Policy, People, and Ninja Warriors!

Title – Policy, People, and Ninja Warriors!
·         In this episode we’re gonna cover cloud impacts on insider threat, some ways to reduce insider risk, NINJIO Security Awareness, and more! Don’t touch that dial!
·         Intro
o    Welcome back! This is episode 3 of The Insider Threat podcast, for the week of May 29th, 2017.
·         Quick Announcements Segment
o    The continued feedback has been really great, especially those of you in the Cybersecurity community on Reddit. The biggest complaint I’ve received isn’t even really a complaint, which is that the podiant website doesn’t have the ability to listen at 1.5 or 2x the speed over the web. I know exactly what you guys are talking about. With something like 8 or 9 weekly podcasts that I listen to in addition to this show, my job, and my fairly large family, I have to do the same thing. There are only so many episodes that I can cram into the time that I am washing the dishes after dinner. The only option there is to listen through your favorite podcast app, so subscribe through iTunes, Stitcher, Pocket Cast, the Google Play Store, Overcast, or whatever you use. If you find that your app doesn’t have the show available, please let me know and I’ll see what I can do about getting it added. Again, please continue to listen, subscribe, rate, and review. I’ve gotten far more streams and downloads than I thought possible with only 2 episodes out, which shows that there’s a real need for information on this topic.
o    In addition, I ask that you guys send any insider threat stories that you may have. I’ll be sure to strip out any identifying details of course, but it would be nice to have some real world examples of some of the things we discuss.
·         Infosec Question of the Week
o    It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!
o    The question last week was “How did notorious hacker Kevin Mitnick know that federal agents were near his apartment?”
o    The answer was that he compromised the local cellular network and created an alert to let him know when the cell phones belonging to the agents on his case communicated with the nearby cell tower. The hashtag was actually relevant to the story, as the only thing that the agents found when they got to his apartment was a box of donuts in the refrigerator labeled “FBI Donuts”.
o    Congratulations to:
o    Pooran from Mumbai, India
o    Jake from Norwalk, Connecticut
o    Alyssa from Flagstaff, Arizona
o    Rich from Bedford, England
o    I’m going to mess this up. My French is as nonexistent as the prize… Rene’e from Chateauroux, France
o    And Bernie from Chicago, Illinois for getting the correct answer.
o    Here’s your question for this week: In the early 1970s, John Draper discovered that he could make free long distance calls by sending a certain tone through the phone. What did he use and where did he get it?
o    Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “breakfast”.
·         Articles
o    The first article this week comes from Jessie Bur at MeriTalk and it claims that cloud integration actually increases insider threat risk
o    This conclusion was drawn from a recent survey, where 59% of government employees that responded were concerned that migration to the cloud makes it more difficult to keep track of malicious or negligent users.
o    What I find really interesting about this idea is that many, if not most, of the tools today for tracking user behavior are either solely in the cloud or have the option to be implemented either in the cloud or on premises. If the findings of this survey are true, would putting more applications and services in the cloud only add to the problem or would it make things easier? At some point we are going to have different cloud applications and providers talking to each other in our environments and I’m afraid we will completely lose control and oversight of what they are doing.
o    This could become even worse, since President Trump is now pushing the federal government even more forcefully into the cloud with the new Cybersecurity executive order that was signed a few weeks ago. I’m not trying to be political or anything like that, but the push for cloud integration is strong. Vendors like Amazon, Microsoft, and others are making a good case for organizations to migrate their applications and services into the cloud, and those that don’t might feel like they are falling behind when compared to their competitors or peers.
o    The more complex we make our environments, the more risk we have. If we are adding complexity in order to minimize risk, that might be the wrong approach and what got us in whatever situation we are in to begin with. When you add more variables to the equation, the outcome will be harder to predict. Insurance companies and war strategists have been studying this concept for a really long time, so we have to assume that they are onto something.
o    Our next article comes from Scott Matteson at Tech Republic and lists 5 ways to reduce insider security risks
o    Assess access needs and build policies to determine what rights users and administrators should have, and adjust according to changes or new circumstances.
