NATIONAL INSIDER THREAT SPECIAL INTEREST GROUP

INSIDER THREAT SYMPOSIUM AND EXPO AGENDA Johns Hopkins University Applied Physics Laboratory, Laurel, Maryland

July 18, 2017

PREMIER SPONSOR

Vendors

National Insider Threat Special Interest Group (NITSIG)

INSIDER THREAT SYMPOSIUM SPEAKER AGENDA

NITSIG ITSE Registration: 7:00Am To 7:45Am NITSIG ITSE Opening: 7:45Am To 8:00Am (NITSIG Board Members: Opening Remarks) Speaker # 1 8:05Am To 8:35am Jeff Maille: Deputy Director National Geospatial-Intelligence Agency Insider Threat Program Office Presentation Topic Insider Threat Future Challenges With the establishment and enhancement of Insider Threat Programs over the past decade, each and every member of our community has experienced different challenges and successes. Our workforce, the information we are trying to protect, and advancing technologies are some of the prime factors that continuously change our operational space. So what are the challenges of the future that will help take our profession to the next level and assure we can meet the mission tasks assigned by our leaders. Mr. Maille will discuss three challenge areas for future development that are critical to the success of our programs in both governmental and commercial environments. Speaker # 2 8:40Am To 9:10am Dr. Robert Gallagher: Operational Psychologist Senior Partner / Director Of Psychological Consultation And Training, Guardian Defense Group NITSIG Board Member / Scientific Director Presentation Topic Insider Threat Behavioral Indicators What Should The Insider Threat Program / Working Group Be Looking For? (What The Government Wants You To Look For. Stepping Outside Compliance - Other Behavioral Indicators Of Concern) Speaker # 3 9:15Am To 9:45Am Charles S. Phalen, Jr. : Director Of The National Background Investigations Bureau (NBIB) Presentation Topic Safeguarding the integrity and trustworthiness of the Federal workforce is a critical need and responsibility. The National Background Investigation Bureau (NBIB) was launched on October 1, 2016 as the primary service provider of background investigations for the Federal Government with the mission of delivering efficient and effective background investigations. Among his presentation topics, Mr. Phalen’s discussion will include NBIB’s mission and guidance on the background investigation process as well as the importance of continuous evaluation and reporting. BREAK 9:45Am To 10:00Am

Speaker # 4 10:05Am To 10:35Am Doug Thomas: Lockheed Director Of Counterintelligence Operations And Corporate Investigations / Insider Threat Program Presentation Topic Insider Threat Program Management Managing the day to day operations of an Insider Threat Program. (Developing an Insider Threat Program, Executing an Effective Insider Threat Program Aligned with Corporate Values, Challenges, Quick Wins, Data Sources For Insider Threat Detection, Handling An Insider Threat Concern / Incident, Tips etc.) Speaker # 5 10:40Am To 11:30Am Michael J. Lipinski: Securonix CISO & Chief Security Strategist Presentation Topic Using User And Entity Behavior Analytics And Big Data to Combat / Detect Insider Threat Many organizations have invested heavily in SIEM event monitoring software. While these solutions are effective for event collection and simple threat detection, they are not built for the sophisticated inside-actor based TTPs being employed by hackers today and tend to flood analysts with false alerts. Is it possible to add user-centric behavior analytics and machine learning capabilities to your existing SIEM in order to generate intelligence on critical threats against the entire IT environment? We will discuss how SIEM, UEBA and Big Data Logging are coming together to help tackle the new class of insider threats confounding SOC analysts today. LUNCH - NETWORKING: 11:30Am To 1:00Pm Speaker # 6 1:00Pm To 1:30Pm Mitch Kanefsky: Northrop Grumman Counterintelligence / Insider Threat Program Presentation Topic Creating The Big Picture Of A Potential Insider Threat From Multiple Data Sources This presentation will focus on the many elements that are needed for an effective Insider Threat Program. (Insider Threat Program Working Group: Stakeholder Communication and Sharing of Potential Employee Threat Information, Thinking Outside The Box Of Compliance Regulations and more). Mr. Kanefsky has extensive experience in the many different aspects of Insider Threats. Prior to beginning with Northrop Grumman, he served 25 years as a Special Agent of the FBI, and was assigned to the New Orleans Division, Baton Rouge Resident Agency, where he led public corruption, healthcare fraud, and bank fraud investigations. Mr. Kanefsky has been involved in investigative case work where he addressed several sensitive counterintelligence matters and National Security matters. Speaker # 7 1:35Pm To 2:05Pm FBI Special Agent Dewayne Sharp: FBI Insider Threat Center Presentation Topic Using The Situational Crime Prevention Model To Prevent Insider Threats Insider Threat Programs are typically reactive as they focus on analyzing employee behavior and encouraging the reporting of security violations. Most cyber security tool sets only cover network perimeters and trigger when a person commits a boundary violation. These efforts work to reduce the size of the population under scrutiny. Organizations rarely address reducing the environment which Insiders work within. An Insider Threat Program is only going to be moderately effective, if the organization does not spend resources to close gaps in the organization’s policies, business processes and security programs, which an Insider could exploit. During his discussion, Dewayne will present the Situational Crime Prevention Model and suggest ways organizations can use this model to limit the potential for Insider attacks

