Insider Threats: Your Questions. Our Answers.

September 2019 • Webinar

Matthew J. Butkovic, Randall F. Trzeciak, Daniel L. Costa

In this webcast, as a part of National Insider Threat Awareness Month, our experts provided an overview of the ongoing research in this area, and answered questions about how the threat landscape continues to evolve.

Publisher:

Software Engineering Institute

Subjects

Insider ThreatInsider Threat

Watch

Abstract

Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents involving malicious and unintentional insider since 2001, and have worked with numerous organizations across government, industry, and academia to develop and validate controls and best practices to address these concerns. In this webcast, as a part of National Insider Threat Awareness Month, our experts provided an overview of the ongoing research in this area, and answered questions about how the threat landscape continues to evolve, and what organizations can and should do to address insider threats.

What attendees will learn:

• Key findings from the CERT National Insider Threat Center’s research into the different types of insider incidents – motivations, vulnerabilities, and common attack paths
• How the insider threat landscape has changed over time, and what’s to come in the future
• What organizations can do to deter, detect, and mitigate insider threats from employees and trusted business partners

About the Speaker

Matthew J. Butkovic

Matthew Butkovic is the Technical Manager of the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon ...

Matthew Butkovic is the Technical Manager of the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk.

Butkovic has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors. Prior to joining CERT in 2010, Butkovic was leading information security and business continuity efforts for a Fortune 500 manufacturing organization.

Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

Randall F. Trzeciak

Randy Trzeciak is a senior member of the technical staff with CERT at the Software Engineering Institute (SEI), Carnegie Mellon University. He is a member of a team focusing on insider threat research, including insider threat studies being conducted with the U.S. Secret Service National Threat Assessment Center, the U.S. Department of Defense Personnel Security Research Center, and Carnegie Mellon’s CyLab. Trzeciak also is an adjunct professor at Carnegie Mellon’s H. John Heinz III School of Public Policy and Management. Prior to his position at CERT, Trzeciak managed the Management Information Systems team in the Information Technology Department at the SEI. Prior to working at the SEI, Trzeciak was a software engineer at the Carnegie Mellon Research Institute. He was a lead developer and database administrator at Computing Services at Carnegie Mellon. Trzeciak also worked for Software Technology, Inc. in Alexandria, Virginia. He holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

Software Engineering Institute