Premier Sponsor - Veriato


The NITSIG is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo on October 19, 2018, at the Johns Hopkins University - Applied Physics Laboratory, in Laurel, Maryland.


This will be the 3rd Annual Insider Threat Symposium & Expo that the NITSIG has held. The NITSIG has lined up another group of outstanding speakers for this event.  The confirmed speakers and registration information can be found below. Please check back as more information becomes available for this event.


To avoid confusion and to clarify the following, the NITSIG is making the following statement. Another organization, the Defense Strategies Institute (DSI), is having an Insider Threat Symposium (ITS), on October 15-16, 2018, in Alexandria, VA. The costs to attend the DSI ITS range from $690 to $1090.


The NITSIG IS NOT affiliated with DSI. Some of the same speakers that will be speaking at the DSI ITS, will be speaking at the NITSIG Insider Threat Symposium and Expo (ITSE). The cost for the NITSIG ITS&E is only $25.00. Attendees of the 2015 and 2017 NITSIG ITS&E have stated that the events had great speakers, provided lots of valuable information and provided great networking opportunities. Attendee comments can be found further down this page.


Would You Like To Be Added To The NITSIG E-Mail Distribution List For

Meeting Announcements And Other Information?

Sign Up


Insider Threat Symposium & Expo Overview

The Insider Threat Symposium & Expo  was created in the wake of past and continued "Insider Threat Incidents" that have been very costly and damaging to the U.S. Government and businesses.


The NITSIG has complied some "Eye Opening" reports, surveys and incidents that should be of concern to all CEO's and security professionals.


The NITSIG has lined up some excellent speakers with "Hands On Experience", who are Insider Threat Risk Mitigation Subject Matter Experts, and work for the U.S. Government, Defense Contractors and private sector businesses, managing or supporting Insider Threat Programs.  (Speaker Info Below)


The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Contractors, Airport / Aviation Security, Banking-Finance Industry, Health Care Industry, and other large and small businesses.


The Symposium will focus on, and provide guidance on developing, managing or enhancing an Insider Threat Program (ITP) / ITP Working Group, ITP Unintended Impacts / Consequences / Challenges, Employee Threat Identification and Mitigation, Insider Threat Fraud, Employee User Activity Monitoring, Protecting Controlled Unclassified Information  and more.


The Insider Threat Symposium & Expo will provide attendees with access to a large network of security professionals for collaborating with on all aspects of Insider Threat Risk Mitigation.


The Symposium will also include a panel of industry recognized Insider Threat Risk Mitigation Experts. These experts will answer questions from the audience providing "Real World Guidance" for Insider Threat Program Management and Insider Threat Risk Mitigation.


The Insider Threat Symposium & Expo is also very well suited for organizations that are not mandated by a compliance requirement to implement an Insider Threat Program, but are concerned about employee threat identification and mitigation.


The Expo will provide attendees with visibility into proven technologies and services for Insider Threat Detection, Mitigation and Prevention. If you want to see Employee User Activity Monitoring / Behavioral Analytical Tool demonstrations, this is the event.  More details on vendors below.



Who Should Attend? / Target Audience

The target audience for the Insider Threat Symposium & Expo is for individuals that manage or support Insider Threat Programs or are involved in Insider Threat Risk Mitigation.

  • Insider Threat Program Manager

  • Insider Threat Program Personnel / Analyst

  • Insider Threat Program Working Group Members

  • Human Resources / Personnel Security

  • Physical Security / Facility Security Officers

  • Counterintelligence Investigators

  • C-Suite Management (CEO) / Senior Directors

  • Mid Level Management / Business Unit Managers

  • Chief Risk Officer / Risk Management

  • Chief Privacy Officer

  • Chief Information Officer (CIO) / Information Technology (IT) Department

  • Chief Information Security Officer (CISO)

  • Cyber Security Program Manager

  • Information Systems Security Manager / Officer

  • Information Assurance Manager / Officer

  • Network Security / IT Security / Database Administrators

  • Security, Education Training And Awareness Professionals

  • Computer Security Incident Response Team

  • Contracting Officer (COTR)

