top of page


With our unique combination of solution focused presentations, engaging speakers, energetic sponsors and attendess we are able to create a synergistic environment, suitable for all levels of interest. Each day of the event is planned with care to ensure the most exposure for everyone involved. Within this optimal setting for networking and learning, everyone will leave with a greater understanding of how best to counter insider threats with new found resources.

DAY 1 - Wednesday, April 17th

Networking Check-in with Continental Breakfast

7:00AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Mr. Terry L. Carpenter Jr., Program Executive Officer, National Background Investigation Services (SES Tier 2) at DISA

8:00 AM - 8:45 AM

Building the foundation for AI; NBIS Enterprise Architecture and AI Approach

Detecting insider threats is particularly challenging and requires analysis of cyber and non-cyber information.  The Defense Security Service and the National Background Investigation Services (NBIS) Program Executive Office (PEO) are pursuing a project to improve insider threat detection by leveraging AI to search for anomalous employee behaviors. Partnering with the Army Analytics Group, we’re building machine learning models that include security clearance, background investigation, security records, and personnel records (if / when available).  The goal is to give context to the artificial intelligence capability as it seeks to interpret anomalies in user monitoring cyber data.  If successful, we will be able to detect changes in behavior much earlier and with greater granularity while keeping the identity of the individual masked unless and until absolutely necessary.  If unmasked, we’ll put supervisors in a position to have a positive impact on the individual’s future through early intervention.

Nat Bongiovanni, Chief Technology Officer at NTT Data Services

8:45 AM - 9:30 AM

Integrated Access Management – Decisions at the Speed of Machines

Role based access control (RBAC) has its shortcomings but RBAC risk can be mitigated with attribute based access control (ABAC). Effective control of insider threat occurs at the intersection of knowledge and trust and limiting access to sensitive information based on subject attributes is an effective means of reducing insider threat risk. In the future organizations will leverage existing enterprise systems as both the source of subject attributes and object attributes thus providing a paradigm where enterprise business systems provide the information (attributes) for access control and a centralized policy server becomes the decision point. 


The next step in a securing your enterprise is implementing, technologies for monitoring behavior of users and processes that can either automatically restrict or grant access based on what users are doing or attempting to do. Those decisions can happen in real-time fundamentally changing the threat paradigm. In this session we’ll discuss how to develop a framework for implementation of access control in the context of behavior. It will include a brief discussion of technologies that can identify anomalous behavior including artificial intelligence. The approach for making decisions, integrating those decisions into access control using attributes, and leveraging an Integrated Access ManagementSMsolution that provides real time protection for sensitive data. Thus mitigating the risk of information loss due to insider threat.

Antonio "Tony" Rucci, Director, InfoSec & Threat Intelligence for GRIDSMART Technologies, Inc.; Counterintelligence Special Agent (Retired)

9:30 AM - 10:15 AM

Crawling Through the Trenches

“The Insider Threats We Find During Pentests and Incident Response”

Penetration Tests, Passive Network Assessments and Self Assessments are important elements to your proactive security strategy for your company and clients, providing a LOT of value in a short period of time. We’ll address how these play out as we take a brief tour through a series of data breaches and network assessments with which we were engaged, where both malicious and unintentional Insider Threats played a significant role. We’ll address the Third-Order Effects and impact on things you may never be able to control and maybe some which you can. Regardless, transparency is paramount and, in this day and age of social media engagement coupled with corporate culture, your “Bad Day In the Office” is going to get out one way or another. The world is getting smarter while business continues to struggle with the basics. Are you ready to step up and “Own It” when things go sideways?

Data Breaches Will Happen… How You Respond Defines Your Company! #InsiderThreats



10:15 AM - 10:25 AM

Please visit our sponsors, without them ITS5 would not be possible.

Charlie Sowell, Chief Operating Officer at iWorks

10:25 AM - 11:05 AM

 Keeping Your Insiders from Becoming Outsider Threats

Most insider threat activities rightly focus on detecting and mitigating threats from insiders. As three recent counterintelligence cases demonstrate, the threat insiders pose is not limited to their time with your organization. Former employees can still cause damage years beyond their last day with you. This discussion explores ways to reduce the likelihood of former insiders becoming outsider threats. For example, some IC agencies provide formal after-care programs for their employees. Companies and government agencies can reduce the former-insider threat with a few simple actions.

