top of page


With our unique combination of solution focused presentations, engaging speakers, energetic sponsors and attendess we are able to create a synergistic environment, suitable for all levels of interest. Each day of the event is planned with care to ensure the most exposure for everyone involved. Within this optimal setting for networking and learning, everyone will leave with a greater understanding of how best to counter insider threats with new found resources.

All event times, content and speakers are subject to change without notice. We appreciate your understanding.

DAY 1 - Wednesday, March 11th

Networking Check-in with Continental Breakfast

7:00AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Mr. Charlie Margiotta, Director of the National Insider Threat Task Force

8:00 AM - 8:45 AM

INSIDER THREAT – A DISCUSSION OF WHERE WE’VE BEEN AND WHERE WE’RE GOING - With the recent roll-out of the National Counterintelligence Strategy, signed by the President in January, 2020, the U.S. government has shifted from focusing on the threats posed by top foreign nation-state adversaries (THE WHO), to focusing on where they’re hitting us hardest and where we need to devote greater attention (THE WHERE/WHAT).  The areas being targeted the most include Critical Infrastructure, Supply Chains, the Economy, Democratic Institutions, and Cyber.  The new strategy also accepts that the U.S. government cannot address these threats alone, and needs the assistance of the private sector, an informed American public, and our allies.  Proactive insider threat reporting can provide early warning, intervention, and assistance for individuals at risk, while strengthening our national resilience, and the resilience of our private sector partners, and academic institutions.​

Greg Pierson, Co-Founder, iovation, a TransUnion Company

8:45 AM - 9:30 AM

Detecting fraud as part of an insider threat program - A comprehensive insider threat program should include external information like credit and public records, among others, to fully inform security managers of potential risks. In this session, TransUnion's Greg Pierson will discuss what kind of external information to look for and how you can apply it to an insider threat program. Greg will also reveal a new approach to uncovering hidden insider risks that requires little to no personal information.

COFFEE BREAK hosted by Lexis Nexis

9:30 AM - 9:45 AM

Please visit our sponsors, without them ITS6 would not be possible.

Brian Thompson, Departmental Security Branch / Royal Canadian Mounted Police

9:45 AM - 10:30 AM

Balancing the use of Technology and Behavioural Indicators of an Insider Threat - The Royal Canadian Mounted Police (RCMP) is a national policing agency that encompasses Municipal, Provincial and Federal policing responsibilities relating to Criminal Law Enforcement, National Security, and International Policing.  The RCMP implements a unified approach to existing Insider Threats, partnering with Internal Business Lines in an effort to respond to each Insider Threat incident.  This collaborative approach adds effectiveness and efficiency to the process, ensuring that threats are mitigated.  Canadian “Case Scenarios” of actual Insider Threats (Desjardin Banking, Whettlaufer) will be provided relating the perspective of balancing Behavioural and Technological Indicators.

J.T. Mendoza Deputy Director, United States Air Force (USAF) Insider Threat Hub

10:30 AM -11:15 AM

Insider Threat Program Assessment - While organizations approach the insider threat challenge differently, most struggle with the consistent requirement to assess and/or justify program existence.  Often this includes efforts trying to determine ROI, effectiveness, etc. to senior leaders or stakeholders who may not understand the impact of not having an insider threat program.  In his presentation, J.T. Mendoza leverages his experience with two mature insider threat programs within the USG to share a general framework for evaluating an insider threat program.  

LUNCH BREAK hosted by Advanced Onion

11:15 AM -12:15 PM

Please visit our sponsors, without them ITS6 would not be possible.

Erich Anderson Professional Consultant for ObserveIT

12:15 AM - 1:00 PM

Insider Threat Common Questions - We will explore a deeper look into the Ponemon Study on insider threats and a more general exploration of metrics, skill sets and processes when it comes to program development, internal operations best practices and components in between. The session is intended to be open-ended gathering participation from the attendees, no right or wrong answers just sharing experience from within the crowd.