Speaker # 8 2:10Pm To 2:40Pm Jim Henderson: Insider Threat Risk Mitigation Expert NITSIG Founder / Chairman CEO Insider Threat Defense, Inc. Presentation Topic Data Exfiltration Using The Malicious Insider Playbook Of Tactics - Insider Threats Made Easy - James Bond 2017 This presentation / demonstration will focus on understanding simple techniques that "Malicious Insiders" can use to exfiltrate data and other valuable information from within an organization. These techniques have successfully been used to exfiltrate sensitive business information during Insider Threat Risk Assessments. Understanding the "Malicious Insiders Playbook" of options is critical. BREAK: 2:40Pm To 3:00Pm Speaker # 9 3:05Pm To 3:35Pm Tom Hofmann: Vice President Of Intelligence Flashpoint Deep And Dark Web Intelligence Experts Presentation Topic Utilizing Deep & Dark Web Intelligence To Address And Mitigate Insider Threats / Cyber Criminal - Insider Threat Collusion On The Deep And Dark Web Most organizations rely on open web sources, such as search engines, social media, and paste sites to identify insider threat scenarios. While useful, failing to monitor illicit forums and marketplaces on the Deep & Dark Web can leave an organization vulnerable to unforeseen attacks. Flashpoint’s comprehensive access to forums on the Deep & Dark Web enables quick detection and proactive mitigation of relevant threats. In one instance, Flashpoint identified a message posted to an elite cybercrime forum offering the sale of administrative-level access to a hospital database containing millions of PII records. Flashpoint was then able to identify the individual as a hospital employee. Using Flashpoint’s intelligence, the hospital was able to prevent the sale of database and take appropriate actions against the employee. This presentation will examine use-case examples to illustrate how Business Risk Intelligence (BRI) derived from the Deep & Dark Web can help organizations address threats, inform decisions, and mitigate risk. Speaker # 10 3:40Pm To 4:15Pm Shawn Thompson: Insider Threat Lawyer NITSIG Board Member / Legal Advisor CEO Of Insider Threat Management Group Presentation Topic Insider Threat Law - Legal Aspects Of Insider Threat Programs A Lawyer's Guide To Insider Threat Program Management / Legal Considerations. INSIDER THREAT DISCUSSION PANEL 4:15Pm To 4:50Pm CLOSING: 4:50Pm To 5:00Pm

Contact Information Jim Henderson, CISSP, CCISO Founder / Chairman Of The National Insider Threat Special Interest Group Phone: 888-363-7241 / 561-809-6800 www.nationalinsiderthreatsig.org jimhenderson@nationalinsiderthreatsig.org