·         This is generally known as the concepts of least privilege and identity and access management, and it is a really important thing to do in our organizations. We need to ensure that users only have accesses and privileges needed for their current roles and this needs to be reviewed very regularly to make sure we stay on top of it. Another way to ensure this is being done is to integrate access review into onboarding and termination processes, but it also needs to be triggered when an employee changes roles. That is where most of us have the hardest time.
o    IoT devices can place the organization at exceptional risk via embedded credentials. Use analytics on these to determine normal behavior and detect anomalies.
·         In addition to extra oversight on these devices, we should also seriously consider network segmentation. The recent widespread malware infestation that we’ve had speaks to the fact that some organizations simply cannot get away from having vulnerable or outdated devices and operating systems in their environments. The best practice here is to isolate those devices so if they do become a problem, at least they won’t be able to serve as staging areas for accessing the rest of the network devices.
o    Use logging/alerting mechanisms to notify personnel about suspected attacks as early as possible to reduce risk.
·         This one is key, especially when it comes to insider threat. If we know that a phishing campaign or other human hacking attempt is going on in our organizations, timely communication with the user base might be the only thing that keeps you out of deep water. It also shows the employees that information security is an important part of the business as a whole and tells them that they are an integral part of the program.
o    Use separate accounts for administrators to perform routine tasks versus privileged operations.
·         I’m pretty sure this is best practice no matter where you go. There is no reason that I can think of for a system, network, or security administrator to be able to access the internet or email with their privileged accounts. Doing so greatly increases the threat landscape because if one of those accounts got compromised, attackers get the keys to the kingdom. On top of that, those accounts generally get around security controls by default, so something as simple as a malicious advertisement loading on a screen could allow the code to run as administrator and have a higher likelihood of success.
o    Background checks may provide some protection from malicious insiders (provided they have been caught in the past), but should not be seen as the end-all solution. Individuals with clean records can still be victimized via compromised accounts.
·         This last risk reduction tip is interesting, and I suspect it is something that is not universally done and in my mind there are different approaches. While discovery of some past crimes should probably deny employment altogether, some others might not fall into that boat. There are several successful information security professionals and consultants today that have a dark history, yet they have been able to move on to very successful and upright careers in our industry. Maybe the best route to take would be to weigh each case independently and if there is any suspicion about a particular person applying for a job, their access can be tightened and we can keep a closer eye on their behavior. Instead of being a binary yes or no for hiring, we can use that information as we tailor our monitoring strategy.
o    The next article comes from James Graves at ZoneFox.com and centers on the importance of good policy when it comes to insider threat
o    Security policy in general is viewed differently depending on who you ask. For this article, the author is specifically highlighting the need for an Insider Threat Policy.
o    So with this one, we talk about different important steps or tips for having an effective Insider Threat Policy.
o    The first one is defining the threat, as well as defining the policy.
·         Now this seems like a no-brainer, especially because we have a good idea of what the threat is – we know that insiders either intentionally or unintentionally do things that increase risk. That isn’t as easy to detail on paper though. An added note is that by taking the time to write or type out the definition of the threat for this policy, you get the added benefit of ensuring that you and everyone else in the organization has a standardized idea of what the insider threat is. You are identifying the problem in a public way, which will drastically help in the next step, which will be to find ways to solve that problem or at least minimize its impact on the organization.
o    Now we get to the meat of the policy, which is spelling out the actual rules when it comes to insider threat. The next tip will help with that, since it tells you that you have probably already done some of the work through your other policy or training.
·         You can look at places like the acceptable use policy, mobile device policy, access control policy, and so on. None of this has to be created on the spot, since it has likely been covered in other places in more detail. Another quick tip from me, and this goes for writing any security policy, is that you shouldn’t be so detailed in these policy statements that you have to modify more than one policy when a single change is made. Instead of copying and pasting policy language from one document to the other, you can simply give an overview of the other policy and direct employees to look there for the details. These callouts for other documents will save you an incredible amount of time later.
o    The next tip says that with context comes clarity.
·         There is a sentence from this article that I feel needs to be quoted. It says, “Security policies, and therefore insider threat policies, are not created for the benefit of the cybersecurity team, they are created for the benefit of the organization as a whole, and anyone in it.”
