressing vendor
risk and supply chain integrity.
For corporations with limited
experience availing themselves of Deep & Dark Web intelligence,
Flashpoint has tailored offerings that deliver comprehensive reporting
and monitoring on their behalf. Flashpoint is backed by Greycroft
Partners, TechOperators, K2 Intelligence, Jump Capital, Leaders Fund,
Bloomberg Beta, and Cisco Investments.
Follow Us On Twitter:
provides the tools to validate and efficiently manage requirements
compliance of your industrial security program. SIMS (Security
Information Management System) will improve your security posture and
afford protection from both internal and external threats.
Since 1983, SIMS Software has been a pioneer in automating industrial
security information management and today remains recognized as the
industry leader in the field, providing the U.S. Government and defense
contractors with innovative solutions and systems. SIMS assures
compliance with the National Industrial Security Program. Our dedicated
team of seasoned experts will assist with creating and maintaining your
superior security program. The newest SIMS release supports NISPOM C2
with an enhanced Insider Threat Program capability to Deter, Detect and
Forcepoint is transforming cybersecurity by focusing on what
matters most: understanding people’s intent as they interact with
critical data and intellectual property wherever it resides. Our
uncompromising systems enable companies to empower employees with
unobstructed access to confidential data while protecting intellectual
property and simplifying compliance. Based in Austin, Texas, Forcepoint
supports more than 20,000 organizations worldwide.
Forcepoint Insider Threat is a mature, demonstrably scalable and
operationally-proven UAM solution developed from the ground up as an
insider threat tool.
Follow Us On Twitter:
enables enterprises to continuously quantify the financial impact of
cyber risk based on actual conditions detected in their environment. The
company’s flagship product, Risk Fabric®, is a software platform that
calculates the value at risk associated with specific threats and
vulnerabilities, that when mitigated, measurably reduce cyber risk
exposure. Using Risk Fabric, stakeholders across the business can
prioritize their remediation activities and direct their limited
resources at the risks that matter most. Risk Fabric benefits
enterprises with a financial measurement of cyber risk that’s based on
current detectable conditions in the enterprise environment, gathered
from existing security tools and business context. The platform also
provides value based prioritization of remediation, reduced regulatory
risk, reduced costs and improved timeliness of action by automating the
delivery of personalized and prioritized vulnerabilities to
line-of-business application owners responsible for remediation.
Follow Us On Twitter:
complete visibility and control over each of the people with access to
sensitive information within the organization, including assessing their
activity, motivation, and intent, to proactively detect and respond to
insider risks. Only with RedOwl can organizations quickly, accurately,
and confidently answer the following questions:
What is risky behavior in our organization?
Who are the riskiest people?
Is this behavior problematic?
SECURITY MANAGEMENT SYSTEMS, INC. (ISMSI)
ISMS software is an industry leader and innovator, and covers all
aspects of security management including Personnel, Classified
Materials, Visits and Conferences, VALs / VARs, Physical Security,
Briefings, Foreign Travel, DD-254s and others. ISMS enables the
FSO in any size business to configure the program to reflect their
business plans and policies. ISMS is configurable by role, function,
access, privilege, hierarchy, or any other need. Developed by FSOs for
FSOs, ISMSi’s goal is to provide the FSO with the tools essential to the
mission. ISMS was first to market Insider Threat software. The ISMS Risk
Assessment Program modules include; Insider Threat (including
Pre-employment screening), NISP Enhancement Categories, Self-Inspection
Checklist (Possessing), and Self-Inspection Checklist (Non-Possessing).
Each Checklist contains the new Section Y, Insider Threat. In addition
to the NISPOM Change 2 requirements, ISMS encompasses the NIST 800
series, JSIG, JAFAN, DHS and DoD current and evolving requirements.
