Meeting Topic & Overview:
A Question of Trust: Effectively Countering the Insider Threat
Trust is the new currency with which cybersecurity and data protection organizations use to
attract and retain key clients. A company whose brand and reputation are linked with its ability
to prevent network attacks and/or data breaches has to rely on more than strong technology. It
is well known that the malicious "trusted insider" is the likeliest and biggest threat to network
and information security. Whether that insider is a current employee, former employee,
contractor or other third party with access to information or systems, organizations must
implement key policies and procedures consistent with a strong counter intelligence program
to effectively manage the risk to its reputation.
US Government Contractors entrusted with our nation's most confidential and classified
information is required to adhere to standards set forth in the National Industrial Security
Program's Operating Manual (NISPOM), as well as Executive Orders and in revised
acquisition regulations (FAR and DFARs). The sharing of these best practices can help private
industry take the necessary steps to guard against an emerging and insidious threat.
Michal Gnatek, Enterprise Risk Manager, The MITRE Corporation
Leads the Enterprise Risk Management program at The MITRE Corporation, a not-for-profit organization that operates multiple Federally Funded Research & Development Centers. MITRE has provided me with a unique opportunity to leverage my 25+ years of traditional risk management experience with the world's leading insurance brokerage firms to help create an ERM platform that informs corporate strategy and cultivates a truly risk-aware culture. In addition to the company's ERM effort, I also am responsible for more traditional corporate risk management, as well as a contributor to Crisis Response, Environmental Safety & Health, Business Travel Risk Management and Behavioral Threat Assessment.
Prior to joining MITRE, I was a Producer and Client Executive at Marsh & McLennan in Washington, DC and led the Government Contractor focus in their Communications, Media & Technology (CMT) practice. For 11 years I served as a member of Lockton’s Global Technology and Privacy Practice (GTPP) and lead Lockton’s Technology and Aerospace & Defense practice, also based in Washington, DC. I started my career in 1991 with Johnson & Higgins/Marsh & McLennan. My areas of focus encompass ERM, Cybersecurity, Privacy, Property & Casualty Risk Management, Management Liability.
Michael Gelles, Director, National Security and Cyber Expert, Deloitte Consulting, LLP
Michael Gelles is a managing director with Deloitte Consulting, LLP, based in Washington, D.C. He advises a wide variety of clients in law enforcement, intelligence and national security.
Gelles is a known insider threat specialist focusing on cyber and physical security risks, asset loss, exploitation, terrorism, workplace violence and sabotage. He works with government and private sector organizations to improve their insider threat posture with a specific emphasis on people, mission and risk. Gelles had led the development or maturity of more than 30 insider threat programs, including Deloitte’s own program, which entails a number of proprietary innovative solutions. His approach to insider threat is data-driven with large security transformations based on the client’s strategy, operations, workforce and broader culture focused on mitigating enterprise risk.
Previously, Gelles was an executive in federal law enforcement and the chief psychologist for the Naval Criminal Investigative Service (NCIS) for more than 16 years. In that capacity, he assisted the NCIS and a multitude of other federal, state and local law enforcement agencies with criminal, counterintelligence and counterterrorism investigations and operations.
Gelles has been involved in the investigation and debrief of numerous convicted insiders ranging from espionage to sabotage and targeted violence. During his time with NCIS, Gelles participated in “Project Slammer,” a U.S. government study on convicted American spies, and other national security programs associated with the debrief and study of the insider threat.
He is the author of two books, as well as numerous articles, and he is a frequent guest speaker. His books include Threat Assessment: A Risk Management Approach (Taylor Francis) and Insider Threat: Prevention, Detection, Mitigation and Deterrence (Elsevier Press).
Josh Massey, Department Head, Strategic Program Protection & Threat Mgmt, The MITRE Corporation
Joshua Massey leads The MITRE Corporation's portfolio of Counterintelligence (CI) programs. As such, Mr. Massey is responsible for establishing, executing, supervising, and directing the implementation and oversight of MITRE's CI, insider threat, OPSEC, and strategic technology protection initiatives across MITRE's seven federally funded research and development centers in the fields of defense & intelligence, aviation, civil agency modernization, homeland security, healthcare, the judiciary, and cybersecurity. MITRE is a not-for-profit corporation that works in the public interest with industry and academia to advance and apply science, technology, systems engineering, and strategy, to enable the government and the private sector to make better decisions and implement solutions to complex challenges of national and global significance.
Mr. Massey joined MITRE in 2014 as a seasoned investigator and intelligence & security professional with more than 13 years of federal civil and military service with multi-faceted experiences in law enforcement operations, counterintelligence, executive protection, antiterrorism/force protection, and threat & intelligence analysis. Mr. Massey's government career spanned the Department of Defense, Department of Homeland Security, Department of Justice, and Department of Commerce with additional assignments within the Intelligence Community.
Mr. Massey received a B.S. degree in Criminology and B.A. degree in International Affairs from Florida State University, and a M.S. degree in International Relations from Troy State University.