·         That is huge and this idea should ring through all the policy you write. If you are able to communicate to the readers that the rules outlined in the policy aren’t just some requirements from the security team, but instead that they are meant for everyone to be successful, that will help them to see the importance more clearly. Tell them how insider threat impacts not only their job as a whole, but their success in accomplishing the key components of their job.
o    People will sometimes intentionally or unintentionally do things that they shouldn’t. We are all human. This next tip, enforcing the policy with technology, is one way to either ensure that doesn’t happen or give you the capability to discover and respond when it does.
·         On top of your policy and various training programs, many organizations see the need to compensate their program with tools. When it comes to insider threat, the common technology used is user behavior analytics.
·         Last week we spoke about Observe IT and their product that allows administrators to monitor user behavior and identify abnormalities. Think of this as the door locks and alarm systems of your home. Even though we have laws and cultural norms that dissuade people from breaking and entering while you are away or asleep, you need to have physical and technical barriers to keep people out that have chosen to disregard the law and morality in general. User behavior analytics solutions are a good way to do that for insider threat.
·         When you highlight these technologies in your policy, it lets the people in your organization know that although we expect them to do the right thing, we are actively inspecting what we expect.
o    Lastly, we have to integrate the policy compliance with the existing business compliance strategy. In order for policy to be effective, it must have teeth. I’ve heard it said that policy without teeth is just words on a page.
·         If someone performs an act or exhibits a behavior that does not align with the policy, there has to be a way to reprimand or otherwise punish them. This serves as a deterrence just as much as it does a consequence. Aside from moral reasons, a major deterrence for breaking into a house is the knowledge that I will get in trouble if I get caught. If you are implementing a tool effectively, as mentioned in the last tip, they already know that they will probably get caught.
·         Aligning insider threat policy enforcement with the more traditional enforcement strategy that the organization uses will make it easier to accomplish if an incident arises, and it also gives employees a mental reference point for unacceptable behavior. They can expect similar consequences for punching their boss in the face as they would violating a key security policy.
o    One thing I would add to this list is something that I stress for all security policy, which is management support. When the executives are on your side, that means they understand the impacts of information security risk and its relationship to business risk. That is language they speak regularly, and they will probably do so very often. When the boss cares about it, everyone under them has no choice but to care as well.
·         Vendors
·         NINJIO https://ninjio.com
o    Not a sponsor of the show
o    From their website – NINJIO attacks end user Security Awareness in a different way.  We don’t lecture your users.  We entertain and educate them by telling stories about real life security breaches that have happened to real life companies.  We do this using 3-4 minute long animated and gamified Episodes written by Hollywood writers, and we focus on one teachable moment around one specific type of attack.  A new Episode is released every 30 days, so your users will never see the same Episode twice.  It’s like “drip marketing” for Security Awareness.
o    How it works is they create user accounts for your organization’s employees in their online learning management system. Every 30 days they send emails to your employees letting them know that a new lesson is available, then they complete the video or lesson and get placed on a leaderboard for your organization. The lessons are specifically tailored to address current threats around the world.
o    They have different deployment options available as well.
o    I have been very excited about NINJIO for quite some time. I’ve chatted with their CEO once or twice and I really like the approach they’re taking to help solve the insider threat problem.
o    They have a few samples of the videos available on their website, and I strongly suggest that you go check ’em out. Even if you don’t think you have a problem with your existing awareness program, it helps to see how others are finding creative ways to communicate the information. They’re pretty entertaining, too.
o    If you decide that you want to know more about their product, let them know. Everyone I’ve been in contact with at NINJIO has been really helpful and responsive.
o    I’ve left a link to their website, as well as the articles covered in this episode in the show notes.
·         Thought of the Week Segment
o    Now it is time for our thought of the week. This one comes from Douglas Horton, who said “The art of simplicity is a puzzle of complexity”
·         Outro
o    Thank you for listening to episode 3 of The Insider Threat podcast. Please remember to review and subscribe in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions and constructive criticism.
o    You can contact me on twitter @stevehigdon or email me at theinsiderthreatpodcast@gmail.com.
o    Thanks again and I’ll see you folks next time!

Wanna Bring Down the Globe

Title – Wanna Bring Down the Globe?
·         In this episode we’re gonna give a recap of the Wanna Cry ransomware, talk about insider threat in health IT security, Observe IT User Behavior Analytics, and more! Don’t touch that dial!
·         Intro
o    Welcome back! This is episode 2 of The Insider Threat podcast, for the week of May 22nd, 2017.
