top of page




With our unique combination of solution focused presentations, engaging speakers, energetic sponsors and attendess we are able to create a synergistic environment, suitable for all levels of interest. Each day of the event is planned with care to ensure the most exposure for everyone involved. Within this optimal setting for networking and learning, everyone will leave with a greater understanding of how best to counter insider threats with their new found resources.

DAY 1 - Monday, March 19th

Networking Check-in with Continental Breakfast

7:00AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE Steven Bay, Director-Threat Reconnaissance Unit, Security On-Demand; CISSP, Writer, Speaker

8:00 AM - 8:45 AM

Edward Snowden, the Ultimate Insider.


Abstract: Having served as Edward Snowden's boss at the time Edward fled the country with millions of Top-Secret NSA documents, Steven will share his inside story of what happened with Snowden. His presentation will illustrate how Snowden matched the profile of a malicious insider and provide lessons learned and solutions focused on information security and insider threats.

Jeff Huth, Vice President of Product Strategy at U.S. Information Services – Government Information Solutions at Transunion

8:45 AM - 9:35 AM

Data Driven Risk Indicators of Insider Threats


Insider risk programs use a combination of internal and external data on employees to highlight areas of risk.  External data can show predispositions and stressors that might put someone at a higher risk of deciding to do something nefarious.  In this presentation we will review our prior research and will provide updates on the best practices to use external data in insider risk programs.

Antonio "Tony" Rucci, Director, Information Security & Threat Intelligence at Information International Associates, Inc.

9:35 AM - 10:25 AM

Insider Threats Slipping Through the Cracks.

“Whatcha Gon’ Do ‘bout it?”


Your critical data… your corporate IP… your “secret sauce,” and then, trust has been compromised. Someone has gone rogue; or was negligent. Either way, it’s gone! 


In the ensuing aftermath, you’ll have to ask and address many hard questions… How did you get there? How did it happen? More importantly; What happened to the information? Where has it gone and end up? How do you get it back? Can you get it back? How do you move forward? What could you have done to prevent it? What can YOU do?


We’ll address these, and many other questions as we take a brief tour through several scenarios of the interrogatives of the Insider; addressing the Third-Order Effects and impact on things you may never be able to control, and maybe some which you can. Either way, it’ll be an interesting, entertaining journey from old-school risks and threats to the cutting edge - IoT, Smart-Yet-Scandalous Technologies, yes, you guessed it… we’re talking “Sex Toys.” Oh, come on, I’m not the first one to talk about it! Maybe the first one here though! You’ll stifle those chuckles when you see the results of years of dedicated research, and walk away with some how-to tips, and a smile.



10:25 AM - 10:35 AM

Please visit our sponsors, without them iTS4 would not be possible.

Harry Perper, Chief Engineer, The MITRE Corporation Senior Cybersecurity Engineer, National Cybersecurity Center of Excellence at NIST

10:35 AM - 11:20 AM

NCCoE: Increasing the adoption of standards-based cybersecurity technologies


Description: Identity and access management is one of the pillars of cybersecurity that directly address the issues of insider threats.   The NCCoE will discuss its identity and access management projects.  The projects are based on standards based cybersecurity technologies.  The goal of this presentation is to convey the concepts the center has developed to integrate available technologies to address current identity and access management challenges.

Nat Bongiovanni, Chief Technology Officer at NTT Data Services

11:20 AM - 12:00 NOON

The Intersection of Knowledge and Trust: Making “Need to Know” Work

Multiple major compromises have occurred because people and/or devices had access to information that was not related to their function at all. A primary question should be “Why did they have access?”

This presentation will demonstrate an approach for your organization to implement “need to know” using Attribute Based Access Control (ABAC). ABAC cultivates the nuanced approach necessary to define who gets access to what in today’s dynamic digital environment in contrast to the traditional Role Based Access Control (RBAC) methodology.

NTT DATA’s ABAC methodology is designed to work in a dynamic environment where access to knowledge is governed by the “need to know” and granted to those who can be trusted.


12:00 NOON - 1:00 PM

Brandon Bean, Chief of Regional Support - West at Department of Defense

1:00 PM - 1:45 PM

Where is your HITL?

With machine learning taking the front seat in insider threat detection, organizations must ensure that they do not overlook the most vital part of the Insider Threat Detection Team: The Human-In-The-Loop (HITL). This presentation will look at the value of the HITL and provides vignettes where the HITL proved critical to the success of Insider Threat Detection.

