search menu icon-carat-right cmu-wordmark

5 Best Practices for Preventing and Responding to Insider Threat

December 2017 Podcast
Randall F. Trzeciak

Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses five best practices for preventing and responding to insider threat.

“About 50 percent of organizations experienced at least one malicious insider incident in the previous year. ”


Software Engineering Institute




Insider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center—theft of intellectual property, sabotage, fraud, and espionage—continue to hold true. In our work with public and private industry, we continue to see that insider threats are influenced by a combination of technical, behavioral, and organizational issues. In this podcast Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which highlights policies, procedures, and technologies to mitigate insider threats in all areas of an organization.

About the Speaker

Randall F. Trzeciak

Randy Trzeciak is technical manager of the SEI CERT Division’s Enterprise Threat and Vulnerability Management Team and director of the CERT Insider Threat Center. Trzeciak has more than 25 years’ experience in a wide-range of topics, including: insider threat, cybersecurity, software engineering, project management, information security, and database design, development, and maintenance. In addition to his role with CERT, he also has a dual appointment at Carnegie Mellon University as program director for the Master of Science in Information Security Policy and Management program and CERT professor at Carnegie Mellon’s Heinz College, Graduate School of Information Systems and Management. He holds a master’s degree in management from the University of Maryland and bachelor’s degrees in management information systems and business administration from Geneva College.