Dustin R. Burns, Ph.D., GStat at Exponent

11:05 AM - 11:50 AM

Demystifying AI in Cybersecurity

he goal of this talk is to demystify the application of artificial intelligence in the security industry. I will address common misconceptions and detail several common use cases, while attempting to cut through the hype and inflated marketing claims for AI systems. In addition to discussing the revolutionary benefits, I will also discuss potential pitfalls and challenges. Members of the target audience have foundations in the security industry and a curiosity about how AI methodologies are applied, but need not be experts.

Andree Rose, Project Director at the Defense Personnel and Security Research Center (PERSEREC), DoD’s Office of People Analytics (OPA)

12:50 PM - 1:35 PM



11:50 NOON - 12:50 PM

Please visit our sponsors, without them ITS5 would not be possible.

Matthew J. St. Sure, Stanislaus County

1:35 PM - 2:05 PM

Phishing Awareness - After Action Report: Presenting the lessons learned from a Phishing Awareness Program of 1,300 users 

  Spear Phishing has firmly been established as the preeminent method of breaching a network; we search for ways and controls that ultimately prove to be inadequate as any well-crafted phishing attack is challenging to distinguish from business email. 
What path forward can be used to mitigate this common component of the attack chain? 
Is the traditional awareness program working, what could be improved and what should we throw out altogether? 
How can we create a culture of security awareness that is sustainable and adopted from the C level to line staff of an organization? 
Striving to go beyond a compliance checkbox we will learn from an after-action report,  exploring the possibilities for building a better phishing awareness program.


2:05 PM - 2:15 PM

Please visit our sponsors, without them ITS5 would not be possible.

Bill Baz, DoD Account Executive at Radiant Logic

2:15 PM - 3:00 PM

Federated Identity & Virtualization:  Removing Identity Integration as a Roadblock For Security and Digital Transformation 

Data can be both our greatest Achilles’ heel and the most powerful tool for building innovative and secure defense solutions. To be successful, we need to understand attributes of identities (both structured and unstructured) across the enterprise and harness this data to be interoperable across multi-domains for decision making. We must also deal effectively with the complexity associated with a wide variety of evolving data sources.


Identity is the new boundary. Breach is assumed and focus is applied in a different place: identity data and integration.Our approach to solving this dilemma involves abstracting identities from underlying repositories into a flexible, scalable infrastructure built on virtualization and big data technology. Without disrupting existing identity sources, RadiantOne builds a future-state, reusable unified identity layer for consuming applications.


The result: identity becomes an enabler, not a security bottleneck, allowing you to build on your legacy and accelerate your future identity objectives.

David Wilcox, Vice President, Federal at Dtex Systems

3:00 PM -3:45 PM

How to Understand and Detect the Insider Threat

The insider threat continues to be one of the most difficult security problems the public and private sectors face. Government has a complex set of challenges. The information employees and contractors need access to in order to do their jobs is often highly sensitive. When it becomes exposed, it can bring on extreme consequences. To be effective, insider threat strategies have to be holistic. They must account for malicious insiders such as Edward Snowden, negligent humans who expose data accidentally and by failing to follow secure procedures, and compromised users who unknowingly give up credentials to cybercriminals. By drawing on his 38-plus years of government security experience, David will demonstrate how insider threat programs built on strategies and innovation that achieve visibility over human behaviors can reduce significantly the level of insider risk within organizations.


3:45 PM - 3:55 PM

J.T. Mendoza, Deputy Director, United States Air Force (USAF) Insider Threat Hub

3:55 PM - 4:35 PM

Three Major Pillars of Insider Threat: Espionage, Violence, Data Leak 

(Case Studies of Mallory, Manning, & Alexis)

Today, organizations face the complex challenge of insider threat but, often address it with inadequate solutions - primarily, failing to sufficiently meet a program’s true intent – to detect and prevent an event from occurring.  This presentation will review three cases that will cover major aspects of insider threat concerns: data loss event; espionage; and work-place violence.  It will also highlight similar indicators which permeate all three cases.  It concludes by providing broad recommendations on how to formulate a successful insider threat program. 

