Detecting the insider threat: it's not magic
2021-06-12, 09:00–09:25, Track 3

An overview of the Insider Threat Information Security specialty career track and how psychological analysis of user behavior can identify data loss/theft from an enterprise. Commercial SIEM monitoring tools, refocused with input from security, human resources, and legal can identify malicious behavior in real time. That said, the input from interviews prior to the digital investigation will highlight key actions to identify what data is at risk.

I will speak to the psychological analyst aspect of insider threat detection and how to use human behavior to tune alert events. (MICE/RASCAL/STRIDE) The human factor of insider threat detection is the difference between DFIR and DFIT. Incident response consists of data breaches from outside actors as compared to the data loss from insider theft.
I will discuss risk mitigation principles, "can vs should' for behavior analytics, and I will take the audience through a theoretical incident. (can vs should- i.e., yes, we have the technology to read and shadow every email, text, and teams message as well as all web traffic but where is the ethical line for monitoring colleagues?)

Prior to joining Accenture as a Senior Cybersecurity Consultant, Will has a solid foundation of applying innovative cyber solutions to the public and private sector. During his time in public service, he identified new cyber methods and capabilities to mitigate risk to U.S. personnel and facilities during the Global War on Terror. In the private sector, Will has performed e-discovery, data recovery, mobile forensic analysis and fatal automobile incident reconstruction. Will is often interviewed by radio and television news sources as a mobile forensic subject matter expert,

Will has appeared as a speaker at DefCon 2019, BSidesLV, BSides Detroit, BSides Tampa, Diana Initiative, BSidesSATX2020, CarolinaCon, PancakesCon2, HTCIA, Techno-Forensic Denver, NATO HQS and CANSOFCOM,. He serves as a OpSec/OSINT/Digital Forensic advisor to Operation Safe Escape, providing assistance to domestic abuse victims seeking to cut ties to their abuser.