Chris Grijalva, Senior Technology Director at Perspecta

1:00 PM - 1:45 PM

Continuous Evaluation: Evolution to the Trusted Workforce  - This presentation will go through the history of Personnel Security with origins all the way back to the 1800’s and journey through the policy and legal changes that have led up to this point. The discussion will also cover the current state of the Personnel Security Program including advantages and weakpoints. Finally, we will talk about the migration toward Continuous Evaluation/Continuous Vetting and what this migration means.

COFFEE BREAK hosted by Lexis Nexis

1:45 PM - 2:00 PM

Please visit our sponsors, without them ITS6 would not be possible.

Mark Wilson, Director of Sales, Radiant Logic

2:00 PM - 2:45 PM

Federated Identity & Virtualization: Removing Identity Integration as a Roadblock for Security and Digital Transformation - Data can be both our greatest Achilles’ heel and the most powerful tool for building innovative and secure defense solutions. To be successful, we need to understand attributes of identities (both structured and unstructured) across the enterprise and harness this data to be interoperable across multi-domains for decision making. We must also deal effectively with the complexity associated with a wide variety of evolving data sources.


Identity is the new boundary. Breach is assumed and focus is applied in a different place: identity data and integration.Our approach to solving this dilemma involves abstracting identities from underlying repositories into a flexible, scalable infrastructure built on virtualization and big data technology. Without disrupting existing identity sources, RadiantOne builds a future-state, reusable unified identity layer for consuming applications.


The result: identity becomes an enabler, not a security bottleneck, allowing you to build on your legacy and accelerate your future identity objectives.

Colonel (USA, Ret) Robert R. Roland, Psy.D., Operational and Clinical Psychologist

2:45 PM - 3:30 PM

Personality assessment and the individual fit in organizations is an interesting consideration for those with a digital focus. On the other hand - it might be a foreign language. None-the-less, without the human dimension what really matters?


3:30 PM - 3:45 PM

Open-Panel Discussion - TOPIC TBD

3:45 PM - 4:45 PM

Michael Douglass, President of Advanced Onion, Moderating;

Major Ryan Kelly, Ph.D., Army Research Facilitation Laboratory;

J.T. Mendoza, Deputy Director, United States Air Force (USAF) Insider Threat Hub;

Bill Falk, Chief Revenue Officer, AC Global Risk;

Eric Hanna, Insider Threat Unit, DHS/TSA

Networking Reception in the Ferrantes Room, 10th Floor

5:00 PM - 8:00 PM

Join us on the 10th floor to enjoy our networking reception, with food and beverages served while enjoying the best view of the Monterey Peninsula!

Please reload

DAY 2 - Thursday, March 12th

Networking Check-in with Continental Breakfast

7:00 AM - 8:00 AM

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Richard McComb, Senior Executive Service, Chief Security Officer (CSO) for the U.S. Department of Homeland Security (DHS)

8:00 AM - 8:45 AM

Evolving Faster Than the Threat: An Information-centric Approach to Insider Threat Operations - As every security professional knows, guns, guards, gates, and walls don’t usually keep insider threats out of organizations.  Such threats may already be lurking in your organization despite your best efforts on the exterior edges to keep them at bay.  Just as threats have evolved, our operations, responses, and understanding of them have needed to evolve.  In this session, Richard McComb, Chief Security Officer for the Department of Homeland Security, using recent case studies, will discuss his department’s information-centric approach to insider threat operations and explain how its program has grown more proactive and refined its detection, analysis, information sharing, and case management methods. 