Closing Comments and Networking Reception in the Ferrantes Room

5:30 PM - 8:30 PM

Brian Walsh, Special Agent at FBI

FBI Public Outreach, Insider Threat and Theft of Trade Secrets


Please reload

DAY 2 - Thursday, April 18th

Networking Check-in with Continental Breakfast

7:00 AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Richard McComb Senior Executive Service, Chief Security Officer (CSO) for the U.S. Department of Homeland Security (DHS)

8:00 AM - 8:45 AM

Combatting the Insider Threat:  Stakeholder Engagement is Key to Achieving Success in Complex Organizations

The Department of Homeland Security (DHS) is a complex organization with multiple operational Components representing unique mission requirements. The DHS Insider Threat Program (ITP) implements an enterprise approach that meets the requirements of diverse stakeholders to mitigate risk associated with insider threats.  Partnering with stakeholders enabled the Department to implement a unified strategy, establish enterprise-wide policies, governance and oversight, and develop a data driven, vendor agnostic interoperable enterprise-wide technical architecture.  This presentation will share strategies for achieving success in a complex organization by engaging stakeholders, receiving feedback, uniting complex organizations, and establishing uniform standards and oversight for an ITP.  

Anthony K Giandomenico (“Tony G”) – Team Lead CTI – Senior Security Strategist & Researcher at Fortinet

8:45 - 9:35 AM

Offense and Defense: It’s Good to Play Both Sides. Successful attacks continue on many organizations despite the continued investments in the latest technologies. To successfully defend our cyber assets whether from anation state actor or an organized criminal, companies need to understand both their adversary’s tradecraft as well as how to ensure their security posture is properly designed to continually resist their TTPs.  With the limited skilled resources this can be difficult; however, with the right foundational information it’s much more achievable.  This talk will focus on how to effectively leverage freely available information such as the MITRE ATT&CK Matrix to achieve better situational awareness, and to more accurately plan and prioritize future security improvements. 

Dr. Emma Bradford, Senior Consultant and Mr. Steve Little (CISSP), Cyber Lead at Frazer Nash Consultancy

9:35 AM - 10:25 AM

Remote Working and Hot-Desking: an Insider Threat Perspective As hot-desking and remote-working become the norm across organisations, it is important to consider if/how these working practices effect the insider threat. While remote-working agreements can benefit both employer and employee (e.g. increased flexibility, higher commitment and retention of staff, overall cost savings) they can also introduce personnel security risks if not properly managed, or discontent if not allowed. Similarly, while hot-desking can minimise the cost associated with office space, increase the interconnectedness of staff across an organisation and foster enhanced creativity and collaboration, it removes employees’ ability to identify behaviour that is out-of-character for those around them. With traditional insider threat prevention efforts relying so heavily on the recognition of tell-tale behavioural indicators, it is necessary to consider the consequences of removing the ‘human’ from the detection chain. This presentation will explore the impact of hot-desking and remote-working on the insider threat and discuss potential mitigation strategies.



10:25 AM - 10:35 AM

Please visit our sponsors, without them ITS5 would not be possible.

Michael Crosland, Sr. Sales Engineer, Government at Forcepoint

10:35 AM - 11:20 AM

Developing a Unified Security Framework to Address Insider Risk

People represent the biggest challenge in security.  To do their jobs, your workforce interacts with sensitive data, other people and their environment.  The challenge for security professionals is better understanding these interactions to identify intent in order to reduce the risk of damaging activity from insiders.  Join Forcepoint for an informative discussion on best practices in developing and implementing a unified security framework for organizations of all sizes and scope.  Security leaders will gain insights to help shape security strategy to reduce risk from insiders and move towards a more proactive security posture.

Dave Erickson, Software Engineer and Systems Architect at Elastic

11:20 AM - 12:00 NOON

Bringing the Community into the Fight.

Attackers have the advantage. They are able to communicate with one another to share information. Their cost of discovering new vulnerabilities is very low. They iterate quickly.

If the attacker has trusted access as an insider, their malicious activity is even more difficult to detect.