  • Legal / General Counsel




Symposium Agenda



Keynote Speaker
William R. Evanina
Director, National Counterintelligence and Security Center


Presentation Topic:
The Importance Of Addressing The Insider Threat With An Insider Threat Program

Presentation Abstract:
No matter how good your perimeter defenses are, you must always contend with the problem of the insider-- malicious or otherwise. Insider threat actors have a comparative advantage over others in the arena of critical infrastructure. They have access to facilities, systems or networks that terrorists and nation-state threat actors typically do not have. They know how to do damage in nuanced ways, not just relying on remote-access cyber, but using digital technologies. Insiders may also be unwitting, compromising information or security through negligent or lax practices (i.e., clicking on the spear phishing link). Continually advancing technology enhances malicious insiders’ ability to exploit large quantities of sensitive information. It may be difficult to stop an insider who is determined to steal, leak, or sell information. A malicious insider may also put personnel, equipment and facilities at risk through acts of terrorism, workplace violence, or sabotage. Holistic Insider Threat Programs—whether in the public or private sector—are in a much better position to proactively identify abnormal activity and to minimize potential damage when it occurs. They are able to identify and analyze anomalous activity, using multiple data sources, and refer the matter to the proper authority for mitigation and/or response. Ideally, Insider Threat Programs will get ahead of an unauthorized disclosure, by closing potential security gaps and/or identifying personnel who need assistance, before any damage occurs.





Patrick Knight
Senior Director Of Cyber Strategy And Technology

Presentation Topic:
Assessing Your Insider Threat Program’s Maturity

Presentation Abstract:
Just because nearly every organization is aware of insider threats, they don’t all address the problem in the same way. And yet, there are industry-recognized best practices that, in total, can be used to properly establish and maintain an Insider Threat Program. In this educational session, join Patrick Knight from Veriato, as he uses the findings from an Insider Threat Program Maturity Model survey to help you:

  • Identify just how mature is your organization’s program.

  • Spot the common challenges every organization faces – and learn how to overcome them.

  • Learn how to mature your program to one that’s consistently aligned with the needs of your organization.

Patrick Knight is Senior Director of Cyber Strategy and Technology at Veriato, a leader in actionable User Activity Monitoring and User and Entity Behavior Analytics helping vital industries across the globe identify and protect against insider threats.

Mr. Knight spent 12 years in the U.S. Intelligence Community helping to protect the country. Since 2001 he has worked for major security leaders developing technologies and guiding online security policies and innovation including encryption, network intrusion detection and anti-malware threat protection.





Daniel Costa
Lead Of The Insider Threat Technical Solutions Team
CERT National Insider Threat Center

Presentation Topic:
A Framework To Effectively Develop Insider Threat Controls

Presentation Abstract:
The CERT Insider Threat Center will present a framework for organizations to consider as they first attempt to identify insider threats to critical assets and second as they develop, implement and measure the effectiveness of technical and nontechnical controls and detection capabilities. Actual incidents of insider harm will be presented to demonstrate control development using the framework.





Davita N. Carpenter, M.B.A., SHRM-SCP
Vice President, Human Resources / Employee Care
Compliance / Ethics / EEO Officer
Novetta Inc.

Presentation Topic:
Insider Threat Program: Is Human Resources At The Table And Engaged?

Presentation Abstract:
The presentation will focus on Human Resources (HR)' level of engagement and commitment to the Insider Threat Program. The gathering and sharing of employee information is essential for the success of an Insider Threat Program. Equally important is protecting employee's privacy and civil liberties. If you are asking "How can HR be successful in this role?", this presentation is for you.






Mark Riddle
Principal For CUI Program Oversight
Information Security Oversight Office
National Archives and Records Administration

Presentation Topic:
Protecting Controlled Unclassified Information (CUI)

Presentation Abstract:
Background On Protecting CUI - On November 4, 2010, the President signed Executive Order 13556, Controlled Unclassified Information. The Executive Order established a government wide CUI Program to standardize the way the executive branch handles unclassified information that requires protection. It designated the National Archives and Records Administration (NARA) as the Executive Agent to implement the program. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office.

