In this podcast we explore the challenges of addressing insider threats and how organizations can improve their security posture by understanding the conditions and triggers that precede a potentially harmful act. And how technological advances in prevention and detection can help organizations stay safe and steps ahead of threats from trusted insiders. Episode Transcript: Introduction: Welcome to Uncovering Hidden Risks. Raman Kalyan: Hi, I'm Raman Kalyan, I'm with Microsoft 365 Product Marketing Team. Talhah Mir: And I'm Talhah Mir, Principal Program Manager on the Security Compliance Team. Raman: All right, Talhah, episode two. We're gonna be talking about insider threat challenges and where they come from, how to recognize them, what to do. And today we're talking to Dan Costa. Talhah: Dan Costa, that's right, the man who's got basically the brainpower of hundreds of organizations that he works with across the world, and given a chance to talk to him and distill this down in terms of what are some of the trends and what are some of the processes and procedures you can take to manage this risk. Super excited about this, man. Let's just get right into it. Talhah: Looking forward to this very much, man. And today we have Dan Costa. Dan, you want to just introduce yourself, give a little background on yourself and Carnegie Mellon and all that stuff? Dan: Yeah, sure thing. So Dan Costa, I'm the Technical Manager of the CERT National Insider Threat Center here at Carnegie Mellon University Software Engineering Institute. We're a federally funded research and development center solving longterm enduring cybersecurity and software engineering challenges on behalf of the DOD. One of the unique things about the Software Engineering Institute is that we are chartered and encouraged to go out and engage with industry as well, solving those longterm cybersecurity and software engineering challenges. And my group leads kind of the SEI's insider threat research. So collecting and analyzing insider incident data to gain an understanding of how insider incidents tend to evolve over time, what vulnerabilities exist within our organizations that enable insiders to carry out their attacks, and what organizations can and should be doing to help better protect, prevent, detect, and respond to insider threats to their critical assets. Raman: Wow. Nice. That's awesome. Dan, how did you get into this space? Dan: Yeah, so I've been with the SEI since 2011. I came onboard actually to work on the insider threat team as a software engineer, developing some data collection and analysis capabilities for some of our early insider threat vulnerability assessment methodologies. And since 2011, have really gotten a chance to have my hand in nearly every phase of kind of the insider threat mitigation challenges that organizations experience, not only on the government side, but in the industry as well. So since 2011, I've been able to stand up insider threat programs within the government, within industry, help organizations measure their current security posture as it pertains to insider risk, and try to find ways that organizations can collect and aggregate data from disparate sources within their organization that can help them more proactively manage insider risk. So that's been work, rolling my sleeves up, working with insider threat analysts, spending lots of time with insider threat analysts in the early years, conducting numerous vulnerability assessments and program evaluations, helping organizations explain to their boards and their senior leadership team the scope and severity and the breadth of the insider threat problem, and help folks understand kind of what they already have in place that can form the foundation for an enterprise-wide insider risk management strategy. So I've been very fortunate since 2011 to really have a hand in almost every aspect of insider threat program building, assessment, justifying the need to have an insider threat program in the first place. Obviously since then had a lot to do with actually collecting and analyzing insider incident data, not only what we have access to publicly, but also learning from how we've collected and analyzed data here at the SEI over almost 20 years, and help organizations understand how they can use their own data collection and analysis capabilities to bolster their insider threat programs. Talhah: Awesome. Okay. So Dan, one of the things that roam and I talked about quite a bit is my own journey in this space. I mean, I haven't been fortunate to be in the space as long as you have, but I remember when I came into this space a couple of years back, one of the first places I turned to was Carnegie Mellon. And specifically, CERT. And one of the places you pointed us towards was this treasure trove of knowledge that you have, that you then sort of complement with the OSIT Group to really drive awareness and learning, cross-learning across different subject ...
