Blueprint: Build the Best in Cyber Defense

James Rowley: Creating and Running an Insider Threat Program

14 snips

Jul 12, 2022

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

James Rowley's Cybersecurity Journey

James Rowley shared his journey from college to insider threat detection engineering at Yahoo.
He emphasized his love for turning data into stories and evolving incident response skills.

INSIGHT

Insider Threats Use Familiar Methods

Insider threat detection relies on building stories from existing data, similar to anomalous behavior detection in cyber defense.
You do not need completely separate tools or methodologies to detect insiders versus external attackers.

INSIGHT

Categories of Insider Threats

Insider threats can be categorized into accidental, negligent, malicious insiders, and external entities controlling insider accounts.
Defining what constitutes an insider threat depends on organizational context and collaboration with security teams.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Click here to send us your ideas and feedback on Blueprint!

While malicious insiders are a threat that most of us would like to imagine we might never have to deal with, it’s still one of the cyber threats you must realistically consider and plan for. But how do you identify malicious intent and potential attacks from those already inside our network that have legitimate access to our data? Check out this episode where James Rowley lays out what you need to consider when it comes to insider threat detection.

Our Guest - James Rowley

James Rowley is a cybersecurity-consultant-turned-dectection-engineer building the next generation of insider threat detections. As a Detection Engineer, James is responsible for merging the world of blue team and insider threat, moving the needle on how we approach insider detections within cyberspace. James outside of the workspace is passionate about most things related to outdoors, beer, whiskey, wine, food, travel, and Minnesota sports teams. You will find James enjoying these things and more with his fiance and two dogs, Marshall (Bernese Mountain Dog) and Maya (Basset Hound).

Sponsor's Note:

Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.