The Exabeam Security
Intelligence Platform provides organizations of all sizes with
end-to-end detection, analytics, and response capabilities from a single
security management and operations platform. Exabeam SIP includes
Exabeam Log Manager, a modern log management system, built on top of
ElasticSearch to provide unlimited data ingestion at a predictable, cost
effective price. Exabeam SIP detects complex, multi-stage threats using
the analytics capabilities of Exabeam Advanced Analytics; the world's
most deployed User and Entity Behavior Analytics (UEBA) solution.
Finally, Exabeam SIP improves incident response efficiency with Exabeam
Incident Responder, an API based security orchestration and automation
powerful and affordable IT management software to customers worldwide
from enterprises of all sizes to virtually every civilian agency and
branch of the US Military. We focus exclusively on IT Pros and strive to
eliminate the complexity that they have been forced to accept.
SolarWinds delivers on this commitment with unexpected simplicity
through products that are easy to find, buy, use and maintain while
providing the power to address any IT management problem.
CAPITOL TECHNOLOGY UNIVERSITY
University is the only independent institution in Maryland dedicated to
engineering, computer science, cybersecurity, IT and business analytics.
Capitol offers bachelor’s, master’s and doctoral degree programs. All
graduate degree programs are offered online. The master’s in cyber and
information security is a 36-39 credit graduate program designed to meet
the growing demand for highly skilled professionals in the specialty
field of cybersecurity. The doctorate in cybersecurity is designed as a
predominately online program to attract professionals employed full-time
that are seeking professional education that will allow them to perform
as senior leaders, program developers and policy makers in the
cybersecurity field. Capitol is accredited by the Commission on Higher
Education of the Middle States Association of Colleges and Schools.
Capitol is designated a CAE in Information Assurance Education by DHS
Follow Us On Twitter:
Dtex helps you understand what your users are doing in your environment
so you can secure your business better. The advanced behavior
intelligence platform is scalable enough to be deployed enterprise-wide
without negative impact to network performance. It gives you complete
visibility into everything your users do on their work devices –
on and off the corporate network – without compromising their privacy.
In addition to the thousands of already known patterns of bad behavior,
our analytics engine quickly establishes baseline individual user
patterns and gives you actionable, contextual alerts when anomalies are
found. With Dtex, you can eliminate insider threats, protect against
outside infiltrators, and find gaps in your existing security.
Dtex is a breed of its own. It is lighter and more visibility-focused
than DLP, cuts through the noise more effectively than SIEM, and bases
its analytics on endpoint visibility that most out-of-the-box UEBA
solutions are blind to. It’s the combination of thorough endpoint
visibility and intelligent, adaptive analytics that is perfectly poised
to fill the gaps and weaknesses of other security systems.
secure software for insider threat case management, file sharing and
other business processes. The company’s products provide insider threat
teams with efficient, productive, repeatable business processes for
managing, tracking and documenting insider threat investigations, as
well as for communicating with investigation teams and stakeholders.
Built on technology created for, certified (Under ICD 503) by and used
in US Federal Intelligence Agencies, Yakabod’s solutions provide
comprehensive security to protect sensitive, high stakes insider threat
case data from both external and internal threats and to minimize the
risk associated with improper access to or disclosure of sensitive
insider threat information.
Splunk User Behavior
Analytics helps organizations find known, unknown and hidden threats
using machine learning, behavior baseline, peer group analytics, and
advanced correlation to find lurking APTs, malware infections, and
insider threats. It addresses security analysts and hunter workflows,
requires minimal administration, and integrates with existing
infrastructure to locate hidden threats.
Splunk can provide the data platform and security analytics capabilities
needed to allow organizations to monitor, alert, analyze, investigate,
respond, share, and detect known and unknown threats regardless of
organizational size or skillset.
SECURITY FIRST & ASSOCIATES
At Security First &
Associates (SFA), we take great pride in our thorough and extensive
knowledge of government and industry-specific security & IT regulations.
We will assess your program and offer solutions that are in compliance
with the National Security Industry Program (NISP) and the CI community.