·         Quick Announcements Segment
o    We have gotten some really great feedback from the first episode, and I urge you to keep it up. In the future, I plan on having some guest interviews, to include folks from the industry and vendors who have a solution for tackling insider threat. Please continue to provide as much feedback as possible, as this is your show and you should be helping to drive its direction for the future.
·         Infosec Question of the Week
o    It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!
o    Here’s your question: How did notorious hacker Kevin Mitnick know that federal agents were near his apartment?
o    Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “colddonuts”.
·         Articles
o    As a recap of the WannaCry ransomware attack that plagued the world and our news feeds over the past week, there are claims that the initial infection of the worm was carried out by a malicious email attachment
o    An estimated 200,000 computer in 150 countries were infected
o    At one point, there was a DDoS against the server that was being used by the attackers for the decryption process, so victims who had already paid the ransom were out the money and still couldn’t access their files
o    The spread of the attack was stopped when a security researcher that goes by the name MalwareTech registered the domain address that was being used as a kill switch. Basically when the malware infected the system, one of the first things it did was try to communicate with the unregistered domain name. As long as it wasn’t active, it continued through the infection, propagation, and encryption. By the way – if you are in the media and you encounter someone in the security industry who wishes to remain nameless, please respect that.
o    The reason this worm was so impactful to begin with was the high number of legacy operating systems being used throughout the world. In many cases it was people who were using unlicensed copies of windows and were too afraid to update their computers because they didn’t feel like going through the steps to re-crack their windows version.
o    Researchers who have reverse engineered the malware claim that it was probably a product purchased and modified by amateurs, as it was poorly designed and appeared to be comprised of bits of code from other malicious tools literally copied and pasted together.
o    I’ve also included a link in the show notes to another piece of malware called Adylkuzz that is using the same vulnerability as WannaCry, but instead of encrypting your files it mines a cryptocurrency called “Monero”. For those who don’t follow cryptocurrency, Monero is a lesser known digital currency than bitcoin or ethereum. I wasn’t able to find any indication that this malware used phishing for infection, but I wouldn’t be surprised.
o    This entire episode with both worms just goes to show that we need to be teaching our employees to verify senders, links, and attachments before opening things that they shouldn’t. https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar
o    Information Age Website – Cyber security professionals “admit to paying ransom”
o    Bromium, a security tool vendor that specializes in virtualization-based enterprise security that stops advanced malware attacks, announced the findings of their research conducted at the recent RSA Conference.
o    During the research, they surveyed security professionals on their own behavior. According to that survey, about 10% of security professionals admit to paying ransoms and not disclosing the incident to their bosses or anyone else in their organizations.
o    We have spoken about insider threat and ransomware already, but that typically involves users clicking on links or attachments. We haven’t yet however covered the human factor of security professionals and their own motivations behind their actions.
o    It is important here to remember that absolutely everyone involved in security – from the end users to executive management – is human. Just like everyone else, those of us in security are equally concerned about our own jobs. If you were to accidentally infect your corporate workstation with some sort of malware, would you go through the standard incident response procedures or would you find a way to take care of it yourself? This is an important question to ask, because the same fear of reprisal is what often drives the decisions of our users.
o    The study also claims that about 35% of security professionals admit to bypassing their own corporate security settings, but that one isn’t as much of a surprise to me. We often have to make configuration changes in the course of our day-to-day work and it isn’t malicious in nature. On the other hand, if this is being done in order to circumvent security controls for reasons outside of their normal job scope, this can be a very bad thing and we should know better.
o    Health IT Security website – 67% of Security Teams Say Insiders Top Data Security Threat
o    The author quoted findings from a survey conducted during the 2017 Secure Access Threat Report
o    Over 2/3 of security professionals surveyed believed that either malicious or unintentional acts from insiders were the greatest security threat to organizations
o    There were some other really good statistics in that article, so I will leave a link to it in the show notes. I won’t swear to the accuracy of the survey, though. Between us, some of the math just doesn’t seem to add up. But in all fairness, that could certainly be attributed to my own arithmetic deficiencies.
