Core Netwars Continuous Hones New Skills - FREE with OnDemand Training for One Week Only!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Nine Steps toward a Successful Insider Threat Program

  • Tuesday, August 26, 2014 at 1:00 PM EDT (2014-08-26 17:00:00 UTC)
  • Daniel Velez, Tanya Baccam


  • Raytheon | Websense

You can now attend the webcast using your mobile device!



This session will focus around steps every organization can take to implement a successful insider threat program. Every complete insider threat program contains these elements: policies, processes, technology controls, risk management and auditing/monitoring. If there's a unifying message within all of the steps of an insider threat program is that it is not about technology - it is about people and technology.

That's because a purely technology-based program does not translate to successful insider threat protection. It translates to status quo. You cannot simply react to some disaster (either an internal one or an incident you've read about) in kneejerk fashion and conclude, "Hey! We need an insider threat program. Let's call up a vendor and get a couple products in here." That is not an insider threat program. That is status quo. Obviously, IT plays a dominant role. But as a lead collaborator, not a dictator. IT works in perfect alignment with business-side executives and users to address all of the protective checkpoints while not disrupting productivity and/or hurting your reputation/brand strength with customers. Mr. Velez will go into detail of what he considers are the nine steps that every organization must take if they want to have a successful insider threat program.

Speaker Bios

Tanya Baccam

Tanya Baccam: Tanya is a SANS senior instructor, as well as a SANS courseware author. Tanya has consulted with a variety of clients about their security architecture in areas such as perimeter security, network infrastructure design, system audits, Web server security and database security; she provides a variety of security consulting services for clients, including system audits, vulnerability and risk assessments, database assessments, Web application assessments, and penetration testing. She has previously worked as the director of assurance services for a security services consulting firm and served as the manager of infrastructure security for a healthcare organization, as well as managing at Deloitte & Touche in its security services practice. Tanya has played an integral role in developing multiple business applications and currently holds the CPA, GIAC GCFW, GIAC GCIH, CISSP, CISM, CISA, CCNA and OCP DBA certifications.

Daniel Velez

Daniel Velez is the Director of Insider Threat operations, Forcepoint, powered by Raytheon, and he is responsible for the delivery and support of insider threat monitoring, investigation solutions and services to Forcepoint's customers. Daniel is a subject matter specialist who guides Forcepoint customers in all aspects of their insider threat user activity monitoring programs including requirements, deployment, operations and maintenance, investigations, and support to law enforcement. Prior to joining Raytheon, he served as a Sr. Cyber Counterintelligence Investigator specializing in insider threat detection and investigations.

Daniel is retired from the U.S Navy Submarine Force where he served in duties from nuclear engineering to strike group operations and antisubmarine warfare.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.