Carl Willis-Ford .jpg

The 3rd Face of Insider Threat

Carl Willis-Ford

While many Insider Threat assessments only include two categories (malicious and unintentional), there exists a strong argument to include a third category, the nonmalicious insider - employees that knowingly violate security policy, but not for malicious purposes. These employees present significant risk that may be at worst overlooked, at best underestimated, and impact both cyber and physical security. Participants will hear significant examples of how nonmalicious insiders unwittingly participated in major data breaches by malicious insiders and outsiders. Research-based and practical approaches will be presented for recognizing and managing the nonmalicious insider, resulting in an improved overall security posture.

Speakers Bio: Dr. Willis-Ford is a Solutions Architect for General Dynamics Information Technology. He is an ex-Navy Nuclear Reactor Operator on fast attack submarines. Since leaving the Navy, he has 30+ years in project management, security training, technical architecture, and data security. He is involved in numerous activities regarding training and awareness programs and cyber workforce development:

•Advisory Board Member for the National Cybersecurity Student Association

•Technical Working Group, NIST-sponsored Federal Information Systems Security Educators Association

•Working Group, National Initiative for Cybersecurity Education (NICE)

•Regular guest lecturer for NASA’s Security Awareness Program

•Planning committee for the Colloquium for Information Systems Security Education (CISSE)

•Planning committee for the Community College Cyber Summit (3CS)

Dr. Willis-Ford holds a B.S. in Computer Science, an M.S. in Network Security, an M.S. in Technology Management, and a Doctor of Information Assurance. He is a Senior Member of the Information Systems Security Association.