o    So I heard from another information security professional this past week that during an internal phishing campaign, 80% of the users clicked on the link in the email. That said, I’m not sure if the source of the email was internal or external, but that’s a pretty high percentage, especially when you take into account that there were about 2000 users in the organization. What can we do differently to get the point across? If you were in the situation I just described, what would be your next step? Do you start including things like this in employee annual performance reviews? Do you repeat the process until you can identify habitual offenders and use that information to focus your oversight strategy? Just some thoughts.
o    SC Magazine – Insider threat faces $300K fine for hacking former employer
o    So Yovan Garcia was caught hacking his employer’s website to adjust his overtime hours and they took him to court, claiming $318,661.70 worth of damages. The judge ruled in favor of the company, named Security Specialists, and he is going to have to work many extra overtime hours to pay up, that is if he is able to get a job after this.
o    On top of all that, after Garcia was fired from his company, he started his own consulting firm and sold a knock-off version of the software that his old employer developed.
o    When we trust our system, network, and even security administrators with privileged access to our environments, we can’t just assume that they are the “good guys”. Even people who should know better have the ability to make mistakes or cross the ethical line. It doesn’t preclude them from the same stringent oversight and separation of duties strategies that every other employee must adhere to. Actually, we might want to pay even closer attention to those who have admin rights to the systems or network. In this case, he probably thought that he could get away with it because of an assumption that nobody was watching.
o    Our last article today was written by Dr. Jessica Barker, who runs a security consultancy and, with a background in sociology, specializes in the human side of security.
o    She says that we often fail to acknowledge that there is an excessive security burden placed on the people using technology and that we don’t take the time to bridge the gap and see the overlaps between the human and technical vulnerabilities in our organizations.
o    We spend quite a bit of time with the hardening of our software, hardware, and networks, but we don’t spend nearly enough time hardening our people and culture and “the responsibility is on all of us to work towards the creation of a positive and empowering environment”.
o    I really like the approach that Dr. Barker uses when trying to address the human side of security, and one day I would really like to try to get her on the show to talk about it more. Sometimes we place too much emphasis on the security processes and technologies in our organizations as a band aide for the real problem, which is that users either don’t understand the security impacts of their actions or they simply don’t care.
o    As always, the links to these articles will be placed in the show notes.
·         Vendors
·         Observe it http://observeit.com
o    Not a sponsor of the show
o    From their website – ObserveIT empowers organizations to precisely identify and proactively protect against malicious and negligent behavior of everyday users, privileged users and remote vendors. They significantly reduce security incidents by changing user behavior through real-time education and deterrence coupled with full-screen video capture of security policy violations. This cuts investigation time from days sifting through logs to minutes of playing back video.
o    Some of the key features are session recording, alerting, risk dashboards, behavior management, shared account identification, and privacy protection.
o    This solution can be used to observe and record user actions to ensure that they are not violating the organization’s acceptable use policy during the course of their work day.
o    We spoke earlier about trusting privileged users with elevated access without periodically verifying that they aren’t doing the wrong thing. This tool can also be used for that purpose.
o    When it comes to service contracts with vendors, Observe it can be used to remotely watch third-party personnel and ensure that they are doing what they are contracted to do and billing labor hours accurately.
o    Finally, Observe it can be used for regular compliance requirements when it comes to auditing. It isn’t just generating logs of user actions on systems and the network – it is recording everything they do. This capability will certainly help with providing evidence of wrongdoing after a malicious act has occurred.
o    The first thing I was thinking about when researching this product was privacy. Well, they have thought of that, too. You can configure the system to require multiple unique passwords in order to play back the recorded sessions. In this case, you would have someone from Observe it enter their password, then a union representative or someone from legal enter theirs.
o    What do you think? Could you use this tool in your environment in order to help combat the risks associated with insider threat? Would you use this as your go-to solution or pair it with your security awareness training program?
·         Thought of the Week Segment
o    Our thought of the week comes from Dr. Jessica Barker when she was speaking to Microsoft earlier this year – “If you engage in changing your culture, if you engage in empowering your staff… then people go from being the weakest link to the biggest part of defense”
·         Outro
o    Thank you for listening to episode 2 of The Insider Threat podcast. Please remember to subscribe, rate, and share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions and constructive criticism.
o    You can contact us on twitter @stevehigdon or email us at theinsiderthreatpodcast@gmail.com.
o    Thanks again and I’ll see you folks next time!

