National Insider Threat Special Interest Group (NITSIG)

U.S. / Global Insider Risk Management (IRM)

Information Sharing & Analysis Center

 

Educational Center Of Excellence For IRM & Security Professionals

 

 

 

PREMIER SPONSOR

COGILITY
Whole Person, Counter-Insider Threat Management Platform

 

 

 

 

ABOUT THE NITSIG
The NITSIG was created in 2014, to function as a National Insider Threat Information Sharing & Analysis Center. We are very proud that we have accomplished this goal, from the continued growth of the NITSIG membership, and the very positive comments we continue to receive from our membership, and from others who attend our meetings and events.

The NITSIG Membership is the largest network (1000+) of Insider Risk Management (IRM) Professionals in the U.S. and globally. The willingness of our members to collaborate and share information among the membership has been the driving force that has made the NITSIG very successful. There is NO CHARGE to become a NITSIG Member. (Join NITSIG)

Attendees of NITSIG meetings, workshops and ITS&E events have provided the NITSIG will exceptional comments that be found on this link.
 

If you are interested in learning more about just how damaging (Million To Billions) an Insider Threat incident can be to an organization, the monthly Insider Threat Incidents Reports produced by the NITSIG, provide an EYE OPENING view.
 


ITS&E OVERVIEW
The NITSIG ITS&E was created in 2015 specifically for individuals interested in gaining in-depth knowledge related to Insider Threat Program Development, Management, Evaluation & Optimization and IRM.

The will be the 5th ITS&E. Other ITS&E events were held in 2015, 2017, 2018, 2019.

 

The NITSIG will be holding the ITS&E on March 4, 2025, at the Johns Hopkins University Applied Physics Laboratory (JHU-APL, Laurel, Maryland), in the Kossiakoff Center. The event starts at 8AM and ends at 5PM. Registration information is located further down this page.

 


SYMPOSIUM OVERVIEW
The NITSIG has lined up another group of outstanding speakers for this event, that have real word experience in managing or supporting IRM Programs. The confirmed speakers can be found further down this page. The speaker agenda is being finalized.

This years ITS&E is being enhanced to better support the attendees of this event. In addition to our speakers, the ITS&E will feature a panel of experts that will discuss a variety of IRM topics.

 

 

The ITS&E Will Provide Attendees With The In-Depth Knowledge That Is Critical For An IRM Program In The Following Areas And More

  • Guidance on the Legal Considerations for an IRM Program

  • Guidance on how to gain buy-in from the CEO and key stakeholders to support and enhance the IRM Program

  • Guidance on how to identify your organizations existing IRM capabilities / security foundations and the additional security investments ($$$) needed for a comprehensive IRM Program

  • Guidance on how to identify, prevent and mitigate the risks and threats caused by malicious / disgruntled employees that can be very costly and damaging

  • Guidance on how to develop, manage, evaluate and optimize an IRM Program that is comprehensive, and goes beyond compliance regulations such as National Insider Threat Policy and NISPOM Conforming Change 2

  • Guidance on understanding the many underlying and interconnected components that are critical for a holistic and robust IRM Program

  • Guidance on understanding how to approach IRM from a Strategic, Operational and Tactical perspective

  • Guidance on evaluating your organizations existing Insider Threat Detection capabilities for computer systems and networks

  • Guidance on understanding how artificial intelligence (AI) can be used for identifying insider risks and threats, to create a holistic / whole person profile that will better enable an organizations ability to prevent or mitigate harmful actions by employees
     

The ITS&E brings together individuals from the U.S. Government, Department Of Defense, Defense Contractors, Intelligence Agencies, Law Enforcement, Critical Infrastructure Providers, Universities, private sector companies and others interested in IRM.

The ITS&E features expert speakers, engaging panel discussions, interactive sessions, vendor technologies and solutions, and networking with IRM practitioners.

 

2025 ITS&E Brochure

2025 ITS&E Agenda

 

 

Symposium Speakers

The Following Speakers Will Be Presenting.

 

Larry Knutsen / Retired CIA Insider Threat Program Manager

Topic: IRM Program Development, Management Evaluation & Optimization

  • Mr. Knutsen will discuss the many complexities and interconnected cross departmental components that are needed for a comprehensive IRM Program. (Bio Page 9)

  • Mr. Knutsen is a retired Senior Intelligence Service Officer with the Central Intelligence Agency (CIA), with 30 years of service.