Chris Grijalva, Chief Technologist at GCE

1:45 PM - 2:30 PM

Killer Robots and Other Crazy Ideas

A look at the potential future with regards to AI and Insider Threat. Exploring some possible near future scenarios and what the implications are. 



2:30 PM - 2:40 PM

Charlie Sowell, Chief Operating Officer of iWorks Corporation

2:40 PM - 3:10 PM

Lessons Learned from a Fancy Bear Target

In 2015, the Russian government-aligned cyberespionage group “Fancy Bear” targeted more than 500 U.S.-based people and groups in a concentrated spear-phishing attack. Many were long-retired, but about one-quarter were still in government or held security clearances at the time they were targeted. The attack on personal Gmail accounts uncovered a gap in our security processes. Although the FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists, they did not notify the targets. When DSS was notified 87 of the emails belonged to cleared defense contractors, they stated “We simply have no insight into or oversight of anyone’s personal email accounts or how they are protected or notified when something is amiss.” Charlie Sowell, one of the targets, discusses his experience with this attack that exposed gaps in victim notification responsibility.

Dr. Adam Sorini Managing Scientist with Dr. Dustin Burns Scientist from Exponent

3:15 - 4:00 PM

Forensic Investigations of Alleged Data Exfiltration

Exponent will present analysis techniques and tools employed to investigate cases involving alleged 

data exfiltration by one or more insiders, including discussion of the complexities of the analyses and questions that often arise during such forensic investigations.

KEYNOTE Warren Yu, Chief Learning Officer, Cebrowski Institute for Innovation at the Naval Postgraduate School

4:05 PM - 5:30 PM


Radically Cutting the U.S. Navy’s Killchain - An Intrapreneurial DevOps Workshop


This provocative, disruptive discussion about improving our federal government’s ability to manage change stems from the executive education of our nation’s Admirals, Generals, and Senior civilian leadership. Condensed from 33 years to 90 minutes, this multimedia presentation uses digital storytelling and motion graphics. 


Intended learning outcomes center around thinking, innovation, balance and how to sow a culture of Learning.

* Audience members should consult a physician beforehand if they possess health conditions like:

  • Heart trouble, high blood pressure, or motion sickness 

  • Infatuation with bureaucracy or an aversion to heretics

  • Bodily control issues that may prevent them from properly bracing themselves during the presentation

*Rated R

Closing Comments and Networking Reception in the Ferrantes Room

5:30 PM - 8:30 PM

Closing comments including important event highlights will be given by iTS4 moderator, Paul Temple. Please enjoy our networking reception, at the top floor of the  Marriott in the Ferrantes Room with the best Views in Monterey Bay!

Please reload

DAY 2 - Tuesday, March 20th

Networking Check-in with Continental Breakfast

7:00 AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Brian Contos, CISO and VP of Technology Innovation at Verodin

8:00 AM - 8:45 AM

Grandmothers, Gangsters, Guerrillas and Governments


This presentation will explore threat actors including insiders, cybercriminals, hacktivists and nation-states. We will dissect how these actors operate and analyze their techniques to better understand what makes each group successful. This presentation will translate the “who, how and why” of cyberattacks. We will identify multiple “old school” and modern-day threat vectors and organize attacks by motives like financial and political. Each threat actor type will be explored in detail with real-life use cases and personal accountants based on my work in security in over 50 countries and 6 continents for the last 20 years.

Brandon Porter, Assistant General Counsel with Juan Cole Vice President, Strategy and Solutions Consulting, Government Services, Equifax Inc.

8:45 - 9:35 AM

The Missing Link in Threat Mitigation - The Human Aspect of Motivation & Behavior


Unlike negligent employees who may accidentally cause a breach, malicious insiders make a choice to act based on personal life circumstances and motivations.  An effective Insider Threat program requires a 360 view of personnel that integrates not only internal and contextual data but also relevant external data about an insider’s activities. User behavior outside of the network or the work environment is sometimes the missing link in threat mitigation as it may be indicative of their likelihood to be a potential threat.   Join us as we discuss the value and regulatory implications of leveraging 3rd party data, provide guidance on the use of the most-up-to-date available financial, employment and criminal data in continuous evaluation, and explore the possibilities of leveraging data-driven behavior insights as a missing link to mitigate insider threat. 

Arshad Noor, CTO and Founder of StrongAuth, Inc.