The requirements for the protection of CUI provide a set of “minimum” security controls for contractor information systems upon which CUI is processed, stored on, or transmitted through. These security controls must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations.

The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

For an Insider Threat Program to be robust and effective, it must be built upon an established security foundation within an organization. The NIST SP 800-171 covers many security controls that can support Insider Threat Risk Mitigation.

This presentation will provide the attendees with an overview of the CUI Program, its origins, and review the safeguarding elements found in the CUI implementing directive 32 CFR Part 2002.


Mark Riddle is a Senior Program Analyst for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration. He serves as Lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program. He co-authored the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). This publication recommends standards for protecting CUI in nonfederal electronic environments that may be prescribed in agreements between federal and nonfederal partners. Mr. Riddle consults with Executive branch departments and agencies, and with industry and other nonfederal organizations on the structure and implementation of the CUI program, and its impact on the protection of sensitive information within these entities.





Dr. Max Alexander
Chief Technology Officer, Digital Transformation
Defense and Intelligence
Aveshka, Inc.

Presentation Topic:
Conducting User Activity Monitoring With Your Existing Network Infrastructure

Presentation Abstract:
The presentation focuses on using your existing network infrastructure to conduct user activity monitoring. This presentation is designed for organizations just starting to implement User Activity Monitoring and Insider Threat Programs within their organizations. It provides a basis for achieving an initial operating capability until other tools and infrastructure can be implemented, or allows the organization to tune their existing tools to achieve a maximum return on investment if no other tools will be purchased.

Dr. Max Alexander serves as the Chief Technology Officer and Director of Cybersecurity for Aveshka Inc. where he consults with federal and commercial clients in cyber and information security issues ranging from digital forensics, incident response, data loss prevention, risk management, COOP, disaster recovery, and insider threat. He also serves as a Professor of Digital Forensics at The George Washington University and the University of Maryland University College where he trains and mentors future forensicators using his two decades of experience as a former intelligence officer where he specialized in National Level Counterintelligence (CI), Human Intelligence (HUMINT), and Signals Intelligence Collection (SIGINT) at the National Security Agency and the National Counterintelligence Executive. His educational accomplishments include certification as a DoD Cyber Crime Investigator and completion of a Master of Science Degree in Science and Technology Intelligence from the National Intelligence University, a Master of Engineering (Cybersecurity) from the George Washington University and Doctorate in Public Administration from Valdosta State University, where his concentration is in Science and Technology Policy.




Dr. Liza Briggs
Social Scientist
US Marine Corps HQ Intelligence Department

Presentation Topic:
Social Science And Insider Threat: Being The Insider’s Outsider

Presentation Abstract:
Social Science perspectives uncover gaps, address unintended impacts and provide assessment and analytic capabilities that advance Insider Threat Program objectives. Dr. Briggs will discuss examples of common dynamics, challenges and tools relevant to Insider Threat Programs, while highlighting the application of Social Science methods and tools.

Dr. Liza Briggs is a civilian Social Scientist at the U.S. Marine Corps Headquarters (USMC HQ) Intelligence department (I Dept.) Insider Threat program (InTP) in Quantico, Virginia. She has over a decade of experience providing research to support policy makers. Her prior experience includes work at U.S. Africa Command (AFRICOM), Department of State (DOS), Broadcast Board of Governors (BBG), National Defense University (NDU), non-government and private sector entities.

Dr. Briggs holds a Bachelor’s degree in Psychology from James Madison University, a Master’s degree in Higher Education from Virginia Polytechnic Institute and State University and a PhD in International Policy Studies from The University of Maryland- College Park. Dr. Briggs has conducted research in over 20 countries. She is a native English speaker and highly proficient in French.