  • He was responsible for creating the vision, and leading the implementation and management of the CIA's sophisticated Counterintelligence and Security Technical Insider Threat Detection Program, which became recognized as the ‘Gold Standard’ for the U.S. Government and Intelligence Community Agencies.

  • He a CIA team of technical and policy experts, in response to unauthorized disclosure of classified information to WikiLeaks.

  • He has supported both commercial and government customers to enhance their IRM Programs.

 

 

Frank Greitzer, PhD / Chief Behavioral Scientist For Cogility Software


Topic: Advanced Behavioral Analytics For Predictive Insider Threat Mitigation

  • Dr. Greitzer is the Chief Behavioral Scientist at Cogility Software. He is also the Principal Scientist of his consulting company, PsyberAnalytix, which he founded in 2012.
     

  • An internationally recognized researcher in the intersection of social / behavioral sciences and information security / insider threats, Dr. Greitzer has supported the development and deployment of predictive analytic counter-insider threat tools and resources for over twenty years, including the widely used insider threat risk indicator knowledge base, Sociotechnical and Organizational Factors for Insider Threat (SOFIT).
     

  • Dr. Greitzer's previous roles include work as a research psychologist for the US Department of Defense, a human factors and AI researcher in the aerospace industry and he served for twenty years as a Chief Scientist in cognitive informatics at the U.S. Department of Energy’s Pacific Northwest National Laboratory.
     

  • Dr. Greitzer served as editor-in-chief for the inaugural issue Counter-Insider Threat Research and Practice. His contributions to research and practice include numerous journal articles, conference papers, and invited talks.
     

  • The presentation will discuss his research on insider risk indicators and the SOFIT knowledge base, which informs a holistic, unified threat assessment modeling approach that applies advanced concepts for whole-person insider risk mitigation within Cogility's continuous intelligence platform, Cogynt, which integrates artificial intelligence (AI), streaming analytics, and case management to augment IRM decision-making.


Dr. Amanda Najjar, PhD / Licensed Clinical Psychologist & Threat Assessment Professional


Topic:  Behavioral And Psychological Considerations For The Assessment And Mitigation Of Insider Threat

  • Dr. Najjar has a background in psychological assessment and forensics, and previously served as the team lead of the Insider Threat Mitigation Program at a Department of Defense sub-agency.

    She will provide an overview of a behavioral approach to the assessment and mitigation of insider threats.
     

  • Specific areas of focus for this presentation include psychiatric and personality risk indicators, how these indicators are incorporated into a threat assessment model, and strategies for their mitigation. Relevant case examples will be reviewed.

 

Todd Masse & Bill Smith / JHU- APL IRM Program

Topic: Building Excellence And Dynamism Into Mature IRM Programs

  • Mr. Masse and Mr. Smith bring a wealth of knowledge from managing and supporting the IRM Program for JHU-APL.

  • Their presentation will focus on the challenges of managing and investigating insider risks and threats from a programmatic and analytical perspective. (Bio Page 13).

..888.

 

 

Kevin Burton / Vice President, IRM Lead At Synchrony Financial
Topic: IRM Programs From A Banking Perspective

  • Mr. Burton brings his deep expertise in banking and cybersecurity to the IRM landscape.

  • Mr. Burton manages the IRM Program and technical investigations at Synchrony Financial.

  • The presentation will focus on the unique challenges and strategies for managing insider risks within the banking sector. (Bio Page 12)

  • Mr. Burton was previously the Director of Cyber Insider Threat and Technical Investigations at Capital One.

 

Zak Lewis / EchoMark

 

Topic: EchoMark Insider Threat Leak Detection Tool

  • Mr. Lewis will provide insights into EchoMark’s Insider Threat Leak Detection solution using invisible embedded forensic watermarks (Text, Image) that can both deter unauthorized sharing and also trace information wherever it ends up.

  • Whether it’s a forwarded email, a printed document, or a shared file, you can effectively use EchoMark to safeguard your most sensitive data and communications.
     

  • A product overview and demonstration of their revolutionary new product will be provided.

 

Bob Barbour/ Workforce Continuous Evaluation
Topic: Full Spectrum Enterprise Insider Threat And Trust Screening Solution

  • Mr. Barbour of TRUA will discuss how traditional background checks provide only provide a snapshot in time, while continuous monitoring allows for the ongoing identification of potential risks and issues as they arise. This enables organizations to promptly address any new concerns about an individual’s background behavior.
     

