What it Takes to Detect Insider Threats from Ford Motor Company’s Senior Analyst

Leading an insider threat program at a Fortune 100 company takes a certain skill set that can’t be molded into a single program or training certification. It takes a combination of capabilities and motivations to detect risk in some of the most challenging, unassuming places.

Dave Holder is a senior analyst with Ford Motor Company where he helps lead their insider risk program. He is a decorated former counterintelligence officer with expertise in national security investigations and operations, as well as corporate workforce investigations. His national-level awards include the National Counterintelligence Executive’s Investigative Team Award in 2014 and the Department of Defense Counterintelligence Team Award in 2009.

Key topics of Holder’s discussion with host Fred Burton include:

• How his experience as a Security Officer in the National Security Investigations Program  of the US Army shaped him into the leader he is today. 
• The most important skills needed to stand up an insider threat unit and the critical importance of understanding the importance of the human mind amid technological advancements (employees must feel empowered to report behaviors!)
• How technology has impacted the insider threat space and resources Holder recommends for those interested in exploring a career in this area. Here are the ones mentioned within the episode:
  • Borderless Behavior Analytics – Second Edition: Who’s Inside? What’re They Doing?
  • Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore
  • Office of the Director of National Intelligence’s National Insider Threat Taskforce

Key takeaways:

01:23: Dave Holder: There are a lot of things in the military that carry directly over. Most of us coming out of these types of environments struggle with that balance a little bit. And with leadership, generally speaking, I learned you can’t leave from behind. You have to be good at what you do as a practitioner. Have to be good with your people you’ve got to empower everyone and let them lead and innovate.

14:00: Dave Holder: When I think about the horizon I guess I could think about it in terms of where I think the enemy threat picture is going to use military terminology — defensively,  I have to react to what the adversary is doing, but offensively, can I create a framework that puts all of the odds in my favor. 

On the program building side of things, I think we need to put more focus into that and hopefully, some of the work MITRE is doing to build out an insider threat framework similar to MITRE attack for cyber defense will produce some of the applied research findings that will help us to get ahead of the curve. 

In the meantime, we have to continue to professionalize this field that we’re calling Insider threat or insider risk along the main core competencies. I think without those we’re not fluent enough with compliance professionals, privacy professionals, offices of general counsel, etc.. We have to be able to converse with them in terms they ah that they understand and that they care about.