Tammy Smith
Operations Manager, Office of Security
Office Of The Comptroller Of The Currency

Presentation Topic:
Office of the Comptroller of the Currency (OCC) Insider Threat Program Team Approach

Presentation Abstract:
The Department of Treasury has the main responsibility of Insider Threat Program monitoring. As a bureau OCC has a responsibility of employee safety that the Treasury program does not monitor at the departmental level. Mrs. Smith will discuss examples of OCC collaboration of the Crisis Management Team approach in dealing with the security challenges and departmental dynamics when having responsibility of over 70 sites of across the United States.

Mrs. Smith is the Operations Manager for the Office of Security, Office of the Comptroller of the Currency (OCC). She has over 18 years’ experience as a Law Enforcement Officer and Agent. She is currently the Insider Threat Program Liaison between the OCC and The Department of Treasury.

Mrs. Smith has worked for the Prince William County Police from 1999-2010 where she served as a patrol officer, instructor at the Academy, detective, and Sergeant. She was a member of the SWAT team and one of her assignments was undercover in the Vice Narcotics Section as a member of a Federal Joint Task Force before being recalled to Operation Iraqi Freedom. Mrs. Smith severed in the Navy and Naval reserve as a Filed Corpsman for over 20 years, she ultimately retired from the Naval Reserve in 2009.

In 2011, Mrs. Smith was a Federal Agent assigned to Headquarters, Department of Homeland Security (DHS), where she worked as the Team Lead for the Force Protection Branch and assigned as an Investigator for the Insider Threat Program of DHS.  Mrs. Smith has conducted numerous inquiries into potential Insider Threat cases resulting in a wide range of disciplinary action.

Mrs. Smith holds an Associates and a Bachelor of Police Science degree from George Washington University. She also holds a Security Fundamentals Professional Certification from DOD. Mrs. Smith has taught Active Shooter Response both from a Law Enforcement and a general security professional prospective.




Jim Henderson (Bio)

Insider Threat Risk Mitigation Expert
NITSIG Founder / Chairman
CEO Insider Threat Defense, Inc.

Charles Patterson
President, Exec Security TSCM Services / Patterson Communications, Inc.

Presentation Topic:
Data / Information Using The Malicious Insider Playbook Of Tactics - Insider Threats Made Easy - James Bond 2018
Is Your Government Agency Or Business Being Bugged With Spy Gear?


Presentation Abstract:
The news during the week of August 12, 2018, reported that former White House employee Omarosa Manigault Newman used a Spy Pen to record conversations within the White House. Manigault Newman has dodged questions about how she made her recordings, but current and former White House staffers are reportedly concerned that she used a pen that looks like a typical writing tool but can actually record audio.

This presentation / demonstration will focus on understanding simple techniques and spy gear that "Malicious Insiders" can use to exfiltrate data and other valuable information from within an organization. These techniques have successfully been used to exfiltrate sensitive business information during Insider Threat Risk Assessments. Understanding the "Malicious Insiders Playbook" of options is critical.

Mr. Patterson specializes in providing electronic privacy protection through technical surveillance countermeasures (TSCM) inspections, providing security sweeps for electronic surveillance, listening devices, and technical cyber threats.




Alan Small
Certified Internal Auditor (CIA)
Certified Fraud Examiner (CFE)
Certified Instructor With The Maryland Police Training Commission For Fraud Investigation For Law Enforcement
President Of The Maryland Chapter Of The Association of Certified Fraud Examiners
Employed At Morgan State University - Responsible For University Wide Internal Management Auditing And Investigations

Presentation Topic:
Insider Threat Vulnerabilities And Fraud


Presentation Abstract:

Insider Threat Vulnerability (ITV) creates a pathway for the opportunist to access targeted sources of records from an inventory of files arranged into categories that contain operating footprints of organizational plans exposing the weaknesses of the internal control environment. An opportunist will take advantage of these weaknesses.

In all organizations, internal and external threat exposure can result in fraud and originates with underdeveloped business control practices. These exposures drive the heartbeat of every organization affecting hiring, communications, financial management, taxes, procurement, and physical plant, security, transportation, and food services operations. Such vulnerabilities weaken financial stability and become insider threats to the going concern opportunities for business success. A prescription of internal auditing and fraud assessment may serve businesses well to minimize the effects of these threats.