  • By continuously monitoring for changes in an individual’s status, such as criminal records or other red flags, organizations can enhance the overall security and safety of their operations and protect against potential threats.
     

  • Continuous monitoring helps organizations maintain compliance with relevant regulations and industry standards that require ongoing vetting and monitoring of personnel, such as in the financial services or healthcare sectors.
     

  • While traditional background checks can be expensive, especially when repeated, continuous monitoring can lead to cost savings in the long run by reducing the need for redundant checks and mitigating the potential financial impact of security incidents or compliance violations.
     

  • Mr. Barbour is a 30+ year, legal, regulatory and risk executive who has held multiple senior executive positions, including Senior Vice President at Thomson Reuters and Head of Workforce Risk Strategy at TRUA.

 

Deidra Bass / Director Navy Insider Threat Program
Topic: Lines Of Operation And Mission Areas Of The Navy Insider Threat Program To Prevent, Detect, Deter And Mitigate Potential & Malicious Insider Threats

  • Ms. Deidra Bass, former Navy Veteran, currently serves as the Director of the Naval Intelligence Insider Threat Program (NIA N72) within the Naval Intelligence Activity (NIA).

  • Ms. Bass is responsible for the direction, governance, operations and resourcing of the Navy Insider Threat Program (InTP), to include the effective operations of the Policy and Resourcing Staff, Navy Analytical Hub, User Activity Monitoring (UAM), Random Polygraph Program for Privilege Users, and Strategic Communications and Engagement. In addition, she serves as an advisor to the Deputy Chief of Naval Operations for Information Warfare and to the Deputy Director of Naval Intelligence and Assistant Director of Naval Intelligence (DDNI/ADDNI) on all Insider Threat operational and programmatic matters.
     

  • Ms. Bass served as the Naval Intelligence (NAVINTEL) Chief Information Security Officer (CISO) responsible for the cybersecurity posture of over 800+ afloat, submarine, and ashore systems. In this role she directly supported the NAVINTEL Chief Information Officer (CIO). Ms. Bass has also served as the Chief of Naval Operations Staff OPNAV N2N6Q4 Intelligence Enablers Portfolio Resource Sponsor with programmatic resource sponsorship for over 33+ programs ensuring the health, wholeness, and proper funding to meet U.S. Navy mission requirements.

 

 


 Department Of Defense Insider Threat Management Analysis Center (DITMAC)
 

Andrew Frick & Melissa Tignor


Topic: Data & Key Performance Indicators (KPIs) / Behavioral Indicators


Mr. Andrew Frick and Mrs. Tignor will present common behavioral indicators and trends within the DoD and highlight the enterprise services provided by DCSA at the DITMAC in combating Insider Threat.

 

 

Discussion Panel

In addition to our speakers, the ITS&E will feature a panel of experts that will discuss a variety of IRM topics.

This panel will be interactive allowing the audience to ask questions of the panel members, regarding the many critical components and complexities that are involved with an IRM Program.

 

This panel is composed of NITSIG Advisory Board Members, who have extensive experience managing and supporting IRM Programs for the U.S. Government, DoD, Intelligence Community Agencies, Defense Contractors, Universities and private sector companies.

 

 

EXPO OVERVIEW

The Expo will provide attendees with visibility into proven technologies and services (Currently Used By The U.S. Government / Private Sector) for IRM. If you want to learn more about Employee User Activity Monitoring / Behavioral Analytical Tools, this is the event. 

 

Vendors

Would your company be interested in exhibiting at the expo?

 

This is a very important event for your company to showcase its solutions, services and expertise in mitigating Insider risks and threats.

 

This is also a great opportunity to collaborate with attendees on finding out their interests, needs and challenges related IRM.

 

If your company is interested in exhibiting at this event, and has questions, please contact Jim Henderson via email; jimhenderson@nationalinsiderthreatsig.org , or call; 561-809-6800.

 

Vendor Brochure

Vendor Registration

 

Vendors will be listed below as they register for the expo.
 

 

REGISTRATION

$69
 

The NITSIG has a long standing reputation for having quality expert speakers, who have real world experience in developing, implementing and managing IRM Programs. The cost to attend is very reasonable compared to other similar events charging as much as $699 to attend.
 