9:35 AM - 10:25 AM

FIDO at the NCCoE

The National Cybersecurity Center of Excellence at NIST has been leveraging the use of Fast Identity Online (FIDO) protocols to address thorny problems in multiple areas, specifically Public Safety/First Response, e-Commerce, and Property Management Systems.  This presentation will discuss two of the projects, describing how FIDO played a role in delivering more security while simplifying business processes.  A brief introduction to FIDO and its impact on the security ecosystem will also be presented.



10:25 AM - 10:35 AM

Please visit our sponsors, without them iTS4 would not be possible.

Dean Clemons, Director of Cybersecurity Advisory Services for the US Public Sector region within DXC Technology

10:35 AM - 11:20 AM

Insider Threat: Evolving Threat Demands Evolving Response

Mr. Clemons’ presentation will be  a walk through the evolution of the insider threat and the commensurate technical response required to thwart the threat.  The presentation will examine the evolution of countermeasures from single point monitoring through technical countermeasures built around context and insider behavior coupled with the analytics platforms that have shown merit in this space.

Joshua Crumbaugh, Developer of the Human Security Assurance Maturity Model (HumanSAMM) and Chief Hacker at PeopleSec

11:20 AM - 12:00 NOON

Top 10 Epic Human Security Fails - Creating an effective security awareness culture. 


This talk will outline the top 10 mistakes related to human security and why most companies are still failing. This will be followed up with actionable data derived from real-world training program successes and failures. Attendees will learn how to measure human risk accurately and most importantly how to remediate that risk. 

Each mistake and misconception will come with a lesson learned, and these experiences can be used to create an effective security awareness program that will practically eliminate malware incidents. During the talk, I will review a case study of a business that was able to use these methodologies to take their non-weighted risk from 5. 7% to . 12% in less than 180 days. I will also discuss critical metrics and how to get the data you need to be successful in human security. 


12:00 NOON - 1:00 PM

Don Graham, Director at Radiant Logic, Inc.

1:00 PM - 1:45 PM

 Federated Identity: The Foundation for Access Rights Management and Making “Need To Know” Work

This session will outline a strategy for leveraging current investments in existing identity sources to build a coherent, consistent identity that can be used across all IAM initiatives to ensure that actors are who they say they are and to provide granular access to only the things these actors should have access to.  We will focus on reference implementations at NIST/NCCoE and NTT Data as described in their respective sessions but also provide broader examples of the value of identity as the foundation and glue for IAM initiatives.

Dr. Venkat Rayapati, Founder & CEO of Cyber Forza, Inc.

1:45 PM - 2:30 PM

 Benefits of a Cognitive AI based Insider Threat Prevention System


​​Today’s innovative workplace environment allows employees to easily gain access to an organization’s critical and sensitive data. This innovation has increased the risk of insider threat from 11% to 40% over the last few years and organizations are now losing billions of dollars per year, some without knowing it. Insiders can attack in five separate ways: IT sabotage, fraud, intellectual property theft, organization security espionage and employee negligence, which result in organizations losing billions of dollars per year. We will discuss the benefits of implementing a Multi-layered cyber security defense approach to Detect, Identify and Prevent (DIP) with Cognitive AI at its core. This presentation will cover live use cases of insider threats include: Mission Critical Business Assets, Data Loss, Data Integrity, Data Forensics, IP Theft, Security Policies, Real Time Monitoring (RTM) and prevention. Practical internal threat prevention methods and use cases for the real world will be presented.


2:30 PM - 2:40 PM

Nickolas Golubev, Chief of Engineering and Architecture at Advanced Onion

2:40 PM - 3:10 PM

A Whiskey Framework to Get Down and Dirty with Q&A

It's your turn, this session reverses the roles allowing the attendees to ask Nickolas challenging questions, or bring up pressing topics you and your team find yourself faced with. Bring a list of questions or ask him one big important one, as long as questions are kept within the realm of his expertise he will do his best to answer and provide his fresh perspective, insights and intelligent solutions. Nick specializes in the following areas:


• Cyber Security 

• Risk Management Framework (RMF)

• System Compliance and Automation

Presentation Slot Available

4:00 PM - 4:45 PM

Closing Comments

5:00 PM - 8:30 PM

Closing comments including important event highlights will be given by iTS4 moderator, Paul Temple. Thank you for attending and making this event unique!

Please reload

All event times are subject to change without notice. We appreciate your understanding.

bottom of page