The following speakers from above will be part of the Insider Threat Discussion Panel:

Daniel Costa
Davita Carpenter
Alan Small
Mark Riddle




The Expo will provide attendees with visibility into proven technologies and services (Currently Used By The U.S. Government / Private Sector) for Insider Threat Detection, Mitigation and Prevention. If you want to see Employee User Activity Monitoring / Behavioral Analytical Tool demonstrations, this is the event. 

Some of the many great comments that were provided to the NITSIG about the 2015 ITS&E, were the outstanding speakers and the large selection of vendors that were on display. The NITSIG anticipates a large number of vendors for this event.




Would your company be interested in exhibiting at this event / expo? This is a very important event for your company to showcase its commitment and expertise in mitigating insider threats risks, but also your company's products and services as well. Additionally, you will have a great opportunity to collaborate with attendees on finding out their interests, needs and challenges related to insider threat risk mitigation.


If your company is interested in exhibiting at this event, please contact Jim Henderson via email to;

Or call; 561-809-6800


Vendors will be listed below as they register for the expo.


Insider Threat Defense (ITD) has become the "Leader-Go To Company" for Insider Threat Program Development / Management Training and Insider Threat Risk Management Services. We provide a broad portfolio of training and services to potential clients, that will address "Insider Threat Risks" with a cost effective, comprehensive and holistic approach.

(ITD Catalog)

ITD has provided our training and services to 540+ organizations and 685+ security professionals working for; U.S. Government Agencies (Department of Defense, Intelligence Community), Defense Contractors, NCMS Members / Chapters, Defense Security Service, Critical Infrastructure Providers, Aviation / Airline Industry, Spacecraft Manufacturing-Launch Providers, Technology Companies, Banking - Financial Industry, Health Care Industry, and other large and small businesses.
(ITD Client Listing)

ITD is extremely confident that you'll be happy with our training and services. ITD can say with confidence that our clients are ranking us #1 compared to the competition.

(ITD Client Comments)

More Information:


Veriato is an innovator in actionable User Behavior Analytics and a global leader in User Activity Monitoring. More than 36,000 companies, schools, and government entities worldwide utilize Veriato to gain insight into the user activity on their network and enjoy the security and productivity increases that come with it. Veriato’s product line includes the world’s leading employee investigation tool (Veriato Investigator), award-winning User Behavior Analytics (Veriato Recon) and enterprise-grade User Activity Monitoring (Veriato 360).

More Information:



Gemini Data provides a situational awareness platform (Smart Infrastructure), that transforms data analysis and management with AI. Gemini Enterprise automates the deployment and ongoing management of big data platforms like Splunk, Hadoop, and Cloudera, reducing the burden on teams that rely on these big data platforms every day. Gemini Enterprise is designed for modern architectures leveraging big data platforms needing to reduce complexity in the cloud or on premises. Gemini Data was founded and built by experts from Splunk, ArcSight, and RSE that understand the value of machine intelligence and security.


More Information:




Leidos Cyber, Inc is the commercial cybersecurity division of Leidos. Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 31,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.17 billion for the fiscal year ended December 29, 2017.

More Information:




MathCraft Security Technologies is the leading provider of innovative software for today’s security professionals. As a trusted partner within the industrial security community, we work with government and corporate organizations of all sizes to streamline operations, maximizing both productivity and efficiency.

MathCraft’s robust product lines are compliant with Defense Security Service (DSS) and NISPOM requirements for cleared contracts and enterprises. Our solutions are carefully engineered to improve security and compliance processes, giving Facility Security Officers (FSOs) and employees the comprehensive tools that they need to manage data, monitor visitors, and automate workflows. For ultimate convenience, they are also available on-premises or via a FedRAMP-approved.