The Cost Will Include:

Continental Breakfast (Bagels, Pastries, Muffins, Fruits, Coffee)

Lunch (Assortment Of Sandwiches, Chips, Cookie, Water, Refreshments)

Free Parking

Free Wi-fi

Please Note

  • You must be a U.S. Citizen to attend this event. A valid Drivers License or U.S. Government issued ID is required at the door.

  • The event IS NOT open to the News Media.

  • Attendees will be eligible to earn 8 Continuing Professional Education (CPE) Credits to go toward your security certification CPE requirements.

Cancellations / Refunds
All cancellations must be received via e-mail 15 days prior to this event. Please send an e-mail to jimhenderson@nationalinsiderthreatsig.org to cancel your registration.

Attendee Substitutions
All substitutions must be received via e-mail 7 business days prior to this event. Please send an email with your full name and organization, and the name, email and position title of the individual who be attending in your place. Emergency last minute substitutions will be processed at the event registration check-in.  Please send substitute information to: jimhenderson@nationalinsiderthreatsig.org

 

 

LOCATION INFORMATION
Johns Hopkins University - Applied Physics Laboratory (JHU-APL) Kossikoff Center
11100 Johns Hopkins Road, Laurel, Maryland, 20723-6099

Directions To JHU-APL
JHU-APL Campus Map / Parking Locations
 

 

HOTEL ACCOMMODATIONS
Hotel Next Door To JHU-APL
Homewood Suites By Hilton
7531 Montpelier Rd, Laurel, MD 20723
Phone: 240-360-2725
https://www.hilton.com/en/hotels/balcmhw-homewood-suites-columbia-laurel

 

 

VENDORS EXHIBITING

 

 

COGILITY SOFTWARE - COUNTER-INSIDER THREAT MANAGEMENT PLATFORM

Cogility’s Counter-Insider Threat (C-InT) provides a whole person approach to detect, prevent, and mitigate insider threats.

 

Cogility continuously monitors and analyzes both technical and behavioral potential risk indicators (PRIs) at machine-speed to identify insider threats with full explainability.

 

Combining flexible data ingestion, advanced behavioral analytics, no code risk modeling, and end-to-end case management - Cogility modernizes C-InT programs to help organizations more efficiently and effectively respond to and avoid incidents.

 

More Information
 https://cogility.com/counter-insider-threat-intelligence/

 

 

INSIDER THREAT DEFENSE GROUP
 The Insider Threat Defense Group (ITDG) is the premier provider of  Insider Risk Management (IRM)  Program Training and Consulting Services.


The ITDG Has Provided IRM Program Training / Consulting Services To An Impressive List Of 700+ Clients:

White House, U.S. Government Agencies, Department Of Homeland Security, TSA, Department Of Defense (U.S. Army, Navy, Air Force & Space Force, Marines) Intelligence Community (DIA, NSA, NGA) FBI, U.S. Secret Service, DEA, Law Enforcement, Critical Infrastructure Providers, Universities, Fortune 100 / 500 companies and others; Microsoft Corporation, Walmart, Home Depot, Nike, Tesla Automotive Company, Dell Technologies, Nationwide Insurance, Discovery Channel, United Parcel Service, FedEx Custom Critical, Visa, Capital One Bank, BB&T Bank, HSBC Bank, American Express, Equifax, TransUnion, JetBlue Airways, Delta Airlines, Royal Canadian Mounted Police and many more. (Full Client Listing)

Over 1000+ Individuals Have Attended ITDG Training Courses And Received Certificates / Credentials As A:

  • Insider Threat Program Manager

  • Insider Risk Program Manager

  • Insider Risk Management Program Evaluator & Optimization Specialist

  • Insider Threat Investigator & Analyst

Our client satisfactions levels are in the exceptional range. We encourage you to read the feedback from our clients.

 

More Information
 www.insiderthreatdefensegroup.com

 

 

TRUA WORKFORCE CONTINUOUS EVALUATION (TRUA-CE) SOLUTION

The TRUA-CE solution provides real-time insights into an individual’s background and behavior and empowers organizations to make more informed decisions about employee onboarding, retaining, or terminating personnel based on up-to-date information.

TRUA-CE enables a proactive approach to risk management, by identifying potential workforce issues before they can escalate or cause harm, allowing for timely mitigating and prevention measures.

More Information
https://truame.com/trua-ce/

 

 

ECHOMARK INSIDER THREAT LEAK DETECTION TOOL

EchoMark offers a powerful solution that can detect leaks by forensically watermarking documents, images, and emails.