Hello World

o    Welcome to episode 1 of The Insider Threat podcast.
o    This is the week of May 15th, 2017.
o    I’m your host, Steve Higdon.
·         Quick Announcements Segment
o    First episode
o    This all started a long time ago when I began writing blog posts and articles centered on selling information security to business minded people. That got me going down the rabbit hole of how to influence the people that impact security.
o    Then I started seeing headlines all over the place claiming that insider threats or the human factor was the weakest link in organizations.
o    Heck, a quick google search right now shows headlines claiming that “insiders are today’s biggest security threat”, “insider threats responsible for 43% of data breaches”, “58% of Information Security Incidents Attributed to Insider Threat”, and the list goes on.
o    I’ve heard the hosts of Paul’s Security Weekly podcast (and by the way, if you don’t listen to them and you are in this industry, you really need to. In fact, you have my permission. Pause this episode and subscribe to their shows right now. I’ll wait.), so anyway, they said that when they go out on pentests they often suggest to their clients that they start with the assumption that they have already infiltrated the network because if they do a simple phishing campaign, one in ten employees is going to click on the link or open the attachment. Making this assumption would save everyone time and money.
o    The topic of insider threat has almost become a marketing buzzphrase now. There are several new products on the market in the areas of user behavior analytics, data loss prevention, machine learning, and artificial intelligence. Now if any of you are working on your bingo cards, they should be just about filled up.
o    On a serious note though, this certainly is a problem and there are multiple types of solutions on the market to address it. That is what this podcast is gonna be about.
o    I really want your listener feedback on this. What are you doing in your organization to deal with the human factor? What do you wish you were able to do? Please leave comments at the link in the show notes or contact me directly on twitter or email. I’ll give you that information at the end of the episode. Not only will your feedback give me more to talk about on the show, but it will also help others in the industry who are trying to tackle the same problem. Who knows, I may even be able to do some shout outs to you all if commentary becomes a regular thing.
·         News Segment
o    Articles
·         SC Magazine UK – Max Metzger – Hospitals turn patients away as NHS caught up in global ransomware attack
·         WannaCrypt0r, one of the largest ransomware attacks ever occurred on Friday, May 12th, 2017, and is reported to have effected organizations in almost 99 different countries across the globe.
·         The virus first hit headlines as it knocked computers offline at the National Health Service, which is the public health organization for England, Scotland, Wales, and Northern Ireland. On Friday, news agencies all over the UK were urging citizens to avoid the emergency room at all costs.
·         There are also reports that the virus exploited known vulnerabilities that were recently leaked by the National Security Agency in the United States.
·         The kicker here is that patches for those vulnerabilities were actually released by Microsoft in March, which means that any organizations that were impacted did not apply patches in just over two months.
·         What does this have to do with insider threat? Well ransomware is often spread through email with malicious links or attachments. In fact, the article even mentions that initial thoughts were that the ransomware was being spread through an email that was labeled “Clinical Results”.
·         This just goes to show that risks associated with insider threat are real and current. International investigations related to this major incident are still underway.
·         Infosecurity Magazine – Driving a Culture of Security – Tips For The CIO by Julian Wragg VP at Pluralsight
·         Pluralsight is an online technology learning platform. They aren’t a sponsor or anything, I just wanted to give you all some background about the author.
·         This article lists 5 ideas for improving security culture.
·         Get with HR Write more effective policy that people will understand
·         Invest in role specific training
·         Invest in your team’s skillset – internal penetration testing
·         Create engaging content – make training more enjoyable
·         Lead by example – executive management support and culture
·         The thing that I found interesting is that none of these tips were focused on tools, which I suppose makes sense because it is based on improving the security culture of an organization. I will leave a link to this article in the show notes for anyone who wants to read it.
·         So far this episode we have highlighted the two major philosophies for dealing with insider threat – technology and training. What do you think about this article? Do you agree?
·         Feedback Segment
·         Thought of the Week Segment
If you want to change the culture, you will have to start by changing the organization.     
Mary Douglas
·         Outro
o    Thank you for listening to episode 1 of The Insider Threat podcast. Please remember to subscribe, rate, and share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions and constructive criticism.
o    You can contact us on twitter @stevehigdon or email us at theinsiderthreatpodcast@gmail.com.
o    Thanks again and I’ll see you folks next time!