Defending mission critical assets starts with gathering a data. Data collection, hygiene, and correlation is critical for detecting insider threats.


Today, sharing knowledge about attackers is also critical.


This presentation will focus on these areas:

• Security data and how to audit its hygiene.

• How the DoD community is collecting security data today.

• Engaging with DoD and Federal security related communities.

• Advance attack correlation with machine learning and graph analysis.


12:00 NOON - 1:00 PM

Please visit our sponsors, without them ITS5 would not be possible.

KEYNOTE - Christy Riccardi, Regional Director, Region IX Cybersecurity and Infrastructure Security Agency (CISA)

1:00 PM - 1:45 PM

Betting on a Sure Thing: Mitigating Today’s Risks for Tomorrow’s Resilience

 Remember the morale of the story when two hunters are confronted in the forest by an angry bear? You don’t have to outrun the bear--just run faster than your buddy…In the CyPhy world, understanding the cybersecurity threat and challenges of protecting our critical infrastructure is key to managing risk inside and outside our organizations. Assessing your people, processes and technology to become mature on the playing field and less of a target is a best practice. And the less focused and disorganized will offer an easier target for the adversary. Learn how CISA can help you.

Dan Conrad, Federal CTO at Quest Public Sector

1:45 PM - 2:30 PM

Administering Responsibly 

Managing elevated access is one of the biggest challenges facing large enterprises today.  Administrators must be able to access systems with sufficient rights to do their jobs, but organizations must control access to ensure security and regulatory compliance and mitigate vulnerabilities.  The days of administrators sharing accounts and passwords and operating without auditing are gone.   


A unique challenge for Government enterprises is blending access control with integrating PIV or CAC while still enabling administrators to administer.  Even with multifactor authentication to “check out” a privilege, steps still need to be taken to mitigate compromises.  Real-time session analytics provides in-line assurance by baselining normal behavior and comparing it to current behavior – with real-time in-line remediation to add a powerful layer of risk mitigation.   


Learn how Quest Public Sector helps government customers secure privileges, CAC/PIV integrate, audit and analyze privilege use and remediate in real-time. 



2:30 PM - 2:40 PM

Please visit our sponsors, without them ITS5 would not be possible.

Christian Grijalva, Chief Technologist at GCE

2:40 PM - 3:10 PM

The Effects of Corporate Culture on Insider Threat 
Are companies their own worst enemy when it comes to contributing to the risk of insider threat? In this presentation we will discuss some of the behaviors considered significant contributing factors to insider threat and how the company policies affect those behaviors. This includes changes in standard company procedures as well as the implementation of new procedures. Also, we will explore the relationship between how corporate level groups interact with the everyday employee and what that does to employee disposition. 

Major Ryan Kelly, Ph.D. CISSP/PMP

3:10 PM - 3:50 PM

Scientific Insider Threat Analysis

This presentation reports the research design and findings from a past test of insider threat analysis under various organizational and informational constraints. An unexpected outcome was that while good at detecting insider threats, analysts are little better than chance at exonerating an innocent. Present research seeks to move the work of insider threat analysis from an art to a science using well established criminology and loss aversion theories to predict false positives. Preliminary results strongly suggest that education, status, family, and a number of other self-equity factors tend to reduce the odds of delinquent outcomes such as non-honorable discharge, clearance denial/revocation, and drug abuse. Future applied research will mitigate false positives in computational risk modeling processes to better identify those at greatest risk for misbehavior. This knowledge will allow analysts to focus on technical insider threat alerts within context of specific personnel attributes.

Open-Panel Discussion - with Paul Temple, CEO and Nickolas Golubev, Chief of Engineering and Architecture at Advanced Onion; Charles Keane, Behavioral Analytics Specialist, Forcepoint; Charlie Sowell, Chief Operating Officer at iWorks

4:00 PM - 4:50 PM

Closing Comments

3:50 PM - 4:00 PM

Closing comments including important event highlights will be given by iTS5 moderator, Paul Temple. 

Thank you for attending and making this event unique!

Please reload

All event times, content and speakers are subject to change without notice. We appreciate your understanding.

bottom of page