 

EchoMark uses a variety of invisible watermarking techniques to individualize content for each viewer, ensuring that you can trace leaks as soon as they happen.

Detailed analytics let you know when each recipient viewed your file and where they spent the most time. Revoke access if you have any concerns.

Whether information was leaked via email, printout, or photo, EchoMark provides an invisible solution using steganography to find the source within minutes. Advanced features like natural language versioning and computer vision detection help further ensure tracking success. (More Information) (Try For Free) (Demo)
 

More Information
 www.echomark.com

 

 

LEXISNEXIS SPECIAL SERVICES, INC.

LexisNexis Special Services Inc. (LNSSI) was founded to help government agencies create actionable intelligence and deliver data-driven decisions. We deliver a comprehensive suite of solutions to arm government agencies with superior data, technology, and analytics to support mission success. We are committed to innovation and continue to bring new solutions to our government partners to solve some of the most pressing challenges facing our nation.

 

More Information
www.risk.lexisnexis.com/le

 

 

ACALVIO

Acalvio is the leader in autonomous cyber deception technologies, arming enterprises against sophisticated cyber threats, including APTs, insider threats, and ransomware. Its AI-powered Active Defense Platform, backed by 25 patents, enables advanced threat defense across IT, OT, and Cloud environments. Additionally, the Identity Threat Detection and Response (ITDR) solutions with Honeytokens enable Zero Trust security models. Based in Silicon Valley, Acalvio serves midsize to Fortune 500 companies and government agencies, offering flexible deployment from Cloud, on-premises, or through managed service providers.

 

More Information
www.acalvio.com

 


TRANSUNION
TransUnion provides access to a full suite of data- and analytics-driven solutions to proactively detect potential risks to your organization. Seamlessly integrated with your existing threat mitigation and trusted workforce programs, you'll be able to continuously evaluate your organization’s population to identify potential insider threat risks at all levels. The result: Timely knowledge to address potential threats before they occur.

More Information
 www.transunion.com/industry/public-sector

 

 

 

DTEX SYSTEMS

As the trusted leader of insider risk management, DTEX transforms enterprise security by displacing reactive tools with a proactive solution that stops insider risks from becoming data breaches. DTEX InTERCEPT™ consolidates Data Loss Prevention, User Activity Monitoring, and User Behavior Analytics in one lightweight platform to enable organizations to achieve a trusted and protected workforce. Backed by behavioral science, powered by AI, and used by governments and organizations around the world, DTEX is the trusted authority for protecting data and people at scale with privacy by design.

 

More Information
www.dtexsystems.com

 

 

RED VECTOR
Red Vector empowers Security Executives to take control of insider risk by providing unparalleled visibility and clarity through proactive detection, automation, and AI-driven risk modeling. Unlike traditional SIEMs and UAM tools, Red Vector’s Fulcrum delivers actionable intelligence by correlating cyber, behavioral, and HR data, cutting through the noise to provide context-rich insights. With seamless integration into existing security stacks—such as SIEM, UEBA, and ITSM systems—Fulcrum offers a single pane of glass to streamline operations and enhance your Cybersecurity Infrastructure. Its automated investigation and response capabilities reduce workload and alert fatigue for security teams, ensuring efficiency and focus where it matters most. And with a swift 30-day or less deployment, Fulcrum accelerates your path to a more secure and resilient organization.

More Information
www.redvector.ai

 

 

GURUCUL
Gurucul is the only cost-optimized security analytics company founded in data science that delivers radical clarity about cyber risk. Our REVEAL security analytics platform analyzes enterprise data at scale using machine learning and artificial intelligence. Instead of useless alerts, you get real-time, actionable information about true threats and their associated risk. The platform is open, flexible and cloud native. It conforms to your business requirements so you don't have to compromise. Our technology has earned us recognition from leading industry analysts as the most Visionary platform and an Overall leader in product, market and innovation. Our solutions are used by Global 1000 enterprises and government agencies to minimize their cybersecurity risk. To learn more, visit Gurucul.com and follow us on LinkedIn and Twitter.
 

 

For the most up to date information on the ITS&E, please send an e-mail to: jimhenderson@nationalinsiderthreatsig.org

and you will be added to the distribution list for the NITSIG and ITS&E

 

 

Copyright © 2019 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice

 

U