A full suite of corporate security services designed to not only meet
your needs, but to exceed your expectations. With more than 20 years'
experience in all aspects of security administration plus a talented
nationwide pool of professionals, SFA is truly your trusted partner in
Security & Information Technology.
LEIDOS CYBER, INC.
Leidos Cyber, Inc. is part
of Leidos a global science and technology solutions and services leader
working to solve the world’s toughest challenges in the defense,
intelligence, homeland security, civil, and health markets. The
company’s 32,000 employees support vital missions for government and
commercial customers. Headquartered in Reston, Virginia, Leidos reported
annual revenues of approximately $7.04 billion for the fiscal year ended
December 30, 2016.
Exec Security provides Electronic Security Sweeps and Cyber TSCM
services. We specialize in electronic privacy protection through
technical surveillance countermeasures (TSCM), providing security sweeps
for electronic surveillance, listening devices, and technical cyber
Insider threats and corporate espionage often involve advanced technical
devices not considered during typical security and cyber inspections.
Threats can be concealed within existing hardware such as telephone and
communications equipment, or planted in a covert manner such as with
hidden cameras, cellular transmitters, or rogue wifi devices.
Professional TSCM sweeps are needed to insure that boardrooms, meeting
facilities, research labs, and offices are secure from such intrusion
and information theft.
Exec Security has been providing TSCM sweeps for over twenty years. We
are based in New York but offer services throughout the U.S, and
worldwide. As one of the few professional TSCM providers in the United
States, our goal is to provide the highest standard of technical
services for executive and corporate security.
MathCraft Security Technologies is a leading provider of
software and technologies for the Facility Security Officer (FSO). These
officers are tasked with safeguarding our nation’s most sensitive
information in accordance with the National Industrial Security Program
Operating Manual (NISPOM). We provide FSOs with tools and services to
simplify work demands and stay compliant through our products Access
Commander, ViSi Commander and Portal Commander.
Among other modules, our flagship product Access Commander supports
Personnel Security, Classified Document Control, Domestic/International
Visit Requests, Contract Management and Insider Threat. Our software
tools are compliant with the requirements of the NISPOM Change 2. The
software solutions support the full range of company sizes, from a
single person to multi-facility enterprises and available on cloud
subscription and on-prem deployment.
TrustedSec is a leader in the Information Security Industry and
is composed of senior level security experts. We are driven by our
relationships with our clients to meet your security concerns and exceed
your expectations. We offer many services that range from technical to
advisory. We are your Trusted source for Information Security.
Digital Guardian is a next generation data protection platform
purpose built to stop data theft. Digital Guardian’s unique data
awareness and endpoint visibility, combined with behavioral threat
detection and response, enables organizations to protect data without
slowing the pace of their business.
LOCATION / REGISTRATION
Johns Hopkins University - Applied
Physics Laboratory (JHU-APL)
11100 Johns Hopkins Road
Right Off Of Johns Hopkins Road Onto Pond Road-See
Map Under Parking Information Below)
Laurel, MD 20723-6099
JHU-APL Visitor Guide
(See Page 8 For Hotels)
NITSIG ITSE JHU-APL Laurel, Maryland Map
FREE (Open To Non-NITSIG Members)
For more information on becoming a NITSIG Member (No Cost), please see
the link below:
Limited # Of Tickets (500)
Food / Beverages
Complimentary coffee will be provided (Morning, Afternoon)
Lunch is available in the JHU-APL cafeteria, or surrounding food
must be a U.S. Citizen to attend this event. A valid Drivers License or
U.S. Government issued ID is required at the door.
News Media Representatives
MUST BE APPROVED
by the NITSIG to attend this event.
Continuing Professional Education Credits
will be eligible to earn 8 Continuing Professional Education (CPE)
Credits to go toward your security certification CPE requirements.
Please send any questions about this event via
Or call; 561-809-6800