Dustin Burns, Senior Scientist, Exponent

8:45 - 9:3o AM

Can AI predict human behavior? - Given the rapid increase of novel machine learning applications in cybersecurity and people analytics, there is significant evidence that these tools can give meaningful and actionable insights. Even so, great care must be taken to ensure that automated decision making tools are deployed in such a way as to mitigate bias in predictions and promote security of user data. In this talk, Dr. Burns will take a deep dive into an open source data set in the area of people analytics, demonstrating the application of basic machine learning techniques, while discussing limitations and potential pitfalls in using an algorithm to predict human behavior. In the end, Dustin will draw a comparison between the potential to predict human behavioral propensity to things such as becoming an insider threat to how assisted diagnosis tools are used in medicine to predict development or reoccurrence of illnesses.


9:30 AM-9:45 AM

Please visit our sponsors, without them ITS6 would not be possible.

Caitlin Gremminger, Special Agent, FBI

9:45 AM -10:30 AM

SA Gremminger will share current examples about how YOU are being targeted by cyber criminals and foreign adversaries and what you can do to protect yourself.

Pete Ruppert, United States Army in Europe - Insider Threat Program Manager

10:30 AM - 11:15 AM

Implementation of an Insider Threat Program from the Ground Up. - Mr. Ruppert discusses his approach on standing up an insider threat program in Europe from a sheet of paper to full operational capability as well as some organizational challenges and solutions that transcend the military and government. 



11:15 PM - 12:30 PM

Please visit our sponsors, without them ITS5 would not be possible.

Bill Kalogeros Director, Public Sector for Acalvio Technologies

12:30 PM -1:15 PM

The Never-Ending Battle Against Insider and Advanced Persistent Threats

How Next-Generation Deception Technology Goes on the OffenseThe US government is engaged in a constant battle against well-funded, motivated attackers. The “front line” extends well beyond government networks and is broadly distributed in private organizations (defense contractors and service providers).  Traditional security technologies focus on trying to look for “evil.” Evil, in the case of your SEIM/IDS, would be to pattern the SEIM/IDS configuration to look for signatures/anomalies.   As a result, all an attacker needs to do to avoid detection is to appear “not evil.” This is the problem with traditional detection technologies.  Instead of looking for evil, we can look for abnormal. If we know what happens on our networks normally, we can identify abnormal behavior and investigate it as suspicious.  This is the reason deception technologies are an important part of any cybersecurity arsenal. On today’s digital battlefield, organizations need to deploy Next-Generation Deception Technology: decoys/lures, misdirections, and systems to attract and snare attackers.

Riley Bruce Technical Product Marketing Manager at Code42

1:15 PM - 2:00 PM

The Insider Threat: You're Flying Blind - Studies show that 90% of data loss that manifests from inside organizations goes undetected.  What's worse, nearly 70% of organizations that were breached from the inside had a data loss prevention solution in place.  The brutal truth - prevention solutions are not effective at stopping insider threats. Attend this session from Code42 to learn how data risk detection and response ensures you and your organization are not blindsided.

insights to help shape security strategy to reduce risk from insiders and move towards a more proactive security posture.


2:00 PM - 2:15 PM

Please visit our sponsors, without them ITS5 would not be possible.

Stephanie L. Jaros, Director of Research, DoD Counter-Insider Threat Program Defense Personnel and Security Research Center (PERSEREC) Office of People Analytics (OPA)

2:15PM - 3:00 PM

We Know the Cavalry Isn’t Coming - DoD’s Threat Lab and its Mission to Serve the Enterprise - Government insider threat programs are unfunded mandates, and in the private sector they are often viewed as cost centers. As a result, many programs are under-resourced, and even though the insider threat is a human problem, organizations rarely fund in-house social and behavioral science (SBS) research support. Enter - The Threat Lab.

The Defense Personnel and Security Research Center (PERSEREC) created The Threat Lab to provide publicly available, operationally relevant, empirically robust research and artifacts. Stephanie Jaros will provide an overview of The Threat Lab and discuss how collaboration across government, industry, and academia will move the counter-insider threat mission forward.

Closing Comments

Thank you for being part of the ITS Family, see you next year!

Please reload

bottom of page