recommended reading

Obama Administration Aims to Create ‘Insider Threat’ Job Specialty to Plug Leaks

The creation of insider threat teams was spurred, in part, because of the leaks from ex-NSA contractor Edward Snowden

The creation of insider threat teams was spurred, in part, because of the leaks from ex-NSA contractor Edward Snowden // Gil C /

A New Year’s goal of the federal office responsible for averting employee leaks is to make a career out of catching so-called insider threats.

It is a delicate task to simultaneously guard hard-working federal personnel and expose the bad apples. And it takes different talents than those one would find in a counterintelligence analyst, human resources professional or information security professional. The insider threat discipline melds all those disciplines. 

"It’s a privilege to work in that program. And the only reason that you are there is to help protect your colleagues, not to out them. So, we’ve got to professionalize that workforce of people who do this for a living," said Patricia Larsen, co-director of the National Insider Threat Task Force. "They have to view themselves as part of a community."

Larsen was speaking at a forum hosted by Nextgov earlier this month. 

Background investigators these people are not. Although, that profession now has somewhat of a reputation problem, too.

The Office of Personnel Management on Thursday began notifying more than 48,000 employees their personal information may have been exposed following a possible cyber intrusion at KeyPoint Government Solutions, which conducts background checks on personnel applying for security clearances. Over the summer, USIS, once the government’s largest provider of employee investigator, disclosed a data breach, potentially compromising information on 25,000 workers.

The Obama administration created Larsen’s office after former soldier Chelsea Manning spilled U.S. secrets to Wikileaks. The more recent actions by ex-contractor Edward Snowden that revealed National Security Agency intelligence indicate the task force needs to pick up the pace, she said.

But there is no occupational series and pay scale for the insider threat profession. The task force is exploring whether a new occupational code might be warranted, Larsen told Nextgov. In the meantime, agencies are using several existing job classifications to recruit staff. 

Personnel with insider threat-related tasks can easily earn six-figure salaries in government or industry. Currently, there is an opening at OPM for a “Supervisory Intelligence Operations Specialist” with a salary between $106,263 and $138,136, whose responsibilities include insider threat awareness training, according to

Talent search firm Hudson is recruiting an “IT Risk Evaluation Manager” for an unnamed financial institution who, similarly, would be paid between $100,000 and $130,000 to have an “in-depth understanding” of insider threat analysis to keep the company’s proprietary computer code secure. 

Today, internal threat specialists serving within roughly 70 different agencies come from the fields of counterintelligence, information security and civil liberties, as well as law enforcement.

Some agencies have hired intelligence analysts from the "0132" job series defined by OPM.  Others have focused more on the investigative capabilities within the 1800 series, or 0080 security specialists. 

"They bring their own experiences with them but now we’re asking them to do a unique skillset, a unique discipline -- to be an insider threat professional," Larsen said. 

Every federal agency that has access to classified information is required to set up an insider threat program. Many have robust initiatives in place, while others are still in the early stages and are still filling positions. The size of the insider threat workforce for each department will vary based on the agency's size, mission and access to secrets, Larsen said.

These professionals must learn how to synthesize intelligence from myriad sources that analysts traditionally don’t use all at once.  It requires some technical expertise to perform the “big data analysis” and to refine algorithms that ingest the data to flag potential rogue behavior, Larsen said. 

The specialists must undergo awareness training on privacy protections, intelligence oversight and investigative procedures, should suspicions bear out.

"In the event detected activity necessitates referral to law enforcement," it is crucial that the insider threat personnel do not interfere with potential prosecutions or psychological treatment, Larsen said. "It is also critical to remember the human element, and the expertise of clinical psychologists is crucial to inform insider threat analysis.”  

(Image via Gil C/

Threatwatch Alert

Accidentally leaked credentials

U.K. Cellphone Company Leaks Customer Data to Other Customers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.