More Information:


Exec Security provides Electronic Security Sweeps and Cyber TSCM services. We specialize in electronic privacy protection through technical surveillance countermeasures (TSCM), providing security sweeps for electronic surveillance, listening devices, and technical cyber threats.

Insider threats and corporate espionage often involve advanced technical devices not considered during typical security and cyber inspections. Threats can be concealed within existing hardware such as telephone and communications equipment, or planted in a covert manner such as with hidden cameras, cellular transmitters, or rogue wifi devices. Professional TSCM sweeps are needed to ensure that boardrooms, meeting facilities, research labs, and offices are secure from such intrusion and information theft.

Exec Security has been providing TSCM sweeps for over twenty years. We are based in New York but offer services throughout the U.S, and worldwide. As one of the few professional TSCM providers in the United States, our goal is to provide the highest standard of technical services for executive and corporate security.

More information:




SIMS Software provides comprehensive support for your Insider Threat Program. Identify threat indicators and mitigate risks before you’re compromised.

SIMS Insider Threat capabilities include compliance with NISPOM C2 insider threat requirements, detailed reporting related to foreign travel/contacts, incidents by quantity and type, access to information systems and containers/areas and more.

SIMS supports collaboration between functional elements with storage of insider threat data which can be shared or segregated based on company requirements.

Information can be compiled and tracked to identify potential insiders who meet or exceed thresholds, applied mitigation and compliance reporting.

Emails can be used to notify the ITPSO and insider threat working group regarding personnel requiring further review.

Our experienced security professionals are readily available to schedule a demo of our products and benefits for your organization.

More Information:



Dtex helps you understand what your users are doing in your environment so you can secure your business better. The advanced behavior intelligence platform is scalable enough to be deployed enterprise-wide without negative impact to network performance. It gives you complete visibility into everything your users do on their work devices – on and off the corporate network – without compromising their privacy. In addition to the thousands of already known patterns of bad behavior, our analytics engine quickly establishes baseline individual user patterns and gives you actionable, contextual alerts when anomalies are found. With Dtex, you can eliminate insider threats, protect against outside infiltrators, and find gaps in your existing security.

Dtex is a breed of its own. It is lighter and more visibility-focused than DLP, cuts through the noise more effectively than SIEM, and bases its analytics on endpoint visibility that most out-of-the-box UEBA solutions are blind to. It’s the combination of thorough endpoint visibility and intelligent, adaptive analytics that is perfectly poised to fill the gaps and weaknesses of other security systems.


Top 10 Reasons Why Organizations Deploy Dtex

More Information:



SolarWinds provides powerful and affordable IT management and monitoring software to customers worldwide, including nearly every U.S. civilian agency, DoD branch, and intelligence agency. Our products are easy to buy, install, use, scale, and maintain, yet still provide the power to resolve any IT management problem.

More Information:



Aveshka supports the full cyber range, from advising on policy, planning, and assessments; to cyber intelligence fusion operations; to network security operations; to digital forensics; to counteroffensive operations as well as a resilient systems development life-cycle.

We provide these services to a diverse set of commercial and Federal customers focused on national security and the nation’s critical infrastructure, including programs with multiple components of the Department of Homeland Security (DHS), the U.S. Cyber Command, DISA’s Joint Service Provider (JSP), as well as other elements of the intelligence community and the commercial sector.


  • Design and Implementation of Tools and Technologies

  • Operations

  • Training in Detection, Analysis, and Response

  • Conducting Risk Assessments

More Information:

Aveshka Cyber Security Brochure



TransUnion finds innovative ways information can be used to help government make better and smarter decisions. We help uncover trends and insights behind data points, using historical information and alternative data sources. Through the power of information, TransUnion is working with both industry and government partners to build stronger insider threat programs that help protect our nation’s most important security programs.

More Information:



The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world's most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

How A Pharmaceutical Company Uses Exabeam To Tackle The Insider Threat Problem

More Information:



Your biggest asset is also your biggest risk. Whether it is trusted third parties, privileged users, or business users, people – and the lack of visibility many security teams have into their actions - pose the biggest security challenge to organizations. Insiders present a massive risk because they have been given access to critical applications, systems and data to do their jobs. With thousands of global customers across all major verticals, ObserveIT is the only insider threat management solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration.

