Loading…
FloCon 2022 has ended
Back To Schedule
Tuesday, January 11 • 1:00pm - 4:00pm
Track I: Insider Threat Analyst Training (Day 1) LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

This course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. It discusses various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability.

Course Objectives
At the completion of the course, learners will be able to:
  • Work with raw data to identify concerning behaviors and activity of potential insiders
  • Identify the technical requirements for accessing data for insider threat analysis
  • Develop insider threat indicators that fuse data from multiple sources
  • Apply advanced analytics for identifying insider anomalies
  • Measure the effectiveness of insider threat indicators and anomaly detection methods
  • Navigate the insider threat tool landscape
  • Describe the policies, practices, and procedures needed for an insider threat analysis process
  • Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process

Topics
The course covers topics such as:
  • Strategies on identifying risks to assets from insiders
  • Building a data collection and analysis function for both technical and behavioral data
  • Identifying data sources for insider threat analysis
  • Prioritizing data sources to include in an analysis function
  • Developing insider threat indicators from raw data
  • Advanced analytics for insider threat mitigation
    - Correlating data from disparate sources
    - Resolving multiple accounts to single entities
    - Indicator patterns and sequences
    - Insider threat anomaly detection methods
  • Measuring the effectiveness of insider threat controls
  • Features and functionality of tools used in insider threat mitigation
  • CERT's methodology for insider threat tool testing
  • Developing an insider threat data collection and analysis process
    - Triage
    - Escalation
    - Referral
    - Continuous improvement
  • Developing an insider threat incident response process

Speakers
avatar for Luke Osterriter

Luke Osterriter

Insider Risk Researcher, CERT Division - SEI/CMU
Mr. Luke Osterritter is a Cyber Security Researcher and Member of the Technical Staff with the Enterprise Threat & Vulnerability Management team at the CERT division of Carnegie Mellon University's Software Engineering Institute. He is also a doctoral researcher with the Center for... Read More →
avatar for Derrick Spooner

Derrick Spooner

Information Systems Security Analyst, CERT Division - SEI/CMU
Derrick Spooner is a member of the Enterprise Threat & Vulnerability Management team in the CERT Division of the Carnegie Mellon Software Engineering Institute. Derrick designs, develops, and transitions tools, algorithms, and exercises that enhance organizations’ abilities to detect... Read More →
avatar for Austin Whisnant

Austin Whisnant

Insider Risk Researcher, CERT Division - SEI/CMU
Austin Whisnant is a Member of the Technical Staff with the CERT Program at the Software Engineering Institute, a unit of Carnegie Mellon University (CMU). Her research interests include large-scale network traffic analysis, risk analysis, modeling and simulation, and national cybersecurity... Read More →


Tuesday January 11, 2022 1:00pm - 4:00pm EST