Community Contributors
This framework is built by insider threat practitioners, for insider threat practitioners. The people listed here suggested resources, reported corrections, or otherwise helped make it more useful. These are informational contributions — no money changes hands.
Contributors
FS-ISAC Insider Threat Working Group
Original framework development, peer review, KSA validation, and ongoing feedback across multiple iterations.
The Open Source Insider Threat Information Sharing Working Group (250+ members, 130+ organizations) is the SEI-moderated community of practice for industry-based insider threat program practitioners. The framework's Custom KSAs draw heavily on research published by the SEI's CERT Division and National Insider Threat Center. Presenting to OSIT was a milestone for the project — their feedback continues to shape its direction.
Creator of SOFIT 2.0 (Sociotechnical and Organizational Factors for Insider Threat). Suggested the annotated bibliography page and mitigation strategy mapping tied to threat types. Foundational researcher in psychosocial precursors of insider threat risk.
Independently suggested mapping training and certifications to KSAs — the idea that became the competency clusters system. Two practitioners asked the same question: "I can see what I need to know, but how do I get there?" This feature exists because of them.
Suggested cloud-collaboration telemetry as a first-class insider signal source (refined A-SYNTH01), contributed the CISA Microsoft Expanded Cloud Logs Playbook, and identified AI agents as insider-like access holders — an emerging threat vector documented in the AI/ML cluster and governance model.
Co-author of Stewart & Handy (2024) insider threat maturity model. Suggested the UMD Graduate Certificate in Insider Risk Management, INSA resource library expansion, IRPA/CoE cross-references, AI/ML training platform resources, and alphabetical ordering improvements.
Suggested the "Top 5" priority KSA filter — the idea that each level should highlight the five most important competencies to focus on first. Now a core navigation feature on the framework page.
SVP, Global Information Security, Bank of America. Contributed the IRRG publications list — EMEA-focused insider risk resources from NPSA, NCSC, SIFMA, and UK cross-sector working groups. Coordinates the UK Cross Market Operational Resilience Group (CMORG) Insider Risk Research Group.
Suggested DataTheftNews — trade secret protection and insider threat prevention news resource. Also contributed the Insider Threat Framework & Maturity Assessment open-source GitHub project (LeastTrust).
Anonymous
Suggested DoD 8140.03 — Cyberspace Workforce Qualification & Management Program.
Want to be listed here? Submit a suggestion or email hello@insiderthreatanalyst.com — if we add your resource, correction, or idea to the framework, we'll credit you here by name (or anonymously, your choice). This is a community project. No monetary contributions are solicited or accepted.