More Information:



Digital Guardian is a next generation data protection platform purpose built to protect your organization’s most valuable asset – your sensitive data. Digital Guardian’s unique system, data and user awareness and deep visibility, combined with behavioral analytics, enables organizations to protect data regardless of the threat or system. Whether you face malicious or inadvertent actors, Digital Guardian provides the forensic evidence and the proactive controls to ensure your data doesn’t leave your organization in an unauthorized manner.

More Information:



Counterintelligence (CI) Awareness & Operations Security (OPSEC)

The National Security Agency’s (NSA) extensive and innovative security awareness program uses a multifaceted approach to continuously raise security, counterintelligence (CI), and Operations Security (OPSEC) consciousness. To achieve effective and timely security related education, training, and awareness, NSA’s CI Awareness and OPSEC organization provides security, CI, and OPSEC briefings; support to special programs and events; publications to raise awareness; and other security related products. Our most popular posters along with brochures, notepads, puzzles, desk tents, and other items will be available. Let us help you enhance your existing security/OPSEC awareness program or build a new one.


NSA Security Product Catalog

More Information:



Forcepoint, a market leader of insider threat solutions, has the most widely deployed set of insider threat technologies with an installed base approaching 1 million endpoints, delivering enterprise-scale user activity monitoring and [behavioral] analytics investigative professionals trust. Accelerate insider threat mitigation by identifying irregular behavior around high-value data and providing context to properly and holistically investigate. No matter where you are in your Insider Threat Program, Forcepoint can help.

More Information:



HID Global is the trusted leader in products, services and solutions related to the creation, management, and use of secure identities for millions of customers worldwide. Recognized for robust quality and innovation, HID Global is the supplier of choice for OEMs, integrators, and developers serving a variety of markets that include physical access control; IT security, including strong authentication/credential management; card personalization; visitor management; government ID; and identification technologies for technologies for a range of applications.

Product Overview Brochure

More Information:



Approximately 69% of data breaches are caused by insiders, either due to negligence or malicious intent. Jazz Networks helps protect against the insider threat by simplifying complexities of unpredictable human behavior and challenges with navigating enormous amounts of data.

The machine learning-powered platform increases visibility with sophisticated user behavior analytics (UBA), identifying what’s normal and alerting on what’s not. With millions of data logs organized logically, security teams can leverage behavioral context and real-time actions to enable faster time to resolution.

The unique Platform is comprised of the Jazz Infrastructure and Jazz Agents. The Jazz Infrastructure, which includes the frontend Graphical User Interface (GUI) and backend database and associated applications, can be deployed on premise or in the cloud.

Jazz Agents are then deployed on computers and servers to collect data and report it back to the Jazz Infrastructure. In an instance of no network connection, the agent continues to spool events and provides the information to the infrastructure upon reconnecting.

Jazz Network Data Sheet

More Information:



Technical Surveillance Counter-Measures (TSCM) Services
Oriustm Wi-Fi Directional Finder

ComSec LLC provides Electronic Eavesdropping Detection Services / Cyber TSCM Services. Our services detect traditional and cyber eavesdropping devices as well connectivity issues which can be exploited for eavesdropping purposes. Our services are also referred to as Security Sweeps, Electronic Counter Espionage, or TSCM Services. ComSec LLC’s services detect electronic corporate espionage threats, including those perpetrated by Insider Threats. We detect electronic eavesdropping devices from the very complex to spy shop type devices, as well as IMSI catchers, and Bluetooth, Wi-Fi and Internet of Things (IoT) vulnerabilities. Service areas include C-Suite offices, boardrooms, new construction, aircraft, yachts, and executive residences. We also offer contracted proactive services and in-conference monitoring services.

ComSec LLC is also the exclusive supplier of the ORIUSTM Wi-Fi Directional Finder, a portable hand-held device engineered to detect and locate any device transmitting data, video or audio over the Wi-Fi network. ORIUS™ performs a deep analysis of all the Wi-Fi devices in scanning range. Devices connected and unconnected to Wi-Fi networks are passively identified. ORIUS™ detects Wi-Fi Network anomalies and provides alerts on suspicious activities, new networks appearing, encrypted networks becoming un-encrypted and access point duplication or disappearance. ORIUS™ also alerts when targets appear in range and can expose un-authorized devices on the network, including hidden surveillance equipment transmitting data over the Wi-Fi network.

ComSec LLC has been providing TSCM/Cyber TSCM services since 2007. We offer services throughout the USA and globally. ComSec LLC’s services are commissioned using highly effective proprietary processes, highly skilled Specialists and the most advanced TSCM/Cyber TSCM available.

Oriustm Wi-Fi Directional Finder

More information:




Johns Hopkins University - Applied Physics Laboratory (JHU-APL)
Kossikoff Center
11100 Johns Hopkins Road
(Turn Right Off Of Johns Hopkins Road Onto Pond Road-See Map Under Parking Information Below)
Laurel, MD 20723-6099

More Information For JHU-APL


Lodging Guide
JHU-APL Visitor Guide   (See Page 8 For Hotels)



NITSIG ITSE JHU-APL Laurel, Maryland Map








Due to increased costs to host this event, the NITSIG will be charging a small fee to attend this event (Open To Non-NITSIG Members)




Limited # Of Tickets (500)

Registration Link


All substitutions must be received no later than 7 business days prior to the start of this event. Please send an email with your full name and organization, and the name, email and position title of the individual who be attending in your place. Please send substitute information to:

Substitutions made after this date will be processed at the event registration check-in.



Food / Beverages


Complimentary fresh baked morning muffins, danish and bagels. Served with regular and low-fat cream cheese, butter and jam.

Complimentary coffee, decaf coffee, hot tea, dispensers of ice water


$10.00 coupon provided to attendees to use at JHU-APL Cafeteria. This will cover most lunches.

Lunch is also available at surrounding food establishments.



Complimentary coffee, decaf coffee, hot tea, dispensers of ice water




Complementary WiFi will be provided.



The Symposium and Expo was excellent. It was great to hear all the speakers and I took away loads of information from each.

Renee Kinney
Booz | Allen | Hamilton

I really enjoyed the Insider Threat Symposium yesterday. You had great speakers presenting and there was a lot of valuable information shared. I look forward to the next symposium.

Stacey Abrey
Security Representative
Thales Defense & Security, Inc.

I wanted to thank you for your efforts to put on a great symposium today. I did get a chance to take in some great briefs, talk to some vendors about some really interesting products and do a lot of good networking. So, I would call that a big success. Please put me on the mailing list for future products and gatherings that NITSIG is a part of.

Patrick Thacker
Jacobian Enterises, LLC
Owner, Chief Insider Threat & Risk Management SME

Your inaugural conference was a clear success judging by the significant number of attendees who stayed until the very last hour. Steven McIntosh’s presentation was wonderfully organized and addressed many of the underlying issues associated with implementing Insider Threat Programs. Ron Ross (NIST), DeWayne Sharp (FBI), Greg Pannoni and Kathleen Branch also garnered good feedback, as did Mike Caimonao of Boeing. Lastly, you clearly hit a home run with Kurt Stammberger’s presentation of Norse’s insight into the Sony breach.

Cindy Faith
Cyber Security / Business Development Consultant


You must be a U.S. Citizen to attend this event. A valid Drivers License or U.S. Government issued ID is required at the door.



News Media
All News Media Representatives MUST BE APPROVED by the NITSIG to attend this event.



Continuing Professional Education Credits

Attendees will be eligible to earn 8 Continuing Professional Education (CPE) Credits to go toward your security certification CPE requirements.



NITSIG Membership
For more information on becoming a NITSIG Member (No Cost), please see the link below:


Please send any questions about this event via email to;

Or call; 561-809-6800




Copyright © 2014 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice