recommended reading

Obama Administration Aims to Create ‘Insider Threat’ Job Specialty to Plug Leaks

The creation of insider threat teams was spurred, in part, because of the leaks from ex-NSA contractor Edward Snowden

The creation of insider threat teams was spurred, in part, because of the leaks from ex-NSA contractor Edward Snowden // Gil C /

A New Year’s goal of the federal office responsible for averting employee leaks is to make a career out of catching so-called insider threats.

It is a delicate task to simultaneously guard hard-working federal personnel and expose the bad apples. And it takes different talents than those one would find in a counterintelligence analyst, human resources professional or information security professional. The insider threat discipline melds all those disciplines. 

"It’s a privilege to work in that program. And the only reason that you are there is to help protect your colleagues, not to out them. So, we’ve got to professionalize that workforce of people who do this for a living," said Patricia Larsen, co-director of the National Insider Threat Task Force. "They have to view themselves as part of a community."

Larsen was speaking at a forum hosted by Nextgov earlier this month. 

Background investigators these people are not. Although, that profession now has somewhat of a reputation problem, too.

The Office of Personnel Management on Thursday began notifying more than 48,000 employees their personal information may have been exposed following a possible cyber intrusion at KeyPoint Government Solutions, which conducts background checks on personnel applying for security clearances. Over the summer, USIS, once the government’s largest provider of employee investigator, disclosed a data breach, potentially compromising information on 25,000 workers.

The Obama administration created Larsen’s office after former soldier Chelsea Manning spilled U.S. secrets to Wikileaks. The more recent actions by ex-contractor Edward Snowden that revealed National Security Agency intelligence indicate the task force needs to pick up the pace, she said.

But there is no occupational series and pay scale for the insider threat profession. The task force is exploring whether a new occupational code might be warranted, Larsen told Nextgov. In the meantime, agencies are using several existing job classifications to recruit staff. 

Personnel with insider threat-related tasks can easily earn six-figure salaries in government or industry. Currently, there is an opening at OPM for a “Supervisory Intelligence Operations Specialist” with a salary between $106,263 and $138,136, whose responsibilities include insider threat awareness training, according to

Talent search firm Hudson is recruiting an “IT Risk Evaluation Manager” for an unnamed financial institution who, similarly, would be paid between $100,000 and $130,000 to have an “in-depth understanding” of insider threat analysis to keep the company’s proprietary computer code secure. 

Today, internal threat specialists serving within roughly 70 different agencies come from the fields of counterintelligence, information security and civil liberties, as well as law enforcement.

Some agencies have hired intelligence analysts from the "0132" job series defined by OPM.  Others have focused more on the investigative capabilities within the 1800 series, or 0080 security specialists. 

"They bring their own experiences with them but now we’re asking them to do a unique skillset, a unique discipline -- to be an insider threat professional," Larsen said. 

Every federal agency that has access to classified information is required to set up an insider threat program. Many have robust initiatives in place, while others are still in the early stages and are still filling positions. The size of the insider threat workforce for each department will vary based on the agency's size, mission and access to secrets, Larsen said.

These professionals must learn how to synthesize intelligence from myriad sources that analysts traditionally don’t use all at once.  It requires some technical expertise to perform the “big data analysis” and to refine algorithms that ingest the data to flag potential rogue behavior, Larsen said. 

The specialists must undergo awareness training on privacy protections, intelligence oversight and investigative procedures, should suspicions bear out.

"In the event detected activity necessitates referral to law enforcement," it is crucial that the insider threat personnel do not interfere with potential prosecutions or psychological treatment, Larsen said. "It is also critical to remember the human element, and the expertise of clinical psychologists is crucial to inform insider threat analysis.”  

